Footprinting & Reconnaissance (Practical)

Check IP of the Domain = ping www.moviescope.com

Check the Packet Route = tracert microsoft.com

Check the Max Buffer Size = ping microsoft.com –f –l 1400

:: Increase the buffer length till error.

Information Collection

Use firebug add-on (Kali)

Use Netcraft add-on (both)

Use Discover (after installing recon-ng)

Use Maltego

Mirroring  FULL WEBSITE = HTTrack web site copier

Dir-” Module 02 Footprinting and Reconnaissance\Website Mirroring Tools\HTTrack Web Site Copier”  

Dir-“Module 02 Footprinting and Reconnaissance\Traceroute Tools\Path Analyzer Pro”

1. Open Path Analyzer Pro from the Start menu.

2. It will show the Path Analyzer Pro window, along with the pop-up for Registration Form. Click on Evaluate. 

3. The main window of Path Analyzer Pro will show up. 

Some options in the Standard Options and Advanced Probe Details are default. 

• Make sure to check the ICMP radio button under the Protocol field is selected.

• In Advanced Probe Details, the Smart option under the Length of packet field must also be checked.

4. Some of the options in the Advanced Tracing Details section are set to default.

Under the Advanced Tracing Details, make sure to check Stop on control messages (ICMP) option is selected.

5. For running the trace, enter the host name in the Target. For example, you have entered http://www.moviescope.com. Now, check whether the Smart option under the Port is set to default (65535). Select the duration of time from the dropdown as Timed Trace, and click on the Trace button. 

6. It will show the Type time of the trace dialog box. Enter the time trace in the given format (HH:MM:SS) and click on Accept.  

In this lab, the time set for the trace is 3 minutes.

7. When the Path Analyzer Pro runs the trace, the Trace tab will automatically switch to Stop.

1. Write service postgresql start in the terminal window and press Enter.

2. Write msfconsole and press Enter to start the Metasploit Framework.

3. Write db_status in the msf commands and press Enter. 

• In case you see the postgresql selected, no connection error, it means that the database was not started. 

• If it shows the postgresql connected to msf message, you can jump directly to Step 9.

4. Write exit and press Enter. It will exit the Metasploit.

5. Now, you need to start the database. For this, write msfdb init and press Enter.

6. Write service postgresql restart and press Enter to restart the postgresql.

7. Now, you need to restart the Metasploit Framework. For this, write msfconsole and press Enter.  It will start the tool and show the msf command line.

8. Write db_status and press Enter to confirm if the database is now connected. 

This time, you will see postgresql connected to msf. 

9. Write nmap -Pn -sS -A -oX Test 10.10.10.0/24 and press Enter. Mmap usually takes around 10 minutes to scan the subnet.

10. Once scanning is done, you will see the Nmap done message. It will also reveal the total no. of active hosts in the subnet. 

11. Now, write db_import Test and press Enter for importing the test results.

12. Write hosts and press Enter. It will show the hosts along with their respective details gathered by nmap.

It will not yet show you the os_flavor details. To see these details, follow the next steps.

13. Write db_nmap -sS -A -sV 10.10.10.16. Press Enter.

14. Nmap will now perform the scanning of Windows Server 2016. It will show the information about the services running on the machine. It is the easiest way to know about the services running on a particular machine.

15. Write services and press Enter. It will show the service details about the active machines in the subnet. 

16. For loading the SMB scanner module, write use scanner/smb/smb_version and press Enter. Next, write show options and press Enter. It will show the configuration options about the module. 

17. Write set RHOSTS 10.10.10.8-16 and press Enter. Now, write set THREADS 100 and press Enter. Then, write run and press Enter. It will launch the module. 

18. Write hosts and press Enter to check the os_flavor details.