Learn hacking 2.00 Reconnaissance

Hi everyone,

Now that we have everything set up, we will start hacking!

The first phase of hacking is reconnaissance, This phase is very important because knowledge is power! In this phase, you want to know everything you can about your target because the more you know the better you can exploit it! This is the starting point, like in everything, you need a good base to go strong!

---

We can split reconnaissance in two types, passive and active.

Passive reconnaissance is when we use public knowledge to learn and deduct information about the company. You don't interact with the target.

Active reconnaissance is the part where you interact with the target. Because of this interaction it's more noticeable by the target so you need to be careful in a real world scenario!

---

Passive reconnaissance: How do we proceed?

You can do your research in any order it doesn't matter, I'm giving few examples I use and feel free to be creative and find other ways! Ask yourself, what you can get from the website. The physical address, the IP's, if they have job offers (you can browse them and see what kind of technology they use). If they search an expert in WordPress or anything related to this technology, well, you know they use it!

Sometimes you can find a list of employees. You can then find them on Linked-In or Facebook. Same thing here, if you see in the profile that the person is a Java expert, you can deduce they use Java somewhere! With social media you can even find physical addresses, phone numbers, emails, family links and lot of information for social engineering (social engineering is another huge topic I will cover later, in short it's taking advantage of people for example: spam, phishing...)!

Here are some tools I like to use for passive reconnaissance:

• Google search/google dorks
• Maltego
• Whois/Dnsstuff.com
• nslookup
• netcraft

After you have all this information you will want to organize it!

---

Active reconnaissance

This is the part where we start interacting with the target. In another tutorial, I will use the tool Nmap to demonstrate multiple techniques to gather information from the target. For this part, you want to send pings, do some tcp scans (see this article https://steemit.com/hack/@pierlave/understand-tcp-3-way-handshake), send some requests if it's a website and try to find what operating system and services the target is running. However, the active techniques are more "loud" so you can be discovered, you need to proceed with care in a real world scenario!

---

In this article, we saw passive and active reconnaissance.
In the next articles I will show you how some of the tools work!

Feel free to ask questions and share some knowledge if you have other tools!
Keep learning!

The information provided on hacking is to be used for educational purpose only. The creator is in no way responsible for any misuse of the information provided. All the information provided is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word "Hacking" should be regarded as "Ethical hacking". You implement the information given at your own risk

@pierlave

Written with StackEdit.