- "Do I Know This Already?" Quiz
- Foundation Topics: Overview of the Seven-Step Information-Gathering Process
- Information Gathering
- Determining the Network Range
- Identifying Active Machines
- Finding Open Ports and Access Points
- OS Fingerprinting
- Fingerprinting Services
- Mapping the Network Attack Surface
- Summary
- Exam Preparation Tasks
- Review All Key Topics
- Define Key Terms
- Exercises
- Review Questions
- Suggested Reading and Resources
This chapter is from the book
This chapter is from the book
This chapter is from the book
Exercises
3.1 Performing Passive Reconnaissance
The best way to learn passive information gathering is to use the tools. In this exercise, you perform reconnaissance on several organizations. Acquire only the information requested.
Estimated Time: 20 minutes.
Step 1. Review Table 3-9 to determine the target of your passive information gathering.
Table 3-9 Passive Information Gathering
Domain Name
IP Address
Location
Contact Person
Address and Phone Number
Redriff.com
Examcram.com
72.3.246.59
Rutgers.edu
Step 2. Start by resolving the IP address. This can be done by pinging the site.
Step 3. Next, use a tool such as https://www.whois.net or any of the other tools mentioned throughout the chapter. Some of these include
Step 4. To verify the location of the organization, perform a traceroute or a ping with the -r option.
Step 5. Use the ARIN, RIPE, and IANA to fill in any information you have yet to acquire.
Step 6. Compare your results to those found in Appendix A. Results may vary.
3.2 Performing Active Reconnaissance
The best way to learn active information gathering is to use the tools. In this exercise, you perform reconnaissance on your own internal network. If you are not on a test network, make sure that you have permission before scanning it, or your action may be seen as the precursor of an attack.
Estimated Time: 15 minutes.
Step 1. Download the most current version of Nmap from https://nmap.org/download.html. For Windows systems, the most current version is 7.30.
Step 2. Open a command prompt and go to the directory in which you have installed Nmap.
Step 3. Run nmap -h from the command line to see the various options.
Step 4. You’ll notice that Nmap has many options. Review and find the option for a full connect scan. Enter your result here:___
Step 5. Review and find the option for a stealth scan. Enter your result here: ___
Step 6. Review and find the option for a UDP scan. Enter your result here: ___
Step 7. Review and find the option for a fingerprint scan. Enter your result here: ___
Step 8. Perform a full connect scan on one of the local devices you have identified on your network. The syntax is nmap -sT IP_Address.
Step 9. Perform a stealth scan on one of the local devices you have identified on your network. The syntax is nmap -sS IP_Address.
Step 10. Perform a UDP scan on one of the local devices you have identified on your network. The syntax is nmap -sU IP_Address.
Step 11. Perform a fingerprint scan on one of the local devices you have identified on your network. The syntax is nmap -O IP_Address.
Step 12. Observe the results of each scan. Could Nmap successfully identify the system? Were the ports it identified correct?
