You recon word during this section we’ll be covering what exactly is recon DNS recon work extracting email accounts recon ng and then stealth in mapping what exactly is recon well recon or reconnaissance is in fact at work are discovering any and all possible exploits and vulnerabilities inside of your target we utilize reconnaissance in order to find out information.
About our target that can include a series of open ports some server configurations database structures and even a framework setup.
Of the website by understanding what your target is doing and how they’re set up then you can plan the ultimate attack on your.
Target that will allow you to exploit their website or their server in order to gain access or extract data now the first thing you want to do is scope out your target completely get to know who the owners are who is involved in the IT department and who it is on the website and server system so you got hired by.
XYZ company now let’s say company XYZ has four IT people one guy builds a web site and web applications another guy is running the server and security of the server another guy is running the office Network and then the fourth guy is just the general basic IT guy that does a in building computer work repairs a very simple basic team for a very simple basic company.
With all that IT going around it is very possible they have forgot or did not include a security patch or a module so it’s up to you to find it so the first thing you want to do let’s figure out what framework they’re.
Using for example if your target is using an HTML.
You might could possibly get away with a cross-site scripting if they’re using PHP Ruby on Rails or even a WordPress nine times out of ten those will be connected to a SQL database so you have cross-site scripting plus SQL injection methods or even brute force attacking depend on if they have a admin login.
Or not so then once you have understand of what they have been building on and with then you can determine which methods best to order to extract the information or gain access to the.
That is all up to you and the scope of work that you are paid to do so like I was mentioned with WordPress PHP Ruby on Rails typically they have a database structure set up somewhere somehow someway your job is to do an SQL injection attack and get access to it now with those sites in the HTML you just see there’s.
Any cross-site scripting attacks expose any vulnerabilities or weaknesses on.
The server or the web application itself now we’re gonna be doing this the right way so let’s look at a very specific target and nor see what.
We’re up against we’re going to be taking hex news org now this is an online bloggers website and we want to see what type of platform that they’re using.
And are they using html5 WordPress Ruby on Rails PHP etc let’s abrupted Internet Explorer hex news.org all right so we’ve already established by looking at the code developer tools that might come in handy so use the developer tools as so looking at the code itself let’s.
See we can’t grow this there goes now we can see that.