This chapter is from the book
This chapter is from the book
This chapter is from the book
Exercises
3-1 Performing Passive Reconnaissance
The best way to learn passive information gathering is to use the tools. In this exercise, you perform reconnaissance on several organizations. Acquire only the information requested.
Estimated Time: 20 minutes.
Step 1. Review Table 3-10 to determine the target of your passive information gathering.
Table 3-10 Passive Information Gathering
Domain Name |
IP Address |
Location |
Contact Person |
Address and Phone Number |
|---|---|---|---|---|
h4cker.org |
|
|
|
|
Examcram.com |
|
|
|
|
|
72.3.246.59 |
|
|
|
Rutgers.edu |
|
|
|
|
secretcorp.org |
|
|
|
|
Step 2. Start by resolving the IP address. You can do this by pinging the site.
Step 3. Next, use a tool such as https://www.whois.net or any of the other tools mentioned throughout the chapter. Some of these include
Step 4. To verify the location of the organization, perform a traceroute or a ping with the -r option.
Step 5. Use the ARIN, RIPE, and IANA to fill in any information you have yet to acquire.
Step 6. Analyze the results.
3-2 Performing Active Reconnaissance
The best way to learn active information gathering is to use the tools. In this exercise, you perform reconnaissance on your own internal network. If you are not on a test network, make sure that you have permission before scanning it, or your action may be seen as the precursor of an attack.
Estimated Time: 15 minutes.
Step 1. Download the most current version of Nmap from https://nmap.org/download.html.
Step 2. Open a command prompt and go to the directory in which you have installed Nmap.
Step 3. Run nmap -h from the command line to see the various options.
Step 4. You’ll notice that Nmap has many options. Review and find the option for a full connect scan. Enter your result here:___
Step 5. Review and find the option for a stealth scan. Enter your result here: ___
Step 6. Review and find the option for a UDP scan. Enter your result here: ___
Step 7. Review and find the option for a fingerprint scan. Enter your result here: ___
Step 8. Perform a full connect scan on one of the local devices you have identified on your network. The syntax is nmap -sT IP_Address.
Step 9. Perform a stealth scan on one of the local devices you have identified on your network. The syntax is nmap -sS IP_Address.
Step 10. Perform a UDP scan on one of the local devices you have identified on your network. The syntax is nmap -sU IP_Address.
Step 11. Perform a fingerprint scan on one of the local devices you have identified on your network. The syntax is nmap -O IP_Address.
Step 12. Observe the results of each scan. Could Nmap successfully identify the system? Were the ports it identified correct?
