Passive Reconnaissance
Collecting information without engaging with the target system directly.
introduction.
Passive reconnaissance is the process of gathering information about a target without directly interacting with its system. This type of reconnaissance is carried out discreetly to avoid detection and frequently involves gathering information from publicly available sources. The primary goal of passive reconnaissance is to gather as much information as possible without alerting the target to the activity. This information can then be used to plan the next steps in an attack or to assess the target's security posture.
Task 2. Passive Versus Active Recon.
This room expects the user to have a working knowledge of computer networks.
Task 3. Whois.
upon spewing the machine and typing the whois tryhackme.com the following should appear where answeres will be gotten.
ANSWERS:
task 4. nslookup & dig
This tool is used to query the name servers and dig for additional information about them.
answers: THM{a5b83929888ed36acb0272971e438d78}
Task 5. DNSDumpster
Is a querying method that looksups subdomains in a more easier and lesstime consuming effort and time
Answers: remote/help
task 6. Shodan.io
When you are tasked to run a penetration test against specific targets, as part of the passive reconnaissance phase, a service like Shodan.io can be helpful to learn various pieces of information about the client’s network, without actively connecting to it
Answers:
Germany
8080
5001
task 7 . summary
this room, we focused on passive reconnaissance. In particular, we covered command-line tools, whois
, nslookup
, and dig
. We also discussed two publicly available services DNSDumpster and Shodan.io. The power of such tools is that you can collect information about your targets without directly connecting to them. Moreover, the trove of information you may find using such tools can be massive once you master the search options and get used to reading the results.
Purpose | Commandline Example |
Lookup WHOIS record | whois tryhackme.com |
Lookup DNS A records | nslookup -type=A tryhackme.com |
Lookup DNS MX records at DNS server | nslookup -type=MX tryhackme.com 1.1.1.1 |
Lookup DNS TXT records | nslookup -type=TXT tryhackme.com |
Lookup DNS A records | dig tryhackme.com A |
Lookup DNS MX records at DNS server | dig @1.1.1.1 tryhackme.com MX |
Lookup DNS TXT records | dig tryhackme.com TXT |