Recon and Enumeration

99% of hacking is recon and enumeration, knowing the network. As an attacker, you are looking for misconfiguration, weak services, anything that can give you and edge. As a defender, you need to know what is on your network, what is visible to the network, and if there are any weaknesses that you should go and fix. Whoever knows the network best, wins.

Do these lessons from TryHackMe.

Nmap Live Host Discovery - Learn how to use Nmap to discover live hosts using ARP scan, ICMP scan, and TCP/UDP ping scan

Vulnversity - Learn about active recon, web app attacks and privilege escalation

Assignment:

To practice your enumeration skills, you have my permission to conduct an external recon of the IPs, ports, and services related to hoppersroppers.org using the tools you just learned. Submit your findings, as boring as they might be. Don't spend too much time on this, and please don't try to hack the site, I promise there is nothing interesting and this is not a hacking challenge.

You might be thinking to yourself, well I should try scanning my school's network, or some other website... Don't do it. While it is legal, there is a very serious chance you wind up getting talked to extremely sternly or worse if you put packets on the wire and people have to go investigate what is going on. This knowledge should only be used against training machines or websites you have explicit permission to enumerate.

Hoppers Roppers 2024            Date: 2024-02-25 22:04:50

results matching ""

    No results matching ""