Mohit Blog

Passive Reconnaissance | Try Hack Me |Jr Penetration Tester | By Mohit Damke

Passive Reconnaissance | Try Hack Me |Jr Penetration Tester | By Mohit Damke

Mohit Damke's photo
Mohit Damke
ยท

3 min read

Passive Reconnaissance

Passive Reconnaissance involves gathering information about a target without directly engaging with it. Here are the key aspects of passive reconnaissance arranged in a short list with subpoints:

  1. Information Gathering

    • Collecting data from publicly available sources.

    • Utilizing open-source intelligence (OSINT) techniques.

    • Searching for online footprints, such as social media profiles and website information.

  2. Data Analysis

    • Collating and organizing gathered information.

    • Identifying potential vulnerabilities or weak points.

    • Creating a profile of the target, including its infrastructure and personnel.

  3. Tools and Techniques

    • Employing tools like search engines, WHOIS lookup, and domain research.

    • Scanning for exposed services and ports.

    • Utilizing passive DNS and email analysis.

  4. Goal

    • Understanding the target's digital presence.

    • Assessing the target's security posture.

    • Preparing for future active reconnaissance or attacks based on the gathered intelligence.

  5. Legality and Ethical Considerations

    • Adhering to ethical hacking guidelines and laws.

    • Respecting privacy and consent while gathering information.

    • Ensuring all activities are within legal boundaries.

  6. Risk Mitigation

    • Protecting one's identity and location during reconnaissance.

    • Using anonymity tools like VPNs or proxies.

    • Minimizing the traceability of data gathering activities.

Passive reconnaissance is a critical phase in cybersecurity and ethical hacking, as it provides a foundation for informed decision-making and subsequent security measures.

Q : You visit the Facebook page of the target company, hoping to get some of their employee names. What kind of reconnaissance activity is this? (A for active, P for passive)

~ P

Q : You ping the IP address of the company webserver to check if ICMP traffic is blocked. What kind of reconnaissance activity is this? (A for active, P for passive)

~ A

Q : You happen to meet the IT administrator of the target company at a party. You try to use social engineering to get more information about their systems and network infrastructure. What kind of reconnaissance activity is this? (A for active, P for passive)

~ A

Whois

Q : When was TryHackMe.com registered?

~ 20180705

Q : What is the registrar of TryHackMe.com?

~ namecheap.com

Q : Which company is TryHackMe.com using for name servers?

~ cloudflare.com

nslookup and dig

Q : Check the TXT records of thmlabs.com. What is the flag there?

~ THM{a5b83929888ed36acb0272971e438d78}

DNSDumpster

Q : Lookup tryhackme.com on DNSDumpster. What is one interesting subdomain that you would discover in addition to www and blog?

~ remote

Shodan.io

Q : According to Shodan.io, what is the 2nd country in the world in terms of the number of publicly accessible Apache servers?

~ Germany

Q : Based on Shodan.io, what is the 3rd most common port used for Apache?

~ 8080

Q : Based on Shodan.io, what is the 3rd most common port used for nginx?

~ 888

mohitdamkehackEthical Hackinghacking tools
ย