Footprinting, Reconnaissance, and Scanning

This chapter is from the book

CEH Certified Ethical Hacker Cert Guide, 4th Edition

Learn More Buy

This chapter is from the book

This chapter is from the book 

CEH Certified Ethical Hacker Cert Guide, 4th Edition

Learn More Buy

Exercises

3-1 Performing Passive Reconnaissance

The best way to learn passive information gathering is to use the tools. In this exercise, you perform reconnaissance on several organizations. Acquire only the information requested.

Estimated Time: 20 minutes.

• Step 1. Review Table 3-10 to determine the target of your passive information gathering.

Table 3-10 Passive Information Gathering

• Step 2. Start by resolving the IP address. You can do this by pinging the site.

• Step 3. Next, use a tool such as https://www.whois.net or any of the other tools mentioned throughout the chapter. Some of these include

  • http://www.betterwhois.com

  • https://whois.domaintools.com/

  • http://geektools.com

  • https://lookup.icann.org

  • https://talosintelligence.com/reputation_center

  • https://www.domain.com/whois/whois

• Step 4. To verify the location of the organization, perform a traceroute or a ping with the -r option.

• Step 5. Use the ARIN, RIPE, and IANA to fill in any information you have yet to acquire.

• Step 6. Analyze the results.

3-2 Performing Active Reconnaissance

The best way to learn active information gathering is to use the tools. In this exercise, you perform reconnaissance on your own internal network. If you are not on a test network, make sure that you have permission before scanning it, or your action may be seen as the precursor of an attack.

Estimated Time: 15 minutes.

• Step 1. Download the most current version of Nmap from https://nmap.org/download.html.

• Step 2. Open a command prompt and go to the directory in which you have installed Nmap.

• Step 3. Run nmap -h from the command line to see the various options.

• Step 4. You’ll notice that Nmap has many options. Review and find the option for a full connect scan. Enter your result here:___

• Step 5. Review and find the option for a stealth scan. Enter your result here: ___

• Step 6. Review and find the option for a UDP scan. Enter your result here: ___

• Step 7. Review and find the option for a fingerprint scan. Enter your result here: ___

• Step 8. Perform a full connect scan on one of the local devices you have identified on your network. The syntax is nmap -sT IP_Address.

• Step 9. Perform a stealth scan on one of the local devices you have identified on your network. The syntax is nmap -sS IP_Address.

• Step 10. Perform a UDP scan on one of the local devices you have identified on your network. The syntax is nmap -sU IP_Address.

• Step 11. Perform a fingerprint scan on one of the local devices you have identified on your network. The syntax is nmap -O IP_Address.

• Step 12. Observe the results of each scan. Could Nmap successfully identify the system? Were the ports it identified correct?