LOTS OF LOVE...π
π¨Happy Raksha-Bandhan to all Brothers and Sisters this day...π
/cdn.vox-cdn.com/uploads/chorus_image/image/66284265/acastro_170621_1777_0006_v4.0.jpg)
πBefore attacking a system, we need to gather/collect some basic target
information. Therefore, information gathering is the first basic step in
ethical hacking.(We are discussing more about information gathering in the next post about "Information Gathering")
Let's initiate with the first phase,
RECONNAISSANCE
Reconnaissance is the first step of ethical hacking which is a set of processes and techniques such as Footprinting, Scanning, and Enumeration, which are used in gathering and collecting information about the target computers or network systems. This is the most important step for a hacker which leads to actual hacking.
πBasically, there are two types of reconnaissance:
1. Active Reconnaissance
2. Passive Reconnaissance
⏩ Active Reconnaissance
‣In this process, a hacker is always in contact with the target hence there is always a risk of getting detected.
⏩ Passive Reconnaissance
‣Passive reconnaissance has no contact with the target network. So it has lesser chances of detection.
"DNS Reconnaissance"
‣DNS(Domain Name System) reconnaissance is the process by which a hacker can gather, collect, or access as much information as he can regarding the DNS servers and records about the target. DNS translates domain names to IP addresses so browsers can load Internet resources. So this process must include Internet Protocol(IP) - IPv4(Internet Protocol version 4) and IPv6(Internet Protocol version 6).
1.IPv4:
‣IPv4 is the fourth version of the internet protocol. It is one of the core protocols of standards-based internetworking methods on the internet. It is 32 bits long.
2.IPv6:
‣IPv6 is the most recent version of internet protocol that provides an identification and location system for computer networks. IPv6 was created to dominate over the IPv4 address exhaustion.
π¨Now, let us move to the next step,
"PORT SCANNING"
‣Port scanning or scanning is the act of systematically scanning a computer's ports. It has legitimate uses in managing networks but can be malicious in nature.
‣The port scanning can be achieved by using a free, open-source hacking tool name Nmap, which we have discussed earlier in the post "hacking tools" right here π.
‣It can be used to send requests to
connect to the targeted computers, and then keep track of the ports which
appear to be opened or those that respond to the request.
‣When a criminal targets a house for burglary,
typically the first thing he or she checks is if there is an open window or
door through which access to the home can be gained. A port scan is similar,
only the windows and doors are the ports of the individual's personal computer.
While a hacker may not decide to "break-in" at that moment, he or she
will have determined if easy access is available. Many people feel this
activity should be illegal, which it is not usually.
‣Hackers typically utilize port scanning
because it is an easy way in which they can quickly discover services they can
break into. Hackers can also open ports to access the targeted computer.
After this, we will go through more information collecting methods like Footprinting, Fingerprinting, DNS enumeration, collecting usernames and email addresses, port sweeping, etc. which we are gonna discuss in the next post...
SEE YOU IN THE NEXT POST GUYS...ππ!
Comments
Post a Comment