Before a penetration test even begins, penetration testers spend time with their clients working out the scope, rules, and goals of the test. The penetration testers may break in using any means necessary, from using information found in the dumpster, to locating web application security holes, to posing as the cable guy. After pre-engagement activities, penetration testers begin gathering information about their targets.
Objective
- Type of firewall implemented, either hardware or software or a combination of both
- IP address range associated with the target
- Purpose of the organization and why it exists
- How big is the organization? What class is its assigned IP Block?
- Does the organization freely provide information about the type of operating systems employed and network topology in use?
- Does the organization allow wireless devices to connect to wired networks?
- Type of remote access used, either SSH or VPN
- Is help sought from IT positions that give information on network services provided by the organization?
- Identify organization’s users who can disclose their personal information that can be used for social engineering and assume such possible usernames
Scenario
Footprinting and Reconnaissance Exercises
The Ethical Hacking Exercises / Footprinting and Reconnaissance Lab contains the following Exercises:
- Network Route Trace Using Path Analyzer Pro
- Mirroring Website Using HTTrack Web Site Copier Tool
- Extracting Company’s Data Using Web Data Extractor
The Virtual Private Cloud for this Lab set utilizes:
Ethical Hacking Exercises are available as part of the following subscription:
The Exercises in this lab map to the Certified Ethical Hacker V10 Course. Each subscription provides 6 months of access to 107 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise.
Lab exercises are included for:
- Footprinting and Reconnaissance
- Scanning Networks
- Enumeration
- Vulnerability Analysis
- System Hacking
- Malware Threats
- Sniffing
- Social Engineering
- Denial of Service
- Session Hijacking
- Evading IDS Firewalls and Honeypots
- Hacking Web Servers
- Hacking Web Applications
- SQL Injection
- Hacking Wireless Networks
- Hacking Mobile Platforms
- Cloud Computing
- Cryptography