|
| 1 | +**Learn how to use simple tools such as traceroute, ping, telnet, and a web browser to gather information.** |
| 2 | + |
| 3 | + |
| 4 | + |
| 5 | +Active reconnaissance is the process of gathering information about a target system, network, or application by directly interacting with it. This typically involves sending requests or signals to the target to observe its responses. Examples include scanning for open ports, testing vulnerabilities, or using tools like **nmap**, **ping**, or **Nikto**. |
| 6 | + |
| 7 | +### Web Browser |
| 8 | +An Web browser is all we need to gather information besides using command line tools. In this module about **``web browser``** section i learned about various tools like **FroxyProxy** **Wappalyzer** **User-Agent Switcher and Manager** and about **browser developer tools**. |
| 9 | + |
| 10 | +- **froxyproxy** :- Quickly switch proxy servers for accessing target websites. Ideal for tools like Burp Suite or frequent proxy changes. |
| 11 | +- **Wappalyzer** :- Identifies technologies used on visited websites, useful for gathering info while browsing. |
| 12 | +- **User-Agent Switcher and Manager** :- Allows you to mimic accessing a webpage from a different OS or browser, like pretending to use an **iPhone** while on **Firefox**. |
| 13 | + |
| 14 | + |
| 15 | + |
| 16 | +### ``Ping`` |
| 17 | +The `ping` command checks if a device or website is reachable on a network by sending small data packets and measuring how long it takes for them to return. It’s like saying “Hello, are you there?” and waiting for a response. |
| 18 | + |
| 19 | +> [!SCREENSHOTS] |
| 20 | +> *_Below are some screenshots for ping command which answers the given questions in the room_* |
| 21 | +
|
| 22 | +* Deploy the VM for this task and using the AttackBox terminal, issue the command `ping -c 10 10.10.166.101`. How many ping replies did you get back? |
| 23 | + |
| 24 | +![[Screenshot from 2024-12-24 06-59-36 1.png]] |
| 25 | + |
| 26 | + |
| 27 | + |
| 28 | +### Traceroute |
| 29 | +Traceroute is a network tool that shows the path data takes to travel from your device to a target server. It lists all the routers (hops) the data passes through and shows how long it takes to reach each one. It's useful for diagnosing network issues or delays. |
| 30 | + |
| 31 | +> [!NOTE] |
| 32 | +> *_note that the route taken by the packets might change as many routers use dynamic routing protocols that adapt to network changes._* |
| 33 | +
|
| 34 | + |
| 35 | + |
| 36 | + |
| 37 | +### Telnet |
| 38 | +Telnet (teletype Network) is a network protocol that allows users to connect to and control remote computers over the internet or a local network, using a text-based command-line interface. It is mostly used for **testing** and **troubleshooting** but is **outdated** and insecure due to a lack of **encryption**. |
| 39 | + |
| 40 | +Here is the screenshot for the answer in the room. I'm using ``nmap`` instead of ``telnet`` cuz it has some problem while using, the purpose is same :D |
| 41 | +![[Screenshot from 2024-12-24 07-38-29.png]] |
| 42 | + |
| 43 | + |
| 44 | + |
| 45 | +### ``Netcat`` |
| 46 | +Netcat (nc) is a versatile **command-line** networking tool used for reading, writing, and analyzing data across network connections. It can function as a port scanner, chat server, file transfer tool, or even a simple backdoor. It’s often called the "***Swiss Army knife***" of networking. |
| 47 | + |
| 48 | +----- |
| 49 | + |
| 50 | +| Option | Meaning | |
| 51 | +| ------ | ---------------------------------------------------------- | |
| 52 | +| -l | Listen mode | |
| 53 | +| -p | Specify the Port number | |
| 54 | +| -n | Numeric only; no resolution of hostnames via DNS | |
| 55 | +| -v | Verbose output (optional, yet useful to discover any bugs) | |
| 56 | +| -vv | Very Verbose (optional) | |
| 57 | +| -k | Keep listening after client disconnects | |
| 58 | +> [!NOTES] |
| 59 | +>* the option `-p` should appear just before the port number you want to listen on. |
| 60 | +>* the option `-n` will avoid DNS lookups and warnings. |
| 61 | +>* port numbers less than 1024 require root privileges to listen on. |
| 62 | +
|
| 63 | +IDk why ``nc`` netcat is not working.. |
| 64 | +![[Pasted image 20241224074921.png]] |
| 65 | + |
| 66 | +### Putting It All Together |
| 67 | +In this room I have learned about active recon using different tools including ``netcat``, ``telnet``, ``traceroute``, ``ping`` and recon using ``web browser``. Here are some cheats from the room. |
| 68 | +*Commands and how to use them with examples* |
| 69 | + |
| 70 | +| Command | Example | |
| 71 | +| ---------------- | ----------------------------------------- | |
| 72 | +| ping | `ping -c 10 10.10.6.12` on Linux or macOS | |
| 73 | +| ping | `ping -n 10 10.10.6.12` on MS Windows | |
| 74 | +| traceroute | `traceroute 10.10.6.12` on Linux or macOS | |
| 75 | +| tracert | `tracert 10.10.6.12` on MS Windows | |
| 76 | +| telnet | `telnet 10.10.6.12 PORT_NUMBER` | |
| 77 | +| netcat as client | `nc 10.10.6.12 PORT_NUMBER` | |
| 78 | +| netcat as server | `nc -lvnp PORT_NUMBER` | |
| 79 | +#### Developer Tools Shortcuts |
| 80 | + |
| 81 | +| Operating System | Shortcut | |
| 82 | +| ------------------- | -------------------- | |
| 83 | +| Linux or MS Windows | Ctrl + Shift + I | |
| 84 | +| macOS | Option + Command + I | |
| 85 | + |
| 86 | + |
0 commit comments