Ethical Hacking: Reconnaissance/Footprinting

Pluralsight is not an official partner or accredited training center of EC-Council. This course covers the process of probing a system with the intent of compromising the target. The goal is to gather as much data as possible about a would-be target.
Course info
Rating
(320)
Level
Beginner
Updated
Sep 28, 2018
Duration
3h 42m
Table of contents
Description
Course info
Rating
(320)
Level
Beginner
Updated
Sep 28, 2018
Duration
3h 42m
Description

Pluralsight is not an official partner or accredited training center of EC-Council. As an Ethical Hacker, you've been asked to do a "Blackbox" attack on a customer's infrastructure. Your first step is finding out as much as you can about the "target." You accomplish this via reconnaissance/footprinting. This is the initial stage in gaining a blueprint of the security profile of a target, and it is accomplished in an organized manner. Reconnaissance is one of the three "pre-attack phases," and results in a unique profile of an organization's networks and systems. "Reconning" an organization is necessary in order to systematically gather all the related data in regards to the technologies deployed within the network. Reconnaissance can take up to 90% of the time during penetration testing or an actual attack. We'll show you how attackers are currently reconning your company, as well as discuss in detail the steps of reconnaissance. Finally we'll look at some possible countermeasures to help discourage attackers. This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking

About the author
About the author

Dale Meredith received his Certified Ethical Hacker and Certified EC-Counsel Instructor certifications back in 2006, as well as being a Microsoft Certified Trainer since 1998 (yes we had computers back then). Dale takes great pride in helping students comprehend and simplify complex IT concepts.

More from the author
More courses by Dale Meredith
Section Introduction Transcripts
Section Introduction Transcripts

Initially What Do You Look For?
So this whole recon thing, what are you actually looking for? So the answer to that question, I'm actually going to pull out another quote, you know me and my quotes. This one is actually from a movie from 1998 called Sneakers, it's a great movie about hacking. It stars Robert Redford, Sidney Poitier, one of my favorite actors. And in it, Robert Redford meets up with his college buddy who has been this big hacker and he makes this statement. He says, "There is a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think... it's all about the information. " And that is so true. The more information you have, and that's the whole purpose behind recon and footprinting, is that we're trying to get as much info as we can. We're going to first go through and take a look in this module about how to utilize or leverage search engines to our advantage, what type of information we can discover about the company and not just where they're website is, but you'll be surprised of what else we can find. We'll then go through and take a look at websites. Now this could be not only the customer's websites, but some other websites that actually show you some very, very interesting things that you probably never knew was being recorded about possibly your own website. Then we'll go through and take a look at using Whois, I think he's on first, isn't he? Okay, that was a little bit of my Abbot and Costello coming out of me. Whois is a great little utility or site that we can use to discover more information about our target. And then we'll go through and take a look at utilizing some tools that you're probably familiar with, but again, we're going to leverage them a little differently. We're going to be using both PING to discover some information, as well as DNS. So fire up your computer, let's get going.

Reconnaissance via Google Hacking
So you know that Snickers commercial where the guy is in charge of painting the football field and he gets done and he looks and one of the player points out to him as he runs off the field, you know we're the chiefs, not the chefs, and the maintenance man utters the phrase, which just cracks me up, he says great googly-moogly, and I think a lot of people end up saying something similar to that when they see what we can do with Google hacking. Now to kind of set this up, you need to understand what Google is designed to do. Google is not around to give you free applications and free storage space and a nice little search engine, that's not their job. Their job is to sell advertising and they do that by providing those types of services. In fact, Eric Schmidt, who is the CEO of Google once said, if you have something you don't want anyone to know, maybe you shouldn't be doing it in the first place, and that is his whole concept when people have asked him about what Google is doing out there, as far as it going out and crawling. So in this module, we'll go through and make sure you understand how to get your Google on and then that we'll look at understanding Google, what it does for us. We'll go through then, take a look at some of the Google operators. Then we'll get into taking a look at some advanced Google operators and then we'll start taking those operators and using them a little differently so that we start to find things that people wouldn't necessarily suspect to be out there, and of course, to make things easier, we can bypass a lot of the syntax that we'll be implementing, but it's good to know, especially for your, wink, wink, hint, hint, nudge, nudge, immediate future. You'll need to know some of the syntax, but there is something out there called the Google Hacking Database, also known as the GHDB. And then we'll go through and take a look at some other tools that we can use that implement or that's designed around Google itself.

Reconnaissance Countermeasures & Pen Testing
You've all seen a good submarine movie. One of my favorites is Hunt for Red October and Shawn Connery when the torpedoes are coming in he's yelling release countermeasures and that's what we need to do here. We need to understand what the countermeasures are for reconnaissance, as well as what you need to be looking for in pen testing. Now one of my favorite characters next to Batman, I know you're saying Dale, how could that possibly be because Batman is your favorite character, but growing up, I had another one, and the famous quote was knowing is half the battle, GI Joe. That is so true. Knowing what you are exposing, knowing what is capable of the attacker is half of your battle. I think maybe I need to rewrite that because I think that almost sounds like a sun tzu from the art of war statement, doesn't it. So in this module, we're going to go through and show you how to put your shields up. Shields! Red alert! We're going to show you how to do those countermeasures, some best practices for reconnaissance. We'll also go through and show you how to set up for a pen test, the actual workflow of what you should be tracking when it comes to reconnaissance. Again, reconnaissance is where we spend almost 70% of our time or where hackers or attackers will spend a majority of their time. So let's see what we can do here.