vic3256
7/18/2016 - 4:09 PM

Kali Linux recon tutorial

Kali Linux recon tutorial

Recon Tutorial.md
content_copyfile_download
  • Rendered
  • Source

Recon tutorial

get your local ip address

ifconfig -a

verify you are connected to the internet

ping google.com

list running processes

ps manpage

ps auxww

a    display all processes, including run by other users
u    display user-oriented format
x    display all processes, including without a TTY
ww   display unlimited width output

ps      # list current user's processes, which have a TTY
ps u    # list current user's processes, which have a TTY, in human readable format
ps ua   # list all user's processes, which have a TTY, in human readable format
ps au   # flag order does not matter
ps aux  # list all users's processes, in human readable format

check your firewall settings

iptables -L

list running services

netstat manpage

netstat -tunlp

-t    TCP
-u    UDP
-n    numeric
-l    show only listening sockets
-p    show the PID and name of the program to which each socket belongs

port scan yourself

nmap usage

# TCP and UDP scan, top 1000 ports
nmap -vv -O -Pn -sTUV --top-ports 1000 127.0.0.1

-vv    Verbose
-O    Enable OS detection
-Pn    Treat all hosts as online
-sTUV
-sT    TCP Connect()    
-sU    UDP Scan
-sV    Probe open ports to determine service/version info
--top-ports    Scan the top X ports

# TCP scan, top 1000 ports
nmap -vv -O -Pn -sTV --top-ports 1000 127.0.0.1

# UDP scan, top 1000 ports
nmap -vv -O -Pn -sUV --top-ports 1000 127.0.0.1

start the postgresl service

service postgresql

verify the postgres service is running

ps aux | grep postgresql

port scan yourself, find postgresql

nmap -vv -O -Pn -sTV --top-ports 1000 127.0.0.1

how the internet works (briefly)

your computer -> router (lookup website name)
route -> DNS (convert website name to ip4 or ip6)
DNS -> router (ip addresses lookup)
router -> server (server receives request)
server -> router (respond, using the TCP sender IP)
router -> your computer (receive response)

list the DNS records for a domain

dig -t ANY wikipedia.org

CNAME   Canonical name
A       Address record, IPv4
AAAA    Address record, IPv6
MX      Email
TXT     Text record
NS      DNS Zone "Nameserver," used for sub-domain routing
SOA     DNS Zone "Start Of Authority"

lookup domain owner information

whois wikipedia.org

lookup the packet pathway

traceroute wikipedia.org

enumerate DNS sub-domains

dnsrecon
Network proxy
Burpsuite
mitmproxy
wireshark