HackingTheUniverse

You are browsing the archives of Recon.

Core Impact is a professional penetration testing framework tool that can operate in both automated and manual modes. It is very expensive, but sets the standard to measure other tools against. It comes with a constantly updated and state of the art collection of exploit code.
Core can either perform its own reconnaissance or can import [...]

Kismet is a powerful wireless sniffer that offers excellent passive reconnaissance of wireless networks. It requires a wireless card that supports rfmon (monitor) mode and runs on linux. It is available as a standalone application and is also found on the Backtrack CD compilation.
Kismet - [kismetwireless.net]
What is Kismet?
Kismet is an 802.11 layer2 wireless network detector, [...]

Backtrack is live CD (bootable) that is a compilation of network security tools. Based on SLAX, Backtrack 3 currently has over 300 tools.
Backtrack is available from remote-exploit.org
Every package, kernel configuration and script is optimized to be used by security penetration testers. Patches and automation have been added, applied or developed to provide a neat and [...]

First released by Fyodor in a 1997 issue of Phrack magazine, nmap has become the de-facto standard for network scanning and port scanning tools. Nmap is free and open-source and is now available in versions for most major OS platforms and includes features for OS identification, service version detection, a scripting engine, multi-probe scanning, [...]

In order to launch a pivot attack against another system, the attacker needs standard recon information. This includes the IP address, ports that are open and services responding on the ports, the type and version of OS being used and maybe vulnerabilities that can be detected. This information can be collected in some [...]

Performing reconnaissance by sniffing packets requires access to the network data stream. In most cases, that implies some form of attacker presence already inside the network perimeter. Given that it is possible to sniff packets, a variety of interesting analysis techniques become possible.

Passive target location - packet analysis tools easily collect IP addresses [...]

Network scanning usually begins with discovering ranges of IP addresses and then specific systems within those ranges. Once the live systems have been located, they are scanned for responding ports and an attempt is made to identify the services running on the ports and the versions of the services. Once this map is [...]

Going beyond simply reading a web page and extracting helpful information from it, google can be used to find much more information that can aid an attacker.

Searching for target information - the attacker often begins by doing simple searches and building some kind of knowledge record or map of what they have learned. This [...]

General reconnaissance includes all the conventional means of collecting information that are not included in the other recon techniques:

Public record research - most of this type of research used to be done in a library but now can be done online. Any company that is publicly traded on a stock exchange is required to [...]