Reconnaissance Explained: First Phase of Ethical Hacking
Reconnaissance is the first phase of Ethical Hacking. In this Phase a hacker gathers as much information as possible about an organization or a target system, in order to identify potential vulnerabilities. Reconnaissance is also known as Footprinting and Information Gathering. There are mainly two types of Reconnaissance: Active and Passive Reconnaissance.
- Active Reconnaissance:- In this type of Reconnaissance, hackers interact with the target system to gather information. This can involve techniques like DNS enumeration (finding all the DNS records associated with a target), network scanning to identify active hosts and services and open port scanning to determine which services are running on those hosts.
- Passive Reconnaissance:- Here hackers collect information without directly interacting with the target. They trust on on publicly available sources like social media, websites and search engines. For example, they might scan LinkedIn profiles of employees to find out their roles and relationships, search for domain registration information or explore a company’s website for clues about its technology stack.
Practical Reconnaissance methods
So you all know that Reconnaissance means gathering information about the target. But how did you gather this information, if your answer is from social media then you are wrong. No matter how much you try you will never find the sensitive data of any company on social media platforms. If you are an expert in tech, you may find some sensitive data on social media, but that data is not enough to hack an organization. So what will you do now, don’t worry here is a detailed explanation to find out the sensitive data of an organization.
First, go to whoislookup website. Then type the domain name of an organization. Here in this demo tutorial let me type my own websites domain name.
Once you click on the search button, you can find the sensitive data about an organization like IP Address, IP Location, ASN, private information about an registrant etc.
So, once we figure out the IP address we can now use nmap to discover open ports on the target system.
Note:- Due to Google’s terms and conditions, I will not be able to provide you with a practical demonstration of how to accomplish this. However, I can offer you a hint: consider using Kali Linux for the task.
Type this command in kali to figure out open ports on the given IP Address.
nmap -sS -p- 18.104.22.168(ip address)
Once you type this command in your Kali Linux, you will see all the ports that are open including their service.
Using Social Engineering
Gathering information about the company that is available on social media platforms is super easy. Even a 12 year old can also do it. So you as an Ethical Hacker must use Social Engineering techniques to find out more valuable information. These techniques include:
- Phishing:- Phishing involves sending deceptive emails or messages that appears to come from legitimate source, but are designed to trick recipients into revealing sensitive information. Hackers often create fake login pages or something like that, once the victim enters their login credentials, attackers figure out their password, which they later use for malicious activities.
- Baiting:- Baiting involves enticing a target to perform an action in exchange for something. For example, an attacker might leave a USB drive labeled as “Confidential Payroll Data” in a public area, hoping someone will pick it up and plug it into their computer, unknowingly installing malware.
- Quid Pro Quo:- In this type of Social Engineering attack, attackers promise something in return for information. For example, an attacker might call a target, claiming to be from a software company and offering free tech support in exchange for login credentials.
- Dumpster Diving:- Here the attackers search through physical trash or recycling bins for information that can be used to gather more sensitive information, such as discarded documents with sensitive information.
So, these are some Social Engineering techniques that you can use in Reconnaissance, to gather more information about the target.
As an Ethical Hacker you must know all the techniques that a blackhat hacker can use to attack any organization. If an Ethical Hacker doesn’t know these type of techniques there is no way he can prevent it.
Share This Post!