Reconnaissance and Information Gathering

Lab-4: Reconnaissance and Information Gathering

A hacker uses many tools and methods to gather information about the target. There are two broad categories of information gathering methods: passive and active. These methods are detailed in the table below. In this lab, you will perform passive information gathering (gray-shaded column). In Lab 5, you will be performing active information gathering. Please review the table before starting this lab.

Information Gathering Passive (Reconnaissance and Information Gathering) – This Week Active (Scanning and Enumeration) – Next Week
Is the hacker contact with the target directly? No direct contact with the target Direct contact with the target
Are the activities logged? No audit records on the target Audit record might be created
What kind of tools has been used? Web archives, Whois service, DNS servers, Search Engines Port scanners, network scanners, vulnerability scanners (Nessus, Nmap)
What information can a hacker collect? IP addresses, network range, telephone numbers, E-mail addresses, active machines, operating system version, network topology Live hosts on a network, network topology, OS version, open ports on hosts, services running on hosts, running applications and their versions, patching level, vulnerabilities.

 

In passive information gathering, the hacker does not directly contact the target; therefore, no audit logs have been created. Both non-technical (such as employee names, birth dates, e-mail addresses) and technical information (IP addresses, domain names) can be gathered. This information can be used in many ways in the subsequent steps of the attack. For example, the phone numbers or e-mail addresses you discovered can be used in social engineering attacks. DNS records or subdomain names can be used to leverage specific attacks against hosts or URLs.

More notes on Reconnaissance and Information Gathering :

1) In this phase, an attacker may collect a lot of information without being noticed.

2) In some cases, an attacker may even discover vulnerabilities.

3) The information collected in this phase can be quite valuable when evaluated together with the information collected in the scanning and enumeration phase. For example, you might find the phone number and name of an employee in this phase, and you may find the computer IP address in the active scanning phase. You can use these two pieces of information together to leverage a social engineering attack. An attacker will increase the chance of gaining trust when s/he calls the victim’s name and talk some specific about the victim’s computer.

4) Companies should also perform reconnaissance and information gathering against themselves so that they can discover -before hackers- what kind of information the company and company employees disclose.

In this lab, you will practice 6 passive methods of Reconnaissance and Information Gathering. You have to use Kali VM in Sections 3, 5, and 6 of the lab. You may use Kali VM or your computer (the only thing you need will be an Internet browser) for the rest of the sections.

Section-1: Using Google Search Operators

Google search engine has many search operators that help us collect specific results about a website, eventually a company. You will use some of these operators in this lab.

1) Search the term site:franklin.edu

Notice that all results are specific to Franklin Univesity pages.

 

Review the search results and find three subdomains among the results. What is a subdomain: the word “library” is a subdomain of the franklin.edu domain, as https://library.franklin.edu is an active website.

 

2) Search the term site:amazonaws.com

This search result in millions of websites or documents that have been hosted on Amazon cloud servers.

 

Review the search results and find some company websites that have been hosted in the Amazon cloud. (AWS).

 

3) Search the term Franklin Univesity site:amazonaws.com

This search query will reveal documents and web pages having “Franklin University” keywords and hosted in Amazon AWS.

 

4) Search the term filetype:doc site:franklin.edu

The filetype operator produces the search results linked to the indexed files with the type indicated in the operator. Above search will reveal word files hosted in the franklin.edu domain and indexed by Google.

If the above query does not produce any results, try another query by changing the file types such as docx, ppt, pptx, pdf.

 

Download one file and check the metadata information. Find information such as username, author name, application version, etc. There are various methods to see the metadata information. You can right-click the file and check the details tab, as shown below. Alternatively, you can open the file with Microsoft Word and see the properties within the Word program. Use the Google search engine, if you need, to learn how to see metadata information of Microsoft office documents/PDF files.

 

Note: Every small piece of information is important for a meticulous pentester. A username such as john.smith can indicate that the username pattern used in the organization is name.surname. It is important to know the username patterns in the social engineering attacks. Some metadata might contain Office software and operating system version information. Version information provides information about the patch level, and a hacker/pentester can create malicious payloads specific to the versions found in metadata.

 

5) Search the term inurl:login site:franklin.edu

inurl operator here finds the pages that contain the “login” in the URL. By using this operator, we can discover login forms hosted by the targeted website.

 

Review the search results. Take a screenshot of one of the login forms.

 

6) Visit this page: https://www.exploit-db.com/google-hacking-database

QUESTION: Choose a query, start a Google search and analyze the search results.

Note: “The Exploit Database is a CVE compliant[footnoteRef:1] archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Our aim is to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away [1: https://cve.mitre.org/data/refs/refmap/source-EXPLOIT-DB.html]

The Google Hacking Database (GHDB) is a categorized index of Internet search engine queries designed to uncover interesting and usually sensitive information made publicly available on the Internet. In most cases, this information was never meant to be made public but due to any number of factors this information was linked in a web document that was crawled by a search engine that subsequently followed that link and indexed the sensitive information.” (Source of this double-quoted information: exploit-db.com about page)

Note that Google hacking (Google Dorking) is a broad topic; there are books written on this topic.

Get Professional Assignment Help Cheaply

Buy Custom Essay

Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?

Whichever your reason is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.

Why Choose Our Academic Writing Service?

  • Plagiarism free papers
  • Timely delivery
  • Any deadline
  • Skilled, Experienced Native English Writers
  • Subject-relevant academic writer
  • Adherence to paper instructions
  • Ability to tackle bulk assignments
  • Reasonable prices
  • 24/7 Customer Support
  • Get superb grades consistently
 

Online Academic Help With Different Subjects

Literature

Students barely have time to read. We got you! Have your literature essay or book review written without having the hassle of reading the book. You can get your literature paper custom-written for you by our literature specialists.

Finance

Do you struggle with finance? No need to torture yourself if finance is not your cup of tea. You can order your finance paper from our academic writing service and get 100% original work from competent finance experts.

Computer science

Computer science is a tough subject. Fortunately, our computer science experts are up to the match. No need to stress and have sleepless nights. Our academic writers will tackle all your computer science assignments and deliver them on time. Let us handle all your python, java, ruby, JavaScript, php , C+ assignments!

Psychology

While psychology may be an interesting subject, you may lack sufficient time to handle your assignments. Don’t despair; by using our academic writing service, you can be assured of perfect grades. Moreover, your grades will be consistent.

Engineering

Engineering is quite a demanding subject. Students face a lot of pressure and barely have enough time to do what they love to do. Our academic writing service got you covered! Our engineering specialists follow the paper instructions and ensure timely delivery of the paper.

Nursing

In the nursing course, you may have difficulties with literature reviews, annotated bibliographies, critical essays, and other assignments. Our nursing assignment writers will offer you professional nursing paper help at low prices.

Sociology

Truth be told, sociology papers can be quite exhausting. Our academic writing service relieves you of fatigue, pressure, and stress. You can relax and have peace of mind as our academic writers handle your sociology assignment.

Business

We take pride in having some of the best business writers in the industry. Our business writers have a lot of experience in the field. They are reliable, and you can be assured of a high-grade paper. They are able to handle business papers of any subject, length, deadline, and difficulty!

Statistics

We boast of having some of the most experienced statistics experts in the industry. Our statistics experts have diverse skills, expertise, and knowledge to handle any kind of assignment. They have access to all kinds of software to get your assignment done.

Law

Writing a law essay may prove to be an insurmountable obstacle, especially when you need to know the peculiarities of the legislative framework. Take advantage of our top-notch law specialists and get superb grades and 100% satisfaction.

What discipline/subjects do you deal in?

We have highlighted some of the most popular subjects we handle above. Those are just a tip of the iceberg. We deal in all academic disciplines since our writers are as diverse. They have been drawn from across all disciplines, and orders are assigned to those writers believed to be the best in the field. In a nutshell, there is no task we cannot handle; all you need to do is place your order with us. As long as your instructions are clear, just trust we shall deliver irrespective of the discipline.

Are your writers competent enough to handle my paper?

Our essay writers are graduates with bachelor's, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college degree. All our academic writers have a minimum of two years of academic writing. We have a stringent recruitment process to ensure that we get only the most competent essay writers in the industry. We also ensure that the writers are handsomely compensated for their value. The majority of our writers are native English speakers. As such, the fluency of language and grammar is impeccable.

What if I don’t like the paper?

There is a very low likelihood that you won’t like the paper.

Reasons being:

  • When assigning your order, we match the paper’s discipline with the writer’s field/specialization. Since all our writers are graduates, we match the paper’s subject with the field the writer studied. For instance, if it’s a nursing paper, only a nursing graduate and writer will handle it. Furthermore, all our writers have academic writing experience and top-notch research skills.
  • We have a quality assurance that reviews the paper before it gets to you. As such, we ensure that you get a paper that meets the required standard and will most definitely make the grade.

In the event that you don’t like your paper:

  • The writer will revise the paper up to your pleasing. You have unlimited revisions. You simply need to highlight what specifically you don’t like about the paper, and the writer will make the amendments. The paper will be revised until you are satisfied. Revisions are free of charge
  • We will have a different writer write the paper from scratch.
  • Last resort, if the above does not work, we will refund your money.

Will the professor find out I didn’t write the paper myself?

Not at all. All papers are written from scratch. There is no way your tutor or instructor will realize that you did not write the paper yourself. In fact, we recommend using our assignment help services for consistent results.

What if the paper is plagiarized?

We check all papers for plagiarism before we submit them. We use powerful plagiarism checking software such as SafeAssign, LopesWrite, and Turnitin. We also upload the plagiarism report so that you can review it. We understand that plagiarism is academic suicide. We would not take the risk of submitting plagiarized work and jeopardize your academic journey. Furthermore, we do not sell or use prewritten papers, and each paper is written from scratch.

When will I get my paper?

You determine when you get the paper by setting the deadline when placing the order. All papers are delivered within the deadline. We are well aware that we operate in a time-sensitive industry. As such, we have laid out strategies to ensure that the client receives the paper on time and they never miss the deadline. We understand that papers that are submitted late have some points deducted. We do not want you to miss any points due to late submission. We work on beating deadlines by huge margins in order to ensure that you have ample time to review the paper before you submit it.

Will anyone find out that I used your services?

We have a privacy and confidentiality policy that guides our work. We NEVER share any customer information with third parties. Noone will ever know that you used our assignment help services. It’s only between you and us. We are bound by our policies to protect the customer’s identity and information. All your information, such as your names, phone number, email, order information, and so on, are protected. We have robust security systems that ensure that your data is protected. Hacking our systems is close to impossible, and it has never happened.

How our Assignment  Help Service Works

1.      Place an order

You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.

2.      Pay for the order

Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.

3.      Track the progress

You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.

4.      Download the paper

The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.

smile and order essaysmile and order essay PLACE THIS ORDER OR A SIMILAR ORDER WITH US TODAY AND GET A PERFECT SCORE!!!

order custom essay paper
Why we are the best
Our Free Services
Why Hire Our Writers?