Skip to content

Instantly share code, notes, and snippets.

@apolloclark

apolloclark/Recon Tutorial.md

Last active March 18, 2024 02:42
Show Gist options
  • Save apolloclark/75c3f8d15097d7c0061d894873b9bab0 to your computer and use it in GitHub Desktop.
Save apolloclark/75c3f8d15097d7c0061d894873b9bab0 to your computer and use it in GitHub Desktop.
Download ZIP
Kali Linux recon tutorial
Raw
Recon Tutorial.md

Recon tutorial

get your local ip address

ifconfig -a

verify you are connected to the internet

ping google.com

list running processes

ps manpage

ps auxww

a    display all processes, including run by other users
u    display user-oriented format
x    display all processes, including without a TTY
ww   display unlimited width output

ps      # list current user's processes, which have a TTY
ps u    # list current user's processes, which have a TTY, in human readable format
ps ua   # list all user's processes, which have a TTY, in human readable format
ps au   # flag order does not matter
ps aux  # list all users's processes, in human readable format

check your firewall settings

iptables -L

list running services

netstat manpage

netstat -tunlp

-t    TCP
-u    UDP
-n    numeric
-l    show only listening sockets
-p    show the PID and name of the program to which each socket belongs

port scan yourself

nmap usage

# TCP and UDP scan, top 1000 ports
nmap -vv -O -Pn -sTUV --top-ports 1000 127.0.0.1

-vv    Verbose
-O    Enable OS detection
-Pn    Treat all hosts as online
-sTUV
-sT    TCP Connect()	
-sU    UDP Scan
-sV    Probe open ports to determine service/version info
--top-ports    Scan the top X ports

# TCP scan, top 1000 ports
nmap -vv -O -Pn -sTV --top-ports 1000 127.0.0.1

# UDP scan, top 1000 ports
nmap -vv -O -Pn -sUV --top-ports 1000 127.0.0.1

start the postgresl service

service postgresql

verify the postgres service is running

ps aux | grep postgresql

port scan yourself, find postgresql

nmap -vv -O -Pn -sTV --top-ports 1000 127.0.0.1

how the internet works (briefly)

your computer -> router (lookup website name)
route -> DNS (convert website name to ip4 or ip6)
DNS -> router (ip addresses lookup)
router -> server (server receives request)
server -> router (respond, using the TCP sender IP)
router -> your computer (receive response)

list the DNS records for a domain

dig -t ANY wikipedia.org

CNAME   Canonical name
A       Address record, IPv4
AAAA    Address record, IPv6
MX      Email
TXT     Text record
NS      DNS Zone "Nameserver," used for sub-domain routing
SOA     DNS Zone "Start Of Authority"

lookup domain owner information

whois wikipedia.org

lookup the packet pathway

traceroute wikipedia.org

enumerate DNS sub-domains

dnsrecon
Network proxy
Burpsuite
mitmproxy
wireshark
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment