In this tutorial, we'll cover two important steps in penetration testing: reconnaissance and enumeration. Reconnaissance, also known as Information Gathering, is the first step in any penetration testing exercise, where we collect as much information as possible about the target system. Enumeration is the process of extracting more detailed data about the discovered services, like user-names, machine names, network resources and shares.
By following this tutorial, you will learn:
The prerequisites for this tutorial are basic knowledge of network protocols and Linux terminal command-line interface.
In this phase, we gather information about the target. This could include IP addresses, domain details, and mail servers. Here are some tools and techniques:
$ nmap -sn 192.168.1.0/24
This command will perform a simple ping scan in the network.
$ whois example.com
This command will provide details about the "example.com" domain.
In this phase, we extract detailed data about the discovered services.
$ nc -nv 192.168.1.2 80
This will create a TCP connection to the host 192.168.1.2 on port 80.
Let's see these tools in action.
$ nmap -sV 192.168.1.2
This command performs service version detection on the host 192.168.1.2.
$ echo -n "GET / HTTP/1.0\r\n\r\n" | nc 192.168.1.2 80
This will send a GET request to the server running on 192.168.1.2 on port 80.
In this tutorial, we learned how to perform reconnaissance and enumeration. We used tools like Nmap, Netcat, and Wireshark. We discovered hosts and services on a computer network, created TCP connections, and analyzed network traffic.
Next, you can dive deeper into penetration testing by learning about vulnerability scanning and exploitation. You can also practice what you've learned with capture-the-flag (CTF) challenges. Some additional resources include:
Remember, never perform these actions on any network or system without permission. Always practice ethical hacking.