Start With Hacking

Hacking is the act of compromising digital services and networks to gain unauthorized access of an account or device.

Phases of Hacking

1. Information Gathering
2. Scanning
3. Gaining Access
4. Maintaining Access
5. Clearing tracks

Information Gathering about the target

Information gathering also known as Reconnaissance which is set of processes and techniques to collect information about the target.

Reconnaissance

1. It can be conducted in various ways including physical surveillance, online research or by using specified tools (softwares) and techniques.
2. Popular techniques used for reconnaissance:
   1. Gather Initial Information Using Social Engineering
      • It includes psychological manipulation techniques to deceive people into providing sensitive information or performing certain actions
      • Phishing, scareware(tempting to visit spoofed or infected websites to inject/download malwares into target's system), baiting etc.
   2. Footprinting
      • This technique involves gathering info about target's infrastructure and assets.
      • Here, we gather IP addresses, WHOIS records, DNS records and other technical details
   3. Network Scanning
      • It involves determining network range(IP addresses), identifying active machine and discover open ports and access points
      • It involves sending packets to range of IP addresses and ports on a target system and analyzing the responses.
      • Various tools are availble for network scanning.
      • The goal is to create the network map of IP addresses of active systems, open ports, and services to identify vulnerabilities.
   4. OS Fingerprinting
      • It involves determining the operating system that is running on target system
      • By analysing the response of packets of different ports of target system, we may able to determine the OS
   5. Vulnerability Scanning
      • This technique involves using specialized tools to scan a target's assets for known vulnerabilities
   6. OSINT (Open-Source Intelligence)
3. Active vs Passive Reconnaissance
   • Active Reconnaissance involves actively interacting with target system and carries higher risk of detection. Phishing, scareware, Network & Vulnerability Scanning etc.
   • Passive Reconnaissance involves gathering information without active intraction and carries low risk of detection. OSINT, analyzing target traffic etc.
4. Sources:
   • https://www.scaler.com/topics/cyber-security/reconnaisance-and-information-gathering
   • https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_reconnaissance.htm

Note: Information Gathering Footprint commands:

1. whois
2. dig [-x]
3. nslookup
4. hostname
5. traceroute
6. sublist3r [-v] [-f] <domain>
7. hping3
8. nmap
9. masscan
10. VBscan