SlideShare a Scribd company logo

Lab: Basic Reconnaissance

Download as DOCX, PDF
N
Nicole Gaehle, MSIST

To learn the basics of information gathering as the first series of steps in penetration testing. Understand the basics of utilities such as “ping” and “tracert”. Understand the basics of Domain Name System (DNS) and “whois”. Familiarize ourselves with “dig,” a command line utility that is part of the BIND framework for DNS servers

Technology
1 of 5
INFSYS3848/6828 LAB: BASIC RECONNAISSANCE Page 1 of 5 POINTS POSSIBLE: 100 DUE DATE: APRIL 15, 2016 by 11:59PM centraltime SPECIAL NOTE: The TASK2 Portion of this lab MUSTbe carried out in the Virtual Lab (accessible through https://tritonapps.umsl.edu) forthiscourseonly.Pleasecontactme as soon aspossible if you do nothaveaccessto virtual lab. PLEASE: 1. DO NOT DELETE/MODIFY any fileson the target machines.If youdelete filesor make the machinesotherwise unavailable,yourclassmatesmaynot be able to finishthe assignmentontime. PLEASE BE COURTEOUS. 2. Feel free to use any resource you wishto research the toolsand answersto lab questions.However, write your answers in your ownwords. I will grade based how completeyour answers are. That is,whether you took the time to learn! 3. NOTE: This labrequires INDIVIDUAL work. Discussionsforthe sake of learning are fine andencouraged. Lab Overview: A potential attackeroftenbeginsbygatheringasmuchinformationaboutatargetas possible.Thisisthe case forboth malicioushackingandethical hacking(penetrationtesting).Thus,itisessential forInfoSec professionals tohave asolidfoundationinreconnaissance frombothperspectives.A greatdeal of informationonapotential targetcanbe gatheredthroughpubliclyavailable sourcesandlegitimate tools. The thingswe will dointhislab themselvesare reallybasic.The ideaisyouspendtime learningabout the backgroundon whatthese toolsaccomplishandhow.Soplease payattentiontoTask1 and do complete the requiredreadings/videos. Lab Purpose: 1. To learnthe basicsof informationgatheringasthe firstseriesof stepsinpenetrationtesting 2. Understandthe basicsof utilitiessuchas“ping” and “tracert” 3. Understandthe basicsof DomainName System(DNS) and“whois” 4. Familiarize ourselveswith“dig,”acommandline utilitythatispartof the BINDframeworkfor DNS servers Lab Tasks: There are twotasks forthislab: Task1 and Task 2. TASK 1 Before proceedingwith task2, please familiarize yourself withthe following basicconcepts: 1. “Whois”: http://en.wikipedia.org/wiki/Whois (veryquick skimthrough)
INFSYS3848/6828 LAB: BASIC RECONNAISSANCE Page 2 of 5 a. Visitanyone of these sitesandtry lookingup infoondomainnamesyouknow of…(try example.comorgoogle.comorperhapseven umsl.edu) i. http://www.domaintools.com/ ii. http://whois.net/ iii. http://www.networksolutions.com/whois/index.jsp b. If you wishyoumay use the “whois”tool fromthe commandline inyourUbuntu installations (the one we didforLab1). Simplytype the followingatthe command promptwhois domainname (replace domainnamewithanactual domainname such as google.com). i. If “whois”is notinstalled,youcouldeasilyinstall itusingapt-get(orgoogle for instructions) 2. DomainName System(DNS) Conceptstoknow: a. Domainsandsub-domains b. How DNSqueries work c. DNS Zones,Delegation,ZoneTransfers DNS INFORMATION LINKS: Please gothroughthese inorder. 1) Basics:How DNS Worksby Barry Brown,watch entire playlist(especiallyforpeople with no networkingbackground) http://www.youtube.com/playlist?list=PL5DDE6309C9057EEA 2) Re-cap: http://www.youtube.com/watch?feature=player_detailpage&v=ZBi8GCxk7NQ#t=13 3. DNS tools a. NSLOOKUP b. DIG 4. NetworkScanningtools a. NMAP(visithttps://nmap.org/book/toc.html tolearnasmuchas youcan, try their “IntroductionandOverview section,it’sinterestingandwill giveyouanideaon Pentesting) TOOLS INFORMATION LINKS: 1) Overviewof commonnetworkutilitiesinLinux: http://www.youtube.com/watch?v=CigJXmUYXJY#aid=P9hrcMoKTHw 2) Overviewof DIG: http://www.youtube.com/watch?v=EMyVSyWXnak 3) Thisone cannot be carriedout in ourvirtual labbut isworth a watch to learnabout the dangersof DNSzone transfers: http://www.youtube.com/watch?v=bdHl- w3V_4w (SecurityTube.netVideo,showsafull zone transfer…yesthe accentis Indian). a. Obviously,please donot try this on any real target, eventhoughthe video showsthe personblatantlydoingso! I familiarizedmyself withall linksprovidedabove.
INFSYS3848/6828 LAB: BASIC RECONNAISSANCE Page 3 of 5 TASK 2: Imagine youare a penetrationtesterandyouare on assignmenttofindandreportvulnerabilitiesin your client’sdatanetworkandhostswithinit.There are differentlevelsof informationprovidedto penetrationtestersuponassignment.Sometimesthe clientsprovide the entire networkstructure and informationonall hosts.Atothertimesthe clientdoesnotprovide anythingandessentiallyasksthe testersto“hack in” justas a real hackerwould. In thislab,all you knowabout yourclientistheirwebaddress http://www.foo.com andare tryingto beginthe processof finding vulnerabilities.The firststeptofindingvulnerabilitiesistocarry out “footprinting”reconnaissancetofigure outjustwhatour “attack surface”lookslike. In thislabwe will learnthe mostbasicsof footprinting.We will learnaboutactuallyfinding vulnerabilitiesinlaterlabs. GETTING READY FOR THE EXERCISES 1) Loginto the Virtual Lab (instructionsonMyGateway/Docs&Assignments/Assignmentsand Quizzes/). 2) Performthe exercisesgivenbelow withinyourKali Linux Machine (deliveredtoyouonce you finishloggingintothe virtual lab) EXERCISE 1: One verysimple tool tofigure outif a “host” (anydevice withanaddressona network) isturnedonand communicatingoverthe networkis“PING.” Of course,systemadministratorscanpreventhostsfrom respondingtopings. DO: 1) Checkout the website: InKali,openup the browser(Iceweasel,tinyglobe like iconintopleft). In the addressbar type the URL http://www.foo.com tonotice thatthere isa site configured withthat domain. 2) Openupthe commandline on Kali and ping(ping domainname i.e. ping www.foo.com) the above domain.Afterafew echoeshit“CTRL+C” to cancel the pingprocess. Obviously,thiswebsite isrunningonaserverandif the site isonwe did notreallyneedtoping it to findif “itisup.” The pingdoesgive ussome basicinformation. EXERCISE 1 QUESTIONS Q 1.1) Is the computer correspondingto the domainname onand communicating?(YES/NO) Yes Q 1.2) Whatis the IP version 4 address of thiscomputer?
INFSYS3848/6828 LAB: BASIC RECONNAISSANCE Page 4 of 5 192.168.2.5 Q 1.3) Whatdid we “attackers” learn from this simpleprocedure? (Be sure to read aboutping,what it reveals (beyondthe IP address),whether it isgood or badto enable pingresponses or whether it doesn’tmatter. Hint: start with findingoutwhat underlyingprotocol isused for pings.) We learnedthatwhenwe pinganIP addressitbringsback how longit takesforyour computer to communicate withthe serverandthe speedittakes.The underlyingprotocol isICMP (InternetControl Message Protocol).Usingthe pingoptionisgoodforattackersto do sothey understandhowthe serverworks. EXERCISE 2: In thisexercise we will use atool availableonmost*nix platformsforobtainingDNSinformation,called DIG. Similarfunctionalityisavailable throughtoolssuchas“NSLOOKUP”(alsoavailable onWindows) and “HOST”. Here we focuson “DIG”. DO: (ifyou haven’twatched the videoson DIG mentionedabove,please doso) At the commandline inKali,issue asimple digcommandforthe above domain: dig www.foo.com EXERCISE 2 QUESTIONS Q 2.1) Examinethe QuestionSectionin the output ofthe abovecommand.What“question” didwe ask in thisquery? We askedwhatthe domainname serveris. Q 2.2) Examinethe Answer Section. a. Whatis the IP (version4) addressassociatedwith that name? 192.168.2.5 Q 2.3) Examinethe AuthoritySection.What type ofrecord is returned here? What isthe nameof the name server associatedwiththis domain? (Don’tbe confusedwithits name, it does notmatter what it is called,simplyreport the name in the record type NS) a. Routerinformationisreturned. b. Router1.infosys.com& router1.foo.com Q 2.4) Examinethe Additional Section.Whatisthe IP address ofthe name server? 192.168.1.254 & 192.168.2.254 WRAPPING UPYOUR LAB SESSION: Once you have carried out all exercises,please followthese stepscarefully:
INFSYS3848/6828 LAB: BASIC RECONNAISSANCE Page 5 of 5 1. Simplyclose the “Remote Desktop” windowby clicking on the “X” inthe blue title bar. a. No needto shut down the Kali Machine 2. You’re done and thank you. --End lab -- LAB DELIVERABLES: 1) Please carryout all tasksas requestedincludingreading/watchingvideosunder“Task1”. 2) Please alsoconductthe exercisesunder“Task2” and provide completeanswerstothe questionsundereachexercise.NOTE:There isa “rightanswer”to most of these questions.Iam lookingforcomplete answersandinparticularyourinsightaboutthese exercises. 3) Type your answers in a separate document.Note thatyou will notbe able to copy paste betweenyourKali machinesandyourcomputer. Youwill have totype youranswersin. 4) Name yourdocument“FirstName_LastName_Assignment4” 5) Submitcompleteddocumentthrough MyGateway. GETTING HELP: Call me (314-489-9733) / email (shajikhan@umsl.edu) anytime.Formore detailedhelp,pleasesee me duringoffice hours orsetupappointment.Tutorsare alsoavailable.

Recommended

Active Web Development
Active Web DevelopmentActive Web Development
Active Web Development
Divya Manian
 
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00t
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00tDefcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00t
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00t
pseudor00t overflow
 
Unit testing for the TYPO3 4.x core
Unit testing for the TYPO3 4.x coreUnit testing for the TYPO3 4.x core
Unit testing for the TYPO3 4.x core
Oliver Klee
 
Lab3 advanced port scanning 30 oct 21
Lab3 advanced port scanning 30 oct 21Lab3 advanced port scanning 30 oct 21
Lab3 advanced port scanning 30 oct 21
Hussain111321
 
Os Leventhal
Os LeventhalOs Leventhal
Os Leventhal
oscon2007
 
HPC and HPGPU Cluster Tutorial
HPC and HPGPU Cluster TutorialHPC and HPGPU Cluster Tutorial
HPC and HPGPU Cluster Tutorial
Dirk Hähnel
 
Ccna labs-udemy
Ccna labs-udemyCcna labs-udemy
Ccna labs-udemy
Gunter Bravo
 
How Many Slaves (Ukoug)
How Many Slaves (Ukoug)How Many Slaves (Ukoug)
How Many Slaves (Ukoug)
Doug Burns
 

Recommended

Active Web Development
Active Web DevelopmentActive Web Development
Active Web Development
Divya Manian
 
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00t
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00tDefcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00t
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00t
pseudor00t overflow
 
Unit testing for the TYPO3 4.x core
Unit testing for the TYPO3 4.x coreUnit testing for the TYPO3 4.x core
Unit testing for the TYPO3 4.x core
Oliver Klee
 
Lab3 advanced port scanning 30 oct 21
Lab3 advanced port scanning 30 oct 21Lab3 advanced port scanning 30 oct 21
Lab3 advanced port scanning 30 oct 21
Hussain111321
 
Os Leventhal
Os LeventhalOs Leventhal
Os Leventhal
oscon2007
 
HPC and HPGPU Cluster Tutorial
HPC and HPGPU Cluster TutorialHPC and HPGPU Cluster Tutorial
HPC and HPGPU Cluster Tutorial
Dirk Hähnel
 
Ccna labs-udemy
Ccna labs-udemyCcna labs-udemy
Ccna labs-udemy
Gunter Bravo
 
How Many Slaves (Ukoug)
How Many Slaves (Ukoug)How Many Slaves (Ukoug)
How Many Slaves (Ukoug)
Doug Burns
 
Sensepost assessment automation
Sensepost assessment automationSensepost assessment automation
Sensepost assessment automation
SensePost
 
INTRODUCTION TO MACHINE LEARNING FOR MATERIALS SCIENCE
INTRODUCTION TO MACHINE LEARNING FOR MATERIALS SCIENCEINTRODUCTION TO MACHINE LEARNING FOR MATERIALS SCIENCE
INTRODUCTION TO MACHINE LEARNING FOR MATERIALS SCIENCE
IPutuAdiPratama
 
Better Functional Design through TDD
Better Functional Design through TDDBetter Functional Design through TDD
Better Functional Design through TDD
Phil Calçado
 
Hol 1940-01-net pdf-en
Hol 1940-01-net pdf-enHol 1940-01-net pdf-en
Hol 1940-01-net pdf-en
dborsan
 
OSINT Tool - Reconnaissance with Recon-ng
OSINT Tool - Reconnaissance with Recon-ngOSINT Tool - Reconnaissance with Recon-ng
OSINT Tool - Reconnaissance with Recon-ng
Raghav Bisht
 
Bettercap
BettercapBettercap
Bettercap
Rajivarnan (Rajiv)
 
Version Control in Machine Learning + AI (Stanford)
Version Control in Machine Learning + AI (Stanford)Version Control in Machine Learning + AI (Stanford)
Version Control in Machine Learning + AI (Stanford)
Anand Sampat
 
Spaghetti gate
Spaghetti gateSpaghetti gate
Spaghetti gate
Jon Bachelor
 
Netw 208 Success Begins / snaptutorial.com
Netw 208 Success Begins / snaptutorial.comNetw 208 Success Begins / snaptutorial.com
Netw 208 Success Begins / snaptutorial.com
WilliamsTaylor65
 
Shorten Device Boot Time for Automotive IVI and Navigation Systems
Shorten Device Boot Time for Automotive IVI and Navigation SystemsShorten Device Boot Time for Automotive IVI and Navigation Systems
Shorten Device Boot Time for Automotive IVI and Navigation Systems
National Cheng Kung University
 
Deploying Foreman in Enterprise Environments
Deploying Foreman in Enterprise EnvironmentsDeploying Foreman in Enterprise Environments
Deploying Foreman in Enterprise Environments
inovex GmbH
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
Mário Almeida
 
Code Retreat
Code RetreatCode Retreat
Code Retreat
Igor Popov
 
Velocity 2015: Building Self-Healing Systems
Velocity 2015: Building Self-Healing SystemsVelocity 2015: Building Self-Healing Systems
Velocity 2015: Building Self-Healing Systems
SOASTA
 
Velocity 2015 building self healing systems (slide share version)
Velocity 2015 building self healing systems (slide share version)Velocity 2015 building self healing systems (slide share version)
Velocity 2015 building self healing systems (slide share version)
SOASTA
 
Building Apache Cassandra clusters for massive scale
Building Apache Cassandra clusters for massive scaleBuilding Apache Cassandra clusters for massive scale
Building Apache Cassandra clusters for massive scale
Alex Thompson
 
Operationalizing Clojure Confidently
Operationalizing Clojure ConfidentlyOperationalizing Clojure Confidently
Operationalizing Clojure Confidently
Prasanna Gautam
 
FireWorks overview
FireWorks overviewFireWorks overview
FireWorks overview
Anubhav Jain
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
jeffreye3
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
edgar6wallace88877
 
Understanding Vulnerabilities in Software
Understanding Vulnerabilities in SoftwareUnderstanding Vulnerabilities in Software
Understanding Vulnerabilities in Software
Nicole Gaehle, MSIST
 
Familiarizing with a major ISMS Standard
Familiarizing with a major ISMS StandardFamiliarizing with a major ISMS Standard
Familiarizing with a major ISMS Standard
Nicole Gaehle, MSIST
 

More Related Content

Similar to Lab: Basic Reconnaissance

Better Functional Design through TDD
Better Functional Design through TDDBetter Functional Design through TDD
Better Functional Design through TDD
Phil Calçado
 
Version Control in Machine Learning + AI (Stanford)
Version Control in Machine Learning + AI (Stanford)Version Control in Machine Learning + AI (Stanford)
Version Control in Machine Learning + AI (Stanford)
Anand Sampat
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
Mário Almeida
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
jeffreye3
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
edgar6wallace88877
 

Similar to Lab: Basic Reconnaissance (20)

Sensepost assessment automation
Sensepost assessment automationSensepost assessment automation
Sensepost assessment automation
 
INTRODUCTION TO MACHINE LEARNING FOR MATERIALS SCIENCE
INTRODUCTION TO MACHINE LEARNING FOR MATERIALS SCIENCEINTRODUCTION TO MACHINE LEARNING FOR MATERIALS SCIENCE
INTRODUCTION TO MACHINE LEARNING FOR MATERIALS SCIENCE
 
Better Functional Design through TDD
Better Functional Design through TDDBetter Functional Design through TDD
Better Functional Design through TDD
 
Hol 1940-01-net pdf-en
Hol 1940-01-net pdf-enHol 1940-01-net pdf-en
Hol 1940-01-net pdf-en
 
OSINT Tool - Reconnaissance with Recon-ng
OSINT Tool - Reconnaissance with Recon-ngOSINT Tool - Reconnaissance with Recon-ng
OSINT Tool - Reconnaissance with Recon-ng
 
Bettercap
BettercapBettercap
Bettercap
 
Version Control in Machine Learning + AI (Stanford)
Version Control in Machine Learning + AI (Stanford)Version Control in Machine Learning + AI (Stanford)
Version Control in Machine Learning + AI (Stanford)
 
Spaghetti gate
Spaghetti gateSpaghetti gate
Spaghetti gate
 
Netw 208 Success Begins / snaptutorial.com
Netw 208 Success Begins / snaptutorial.comNetw 208 Success Begins / snaptutorial.com
Netw 208 Success Begins / snaptutorial.com
 
Shorten Device Boot Time for Automotive IVI and Navigation Systems
Shorten Device Boot Time for Automotive IVI and Navigation SystemsShorten Device Boot Time for Automotive IVI and Navigation Systems
Shorten Device Boot Time for Automotive IVI and Navigation Systems
 
Deploying Foreman in Enterprise Environments
Deploying Foreman in Enterprise EnvironmentsDeploying Foreman in Enterprise Environments
Deploying Foreman in Enterprise Environments
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
 
Code Retreat
Code RetreatCode Retreat
Code Retreat
 
Velocity 2015: Building Self-Healing Systems
Velocity 2015: Building Self-Healing SystemsVelocity 2015: Building Self-Healing Systems
Velocity 2015: Building Self-Healing Systems
 
Velocity 2015 building self healing systems (slide share version)
Velocity 2015 building self healing systems (slide share version)Velocity 2015 building self healing systems (slide share version)
Velocity 2015 building self healing systems (slide share version)
 
Building Apache Cassandra clusters for massive scale
Building Apache Cassandra clusters for massive scaleBuilding Apache Cassandra clusters for massive scale
Building Apache Cassandra clusters for massive scale
 
Operationalizing Clojure Confidently
Operationalizing Clojure ConfidentlyOperationalizing Clojure Confidently
Operationalizing Clojure Confidently
 
FireWorks overview
FireWorks overviewFireWorks overview
FireWorks overview
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
 

More from Nicole Gaehle, MSIST

More from Nicole Gaehle, MSIST (19)

Understanding Vulnerabilities in Software
Understanding Vulnerabilities in SoftwareUnderstanding Vulnerabilities in Software
Understanding Vulnerabilities in Software
 
Familiarizing with a major ISMS Standard
Familiarizing with a major ISMS StandardFamiliarizing with a major ISMS Standard
Familiarizing with a major ISMS Standard
 
Analysis: Office of Transfer Services Paper
Analysis: Office of Transfer Services PaperAnalysis: Office of Transfer Services Paper
Analysis: Office of Transfer Services Paper
 
Entity Relationship Diagram: Weak Entity
Entity Relationship Diagram: Weak EntityEntity Relationship Diagram: Weak Entity
Entity Relationship Diagram: Weak Entity
 
Database: PC and Employee
Database: PC and EmployeeDatabase: PC and Employee
Database: PC and Employee
 
Entity Relationship Diagram
Entity Relationship DiagramEntity Relationship Diagram
Entity Relationship Diagram
 
Entity Relationship Diagram
Entity Relationship DiagramEntity Relationship Diagram
Entity Relationship Diagram
 
DIACAP IA CONTROLS Requirements Document
DIACAP IA CONTROLS Requirements DocumentDIACAP IA CONTROLS Requirements Document
DIACAP IA CONTROLS Requirements Document
 
Understanding TCP and HTTP
Understanding TCP and HTTP Understanding TCP and HTTP
Understanding TCP and HTTP
 
Understanding Internet Protocol (IPv4)
Understanding Internet Protocol (IPv4)Understanding Internet Protocol (IPv4)
Understanding Internet Protocol (IPv4)
 
Understanding Layering and Ethernet
Understanding Layering and EthernetUnderstanding Layering and Ethernet
Understanding Layering and Ethernet
 
Virtualization and Linux
Virtualization and LinuxVirtualization and Linux
Virtualization and Linux
 
Analysis: New Threats & Countermeasure in Crime and Cyber Terrorism
Analysis: New Threats & Countermeasure in Crime and Cyber TerrorismAnalysis: New Threats & Countermeasure in Crime and Cyber Terrorism
Analysis: New Threats & Countermeasure in Crime and Cyber Terrorism
 
Analysis: Guidelines for Securing WLANS and Networks of ‘Things’
Analysis: Guidelines for Securing WLANS and Networks of ‘Things’Analysis: Guidelines for Securing WLANS and Networks of ‘Things’
Analysis: Guidelines for Securing WLANS and Networks of ‘Things’
 
Cryptography
CryptographyCryptography
Cryptography
 
Networking Task
Networking Task Networking Task
Networking Task
 
Vm Penetration Test
Vm Penetration TestVm Penetration Test
Vm Penetration Test
 
Reverse Engineering Project
Reverse Engineering ProjectReverse Engineering Project
Reverse Engineering Project
 
Team h hoppers group final presentation
Team h hoppers group final presentationTeam h hoppers group final presentation
Team h hoppers group final presentation
 

Recently uploaded

How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
DianaGray10
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
Hiroshi SHIBATA
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Paige Cruz
 

Recently uploaded (20)

How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 

Lab: Basic Reconnaissance

  • 1. INFSYS3848/6828 LAB: BASIC RECONNAISSANCE Page 1 of 5 POINTS POSSIBLE: 100 DUE DATE: APRIL 15, 2016 by 11:59PM centraltime SPECIAL NOTE: The TASK2 Portion of this lab MUSTbe carried out in the Virtual Lab (accessible through https://tritonapps.umsl.edu) forthiscourseonly.Pleasecontactme as soon aspossible if you do nothaveaccessto virtual lab. PLEASE: 1. DO NOT DELETE/MODIFY any fileson the target machines.If youdelete filesor make the machinesotherwise unavailable,yourclassmatesmaynot be able to finishthe assignmentontime. PLEASE BE COURTEOUS. 2. Feel free to use any resource you wishto research the toolsand answersto lab questions.However, write your answers in your ownwords. I will grade based how completeyour answers are. That is,whether you took the time to learn! 3. NOTE: This labrequires INDIVIDUAL work. Discussionsforthe sake of learning are fine andencouraged. Lab Overview: A potential attackeroftenbeginsbygatheringasmuchinformationaboutatargetas possible.Thisisthe case forboth malicioushackingandethical hacking(penetrationtesting).Thus,itisessential forInfoSec professionals tohave asolidfoundationinreconnaissance frombothperspectives.A greatdeal of informationonapotential targetcanbe gatheredthroughpubliclyavailable sourcesandlegitimate tools. The thingswe will dointhislab themselvesare reallybasic.The ideaisyouspendtime learningabout the backgroundon whatthese toolsaccomplishandhow.Soplease payattentiontoTask1 and do complete the requiredreadings/videos. Lab Purpose: 1. To learnthe basicsof informationgatheringasthe firstseriesof stepsinpenetrationtesting 2. Understandthe basicsof utilitiessuchas“ping” and “tracert” 3. Understandthe basicsof DomainName System(DNS) and“whois” 4. Familiarize ourselveswith“dig,”acommandline utilitythatispartof the BINDframeworkfor DNS servers Lab Tasks: There are twotasks forthislab: Task1 and Task 2. TASK 1 Before proceedingwith task2, please familiarize yourself withthe following basicconcepts: 1. “Whois”: http://en.wikipedia.org/wiki/Whois (veryquick skimthrough)
  • 2. INFSYS3848/6828 LAB: BASIC RECONNAISSANCE Page 2 of 5 a. Visitanyone of these sitesandtry lookingup infoondomainnamesyouknow of…(try example.comorgoogle.comorperhapseven umsl.edu) i. http://www.domaintools.com/ ii. http://whois.net/ iii. http://www.networksolutions.com/whois/index.jsp b. If you wishyoumay use the “whois”tool fromthe commandline inyourUbuntu installations (the one we didforLab1). Simplytype the followingatthe command promptwhois domainname (replace domainnamewithanactual domainname such as google.com). i. If “whois”is notinstalled,youcouldeasilyinstall itusingapt-get(orgoogle for instructions) 2. DomainName System(DNS) Conceptstoknow: a. Domainsandsub-domains b. How DNSqueries work c. DNS Zones,Delegation,ZoneTransfers DNS INFORMATION LINKS: Please gothroughthese inorder. 1) Basics:How DNS Worksby Barry Brown,watch entire playlist(especiallyforpeople with no networkingbackground) http://www.youtube.com/playlist?list=PL5DDE6309C9057EEA 2) Re-cap: http://www.youtube.com/watch?feature=player_detailpage&v=ZBi8GCxk7NQ#t=13 3. DNS tools a. NSLOOKUP b. DIG 4. NetworkScanningtools a. NMAP(visithttps://nmap.org/book/toc.html tolearnasmuchas youcan, try their “IntroductionandOverview section,it’sinterestingandwill giveyouanideaon Pentesting) TOOLS INFORMATION LINKS: 1) Overviewof commonnetworkutilitiesinLinux: http://www.youtube.com/watch?v=CigJXmUYXJY#aid=P9hrcMoKTHw 2) Overviewof DIG: http://www.youtube.com/watch?v=EMyVSyWXnak 3) Thisone cannot be carriedout in ourvirtual labbut isworth a watch to learnabout the dangersof DNSzone transfers: http://www.youtube.com/watch?v=bdHl- w3V_4w (SecurityTube.netVideo,showsafull zone transfer…yesthe accentis Indian). a. Obviously,please donot try this on any real target, eventhoughthe video showsthe personblatantlydoingso! I familiarizedmyself withall linksprovidedabove.
  • 3. INFSYS3848/6828 LAB: BASIC RECONNAISSANCE Page 3 of 5 TASK 2: Imagine youare a penetrationtesterandyouare on assignmenttofindandreportvulnerabilitiesin your client’sdatanetworkandhostswithinit.There are differentlevelsof informationprovidedto penetrationtestersuponassignment.Sometimesthe clientsprovide the entire networkstructure and informationonall hosts.Atothertimesthe clientdoesnotprovide anythingandessentiallyasksthe testersto“hack in” justas a real hackerwould. In thislab,all you knowabout yourclientistheirwebaddress http://www.foo.com andare tryingto beginthe processof finding vulnerabilities.The firststeptofindingvulnerabilitiesistocarry out “footprinting”reconnaissancetofigure outjustwhatour “attack surface”lookslike. In thislabwe will learnthe mostbasicsof footprinting.We will learnaboutactuallyfinding vulnerabilitiesinlaterlabs. GETTING READY FOR THE EXERCISES 1) Loginto the Virtual Lab (instructionsonMyGateway/Docs&Assignments/Assignmentsand Quizzes/). 2) Performthe exercisesgivenbelow withinyourKali Linux Machine (deliveredtoyouonce you finishloggingintothe virtual lab) EXERCISE 1: One verysimple tool tofigure outif a “host” (anydevice withanaddressona network) isturnedonand communicatingoverthe networkis“PING.” Of course,systemadministratorscanpreventhostsfrom respondingtopings. DO: 1) Checkout the website: InKali,openup the browser(Iceweasel,tinyglobe like iconintopleft). In the addressbar type the URL http://www.foo.com tonotice thatthere isa site configured withthat domain. 2) Openupthe commandline on Kali and ping(ping domainname i.e. ping www.foo.com) the above domain.Afterafew echoeshit“CTRL+C” to cancel the pingprocess. Obviously,thiswebsite isrunningonaserverandif the site isonwe did notreallyneedtoping it to findif “itisup.” The pingdoesgive ussome basicinformation. EXERCISE 1 QUESTIONS Q 1.1) Is the computer correspondingto the domainname onand communicating?(YES/NO) Yes Q 1.2) Whatis the IP version 4 address of thiscomputer?
  • 4. INFSYS3848/6828 LAB: BASIC RECONNAISSANCE Page 4 of 5 192.168.2.5 Q 1.3) Whatdid we “attackers” learn from this simpleprocedure? (Be sure to read aboutping,what it reveals (beyondthe IP address),whether it isgood or badto enable pingresponses or whether it doesn’tmatter. Hint: start with findingoutwhat underlyingprotocol isused for pings.) We learnedthatwhenwe pinganIP addressitbringsback how longit takesforyour computer to communicate withthe serverandthe speedittakes.The underlyingprotocol isICMP (InternetControl Message Protocol).Usingthe pingoptionisgoodforattackersto do sothey understandhowthe serverworks. EXERCISE 2: In thisexercise we will use atool availableonmost*nix platformsforobtainingDNSinformation,called DIG. Similarfunctionalityisavailable throughtoolssuchas“NSLOOKUP”(alsoavailable onWindows) and “HOST”. Here we focuson “DIG”. DO: (ifyou haven’twatched the videoson DIG mentionedabove,please doso) At the commandline inKali,issue asimple digcommandforthe above domain: dig www.foo.com EXERCISE 2 QUESTIONS Q 2.1) Examinethe QuestionSectionin the output ofthe abovecommand.What“question” didwe ask in thisquery? We askedwhatthe domainname serveris. Q 2.2) Examinethe Answer Section. a. Whatis the IP (version4) addressassociatedwith that name? 192.168.2.5 Q 2.3) Examinethe AuthoritySection.What type ofrecord is returned here? What isthe nameof the name server associatedwiththis domain? (Don’tbe confusedwithits name, it does notmatter what it is called,simplyreport the name in the record type NS) a. Routerinformationisreturned. b. Router1.infosys.com& router1.foo.com Q 2.4) Examinethe Additional Section.Whatisthe IP address ofthe name server? 192.168.1.254 & 192.168.2.254 WRAPPING UPYOUR LAB SESSION: Once you have carried out all exercises,please followthese stepscarefully:
  • 5. INFSYS3848/6828 LAB: BASIC RECONNAISSANCE Page 5 of 5 1. Simplyclose the “Remote Desktop” windowby clicking on the “X” inthe blue title bar. a. No needto shut down the Kali Machine 2. You’re done and thank you. --End lab -- LAB DELIVERABLES: 1) Please carryout all tasksas requestedincludingreading/watchingvideosunder“Task1”. 2) Please alsoconductthe exercisesunder“Task2” and provide completeanswerstothe questionsundereachexercise.NOTE:There isa “rightanswer”to most of these questions.Iam lookingforcomplete answersandinparticularyourinsightaboutthese exercises. 3) Type your answers in a separate document.Note thatyou will notbe able to copy paste betweenyourKali machinesandyourcomputer. Youwill have totype youranswersin. 4) Name yourdocument“FirstName_LastName_Assignment4” 5) Submitcompleteddocumentthrough MyGateway. GETTING HELP: Call me (314-489-9733) / email (shajikhan@umsl.edu) anytime.Formore detailedhelp,pleasesee me duringoffice hours orsetupappointment.Tutorsare alsoavailable.