1. Introduction

In this tutorial, we'll cover two important steps in penetration testing: reconnaissance and enumeration. Reconnaissance, also known as Information Gathering, is the first step in any penetration testing exercise, where we collect as much information as possible about the target system. Enumeration is the process of extracting more detailed data about the discovered services, like user-names, machine names, network resources and shares.

By following this tutorial, you will learn:

• How to perform reconnaissance and enumeration.
• How to use tools such as Nmap, Netcat and Wireshark.
• How to analyze the gathered information.

The prerequisites for this tutorial are basic knowledge of network protocols and Linux terminal command-line interface.

2. Step-by-Step Guide

2.1 Reconnaissance

In this phase, we gather information about the target. This could include IP addresses, domain details, and mail servers. Here are some tools and techniques:

• Nmap: Used for network discovery and security auditing. We can use it to discover hosts and services on a computer network.

$ nmap -sn 192.168.1.0/24

This command will perform a simple ping scan in the network.

• Whois: Provides information about the domain.

$ whois example.com

This command will provide details about the "example.com" domain.

2.2 Enumeration

In this phase, we extract detailed data about the discovered services.

• Netcat: A networking utility for reading from and writing to network connections.

$ nc -nv 192.168.1.2 80

This will create a TCP connection to the host 192.168.1.2 on port 80.

• Wireshark: Used for network packet analyzer. It provides the details of the traffic occurring on the network.

3. Code Examples

Let's see these tools in action.

• Nmap:

$ nmap -sV 192.168.1.2

This command performs service version detection on the host 192.168.1.2.

• Netcat:

$ echo -n "GET / HTTP/1.0\r\n\r\n" | nc 192.168.1.2 80

This will send a GET request to the server running on 192.168.1.2 on port 80.

4. Summary

In this tutorial, we learned how to perform reconnaissance and enumeration. We used tools like Nmap, Netcat, and Wireshark. We discovered hosts and services on a computer network, created TCP connections, and analyzed network traffic.

Next, you can dive deeper into penetration testing by learning about vulnerability scanning and exploitation. You can also practice what you've learned with capture-the-flag (CTF) challenges. Some additional resources include:

• Metasploit Unleashed
• OWASP Testing Guide

5. Practice Exercises

1. Perform a scan on your local network and identify all the devices connected to it.
2. Use Netcat to interact with a web server and retrieve a web page.
3. Use Wireshark to analyze the traffic on your network.

Remember, never perform these actions on any network or system without permission. Always practice ethical hacking.