Reconnaissance intro - Beginners guide to hacking and penetration testing (2017)

Beginners guide to hacking and penetration testing (2017)

Reconnaissance intro:

Information gathering is critical to any hacking or penetration testing engagement. The more information that you have on your target the easier your job will become. In general people don't realize how important their data really is. Other times people don't realize how seemingly insignificant pieces of information build a much bigger picture. Imagine this, you toss your old bank receipt out (now I have your bank name and basic account information), you setup an online family tree to share with people (now I know your mother's maiden name), You post about your family, pets, hobbies, etc. on Facebook (now I probably can piece together your password recovery answers). With these little bits of seemingly unimportant information (and a little more digging) we can build a much bigger picture.

The quieter you become…

The old adage "The quieter you are become, the more you are able to hear" is a motto that you should live by.

Try practicing this sometime next time that you are sitting in the office, in school, a coffee shop, or other location where people are gathered for a length of time that you are not having a conversation with.

Without being too obvious try listening into their conversation. Is there any information that you can overhear that can be useful? Are they talking about vacation dates and times? Where they work, passwords, or other useful information?

How often do we see or hear people on their cell phones, how often are they on speaker phone? Most people tend to tune them out, but as a hacker, you may be missing information that can be used later. The same goes for people that love to use voice transcription for text messaging speaking out their entire text message for all to hear.

So have a listen to the world around you, chances are you will hear and learn quite a bit.

Internet Archive Wayback Machine https://archive.org/web/web.php

The Wayback machine is a incredible tool that can be used to search archived websites. Currently there are some 279 billion web pages saved. Searching the target's website or online presence can yield a lot of useful information. Having a way to view potentially removed information can mean also reveal critical information to your penetration test.

The example above, we entered in Facebook.com and clicked the BROWSE HISTORY button. The chart

and calendar below we can see the archive chart dating back to 1998. If we click on a date and a time we can browse back to what that page looked like back then. This is useful for searching for information that may have been removed back then.

The above is a snapshot of Yahoo dating back to 1996, browsing people's old social media accounts or business websites can uncover some potentially useful information.

Hosting information:

ICANN according to Wikipedia: "

The Internet Corporation for Assigned Names and Numbers is a nonprofit organization that is responsible for coordinating the maintenance and procedures of several databases related to the namespaces of the Internet, ensuring the network's stable and secure operation.More at Wikipedia "

From <https://duckduckgo.com/?q=who+is+icann&t=ffab&ia=web>

What this means to us is, that their site contains a massive database that can help us by learning more about our target's website.

By navigating to https://whois.icann.org/en and entering in a URL (in this instance Google.com) we can see the admin, organization, contact email, contact number, fax number etc. Depending on the privacy setting of the person that setup the site we may see even more information.