infinity Labs
Seek Your Information
Reconnaissance Attack
Author: Admin derek27 Nov
- The first stage of any attack is “reconnaissance”: scanning the victims - looking for ways into their systems.
- The purpose of this stage is to map out the target network and systems. The hacker will try to list all the systems on the network, then try to list all the holes available on the target systems.
Outlines:
- Ping Sweep.
- DNS
- whois
- Telnet
- PortScans
- Nikto
Read more the article Below
Mapping the target network:
The pre-Hacking Stage consists of a bunch of tools and tricks to identify the target’s information.
1-Ping Sweep:
Find out which server respond by pinging them.
You can do that using “cmd” in Windows
Or by using “terminal” for Linux users.
2-DNS (Domain Name Services)
Finds out all the machines that are listed in the DNS server, which often includes machines outside the company’s address range (collocated at hosting sites)
3-Whois
http://www.internic.net/whois.html
http://www.uwhois.com
These websites are the perfect tool in the reconnaissance attack to recognize all the domains related to the target the attack will be performed on the primary one.
Notice That: DNS zone transfer can be done using the whois method or by using the “nslookup” in the cmd.
4.Telnet
Mail servers are a good way of finding information out about a company and what email addresses are valid in the company.
It is possible to telnet to a mail server on both port 25 and 110. When you connect you are greeted with a banner saying the type of mail server and its version.
5.Port Scans
A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services.
Port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is open and can therefore be probed for weakness.
On the web there’s a lot of port scanners. My favorite one is “Nikto” 
Quick note about Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items.
This how you run Nikto from your cmd , you have to install Perl
First to run Nikto.
Port Scanning iLabz.net using Nikto
Now we’re Scanning the Port 80 on ilabz.net to show security holes
Security Holes: Sometimes a security hole can be just an outdated version
Of your server or php.
Outdated versions have security holes due to bugs and that’s why it should be updated.
Leave a reply