So you want to start a hack, but don’t know how? Here is where you’ll learn the basics on how to get your hack started.
when it comes to hacking, there are several phases in which you would likely take.
- Gaining Access
- Maintaining Access
- Clearing Tracks
In this post, I’ll be diving into the first phase, Recon.
Recon – What is it?
Recon or reconnaissance is the process of gathering information about a target, that simple! however there’s several methods on which you can gain the information. These methods will fall into one of two types, Active and Passive.
Active Recon is probing the target directly, any ways in which the target will know you have communicated with them in some way.
Through this methods you can conduct port scans against their external network, scrap information from their website or simply contacting the target.
The good side to Active Recon is you get more relevant information, knowing what ports are open, what services they run or what their system is, maybe even get some personal data by talking to the target, however there is a downside. Because you’re interacting directly, you’ll be noisy. There firewalls and intrusion detection system will have a higher chance of alerting the network administrator of a potential attack. Which if you’re trying to be quiet, this isn’t the way to go!
Passive Recon is very much the opposite. Silence is key, mainly because you don’t interact with the target.
You gather information through other means, such as websites like who.is to gather the information about their website, use linkedin.com to see if there’s staff members talking too much about work or pipl.com to get more information off social media.
War-driving is another technique, not as commonly used today, but WiFi sniffers tend do go undetected, allowing you to simply walk by the targets location to see if there’s a weak encrypted access point.
Dumpster diving is another method, many would be surprised to find out what information a company could throw away without use of secure disposal methods. Sometimes documentation or even old hardware such as HDDs which haven’t been wiped can be found.
Not saying you’ll have much luck but you never know.
The method of recon needed for a target will never be absolute, as each target is different and many variables come into play. But whatever method is chosen, it’s always best to plan ahead, understand the goal and what’s needed to achieve it.
Is it needed?
Short answer: No, not really
During a penetration test assessment, depending on what the best was is to approach, most of the time will be spent on recon, why?
It’s best to learn about the target as best as you can otherwise you’ll end up wasting hours of your time!
You could be spending a day trying to hack into what you think is a windows environment when it turns out everyone is using Linux!
Maybe you find out that the targets network is too hard to hack into on your own, but bribing an employee to use a malicious flash drive on one of their computers might be easier!
It’s important to know your target in order to ensure a successful assessment, otherwise you’re hoping for the best and may result in wasting your time as well as your clients.
And you know what they say about time…