TryHackMe | Passive Reconnaissance | Walkthrough

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys welcome to my YouTube channel today we're going to do another episode of try hack me so the last one we're still on the comp ti8 pen test uh plus learning path let's see as you can see right here we just finished two tools and code analysis so the last one p for pentester so we're starting information gathering and vulner scanning explore passive and active reconnaissance and discover how to use nmap to collect information about your targets efficiently so we're going to do passive reconnaissance and I load did my attack box or you can do your own attack uh Linux machine whichever you prefer so let's get right into it uh passive reconnaissance learn about the essential tools for Passive reconnaissance such as who is and let look up and dig so as you can see this is a free room so essentially it's probably much easier and as always guys I strongly recommend read through each task to get full understanding this these videos are just to show you how the answers these questions and to move right along so so task one is Introduction and answer questions below this room does not use a Target virtual machine VM to demonstrate the discussed topics instead We Will Curry public who is servers and DNS servers for domains owned by try hackme start that attack box and make sure is ready you will use the attack box to answer the questions in later task especially task three and four so complete okay you can just read through all this just talks about introduction to who is and it's look up and dig okay task two passive versus active Recon so it talks about passive reconnaissance and active reconnaissance so answer the questions below you visit the Facebook page of the target company hoping to get some of their employee names what kind of a conance activity is this a for active P for Passive so looks like talks about the website Facebook page and pass it looks like says checking job ads or reading news articles on the target company so I'm going put P next question you pinned the IP address of the company web server to check if icmp traffic is blocked what kind of reconnaissance activity is this a for active and P for Passive so you read examples of active reconnaissant is entering company premises or connecting the company servers such as HTTP FTP and SMTP so I'm going to go active all right all right last question you happen to meet the it administrator of the target company at a party you try to use social engineering to get more information about their systems and network infrastructure what kind of reconnaissance activity is this a for active P for Passive I am going assume is active because it's not discreetly so entering company premises pretending calling the company attempt to get information so it sounds like social engineering so he okay let's go task three talks about who is it's a request and response protocol so let's go answer questions below when was trat me.com registered and hint use the format year month and date all right so close this out look at this H happy holidays so we're going to type who is track.com look at this all these information okay so when was TR hat me.com register let's see register creation date looks like 2018 July 5th let's try out 2018 July yeah next question what is the register of trycom hint give its domain name domain name there's try me.com I don't think this is right but I'm still GNA try any see let's see domain domain see dominium track me.com I'm going to say the register is namecheap.com yeah all right last question which company is trat me.com using for name servers okay which company as you scroll down I believe is cloud fear do okay cloudflare.com all right task four NS lookup and [Music] dig let's go so task three is who is protocol task four is NS lookup and dck protocol so NS lookup stands for name server lookup and obviously dig is for dig information right so you can read through all this and answer the questions below check the text records of TM THM labs.com what is the flag there and BFF says use that tag Box open the terminal and use the NS Lo up or dat command to get information you need to answer the following questions okay let's get let's scr back up as you can see it talks about Curry type so gives example here so what I'm going to do this NS lookup Dash type equal TX text and it says THM labs.com let's see three we go guys next look up and I believe is that's the answer yeah that was simple guys so just follow the examples along and um shoot be pretty easy all right let's go to task five DNS dumpster so let's see looks like DMS dumpster is another tool to look for information so talk about DNS query let's rightclick and open close out so this is DNS dumpster.com so it gives you example probably can't really see it but yeah and it says use the web browser on the tag box or your system to answer the following question answer question questions below look up try hat me.com on DNS dumpster what is what is one interesting subdomain that you would discover in addition to www and blog so let's try hack me and talks about mapping okay so it says besides blog and www there's remote let's try note that's correct guys all right let's close this off that was easy you could fill around with Ds DNS dumpster looks pretty simple then there's TX six shin. again another tool service you can right click on show in there's search engine right here and it says showen doio tries to connect every device reachable online to build a search engine of connect things in contrast with search engine for web pages okay so another tool for Access for more information let's see it says would be best to visit shodan.io to answer the following questions however note that you can find the answers on show the io while needing a premium account so you don't need a premium account cool answer your questions below according to shodan.io what is the second country in the world in terms of the number of public publicly accessible Apache servers okay so talk about Apache let's type okay Apache servers and it says second country joury okay next question based on shodan.io what is the third most common Port used for Apache top ports right thir 8080 based on show and dial what is the dirt most common Port use for NG G NX n let's uh search this up okay thir Port 51 all right guys now last one task seven summary just talks about the overview again of who is and his lookup date also two public available Services DNS dumpster and Showdown IO and gives you the purpose and Comm command line example and answer your questions below make sure you know all the points discover discussed in this room especially all the Syntax for the command line tools and complete there you go guys you can share on Twitter Facebook on LinkedIn as I already did on LinkedIn if you like this video guys please give a thumbs up hit the Subscribe button hit notification button comment on the videos below to make my videos improve my videos and let's terminate this go back to learn just want to show you something lastly guys I always Tau on in my videos all right there we go sorry and it's loading kind of slow but I am going to for next video reset active reconnaissance and just want to show you again I'm transitioning to the it field I'm not in the industry yet but I'm current with comp TI A+ cyss A+ Network plus pentest plus and Security Plus I am studying for cloud Essentials just to get our easy sht under my belt as you can see the I have just for the front of it and it's something I like to do like to learn and I'm doing this on my on my own time and I like doing it so anyways guys thanks for watching till the next video

Info

Channel: PLei

Views: 230

Rating: undefined out of 5

Keywords: Pentest, Reconnaissance, TryHackMe

Id: 6NgG6KdNPoQ

Channel Id: undefined

Length: 14min 21sec (861 seconds)

Published: Tue Dec 05 2023