☎️
Contrxl
  • 🏡Home
  • ❓Anonymity Tools
  • ⌨️Cisco
    • Networking Basics
      • Communication in a Connected World
      • Network Components, Types and Connections
      • Wireless and Mobile Networks
      • Home Networking Technologies
      • Communication Protocols
      • Network Media
      • The Access Layer
      • The Internet Protocol
      • IPv4 and Network Segmentation
  • 💾Intune
    • ADMX Configuration
    • App Deployment
    • App Updating/Patching
    • File Deployment
    • Remediations
  • 🎓Learning Links
  • 💻Microsoft
    • 📘Microsoft Portal Links
    • Configure SIEM Security Operations using Microsoft Sentinel
      • Create and Manage Microsoft Sentinel Workspaces
        • Introduction
        • Plan for the Microsoft Sentinel Workspace
        • Create a Microsoft Sentinel Workspace
        • Manage Workspaces Across Tenants Using Azure Lighthouse
        • Understand Microsoft Sentinel Permissions and Roles
        • Manage Microsoft Sentinel Settings
        • Configure Logs
  • 📰News & Information
  • 💡OSINT
    • IP & Domain OSINT
    • Email & Username OSINT
    • Vulnerability OSINT
  • 📚Projects
    • ‼️A Simulation Study of DDoS
  • ⚒️Tools
    • Burp Suite
      • Repeater
      • Intruder
      • Other Modules
    • GoPhish
    • Hydra
    • John the Ripper
    • Metasploit
      • Exploitation
      • Meterpreter
    • NMAP
    • Wireshark
  • 🖥️TryHackMe
    • Learning Paths
      • Complete Beginner
        • 1. Complete Beginner Intro
        • 2. Linux Fundamentals
        • 3. Introductory Networking
        • 3.1 Network Exploitation Basics
        • 4. OWASP Top 10 Exploits
        • 5. Upload Vulnerabilities
        • 5.1 An Example Methodology
        • 6. Cryptography - Hashing
        • 7. Cryptography - Encryption
        • 8. Active Directory Basics
        • 9. What the Shell?
        • 10. Linux Privesc
        • 11. More Linux Privesc
      • Jr Penetration Tester
        • Walking an Application
        • Content Discovery
        • Subdomain Enumeration
        • Authentication Bypass
        • IDOR
        • File Inclusion
        • SSRF
        • XSS (Cross-site Scripting)
        • Command Injection
        • SQL Injection
        • Passive Reconnaissance
        • Active Reconnaissance
        • Protocols and Servers
        • Protocol and Server Attacks
        • Vulnerabilities
        • Exploiting Vulnerabilities
        • Linux Privilege Escalation
        • Windows Privilege Escalation
      • CompTIA Pentest+
        • Planning and Scoping
          • Pentesting Fundamentals
          • Red Team Engagements
          • Governance and Regulation
        • Tools and Code Analysis
          • Metasploit: Introduction
          • Wireshark: The Basics
          • Burp Suite: The Basics
          • Hydra
          • Python Basics
        • Attacks and Exploits
          • Phishing
          • Windows Local Persistence
          • Breaching Active Directory
          • Lateral Movement & Pivoting
Powered by GitBook
On this page
  1. TryHackMe
  2. Learning Paths
  3. Jr Penetration Tester

Active Reconnaissance

Twelfth section in Jr Penetration Tester learning path.

Web Browser

The web browser can be used in several ways for information gathering. Web browsers connect to:

  • TCP port 80 by default when a site is accessed over HTTP

  • TCP port 443 by default when a site is accessed over HTTPS

It is also possible to connect to a site over a custom port, for example https://127.0.0.1:9999 will connect to localhost on port 9999, if there is a listening HTTPS server there then we will receive a webpage.

Ping

Ping sends a packet to a remote system, and if you receive a reply, you can conclude that the system is online and the network is working. The syntax for this is very simple: ping IP_ADDR/HOSTNAME. You can also define a certain number of packets to send using -c PACKETS or -n PACKETS on Windows.

Traceroute

Traces the route taken by the packets from your system to a host. This is used to find the IP addresses of the routers or hops that a packet traverses as it goes from your system to a host. The syntax for this is: traceroute IP_ADDR on Linux and tracert IP_ADDR on Windows.

TELNET (Teletype Network)

Developed in 1969 to communicate with a remote system via CLI, hence the command telnet uses the TELNET protocol. TELNET is not secure but can be used to connect to any service and grab its banner, for example, you could connect to a server listening on port 80 with telnet IP_ADDR 80 and then issue GET / HTTP/1.1. You can specify something other than the default with GET /page.html HTTP/1.1.

NETCAT

Netcat supports TCP and UDP protocols. It can function as a client that connects to a listening port or it can act as a server that listens on a port of your choice. You can connect to a server like with telnet using nc IP_ADDR PORT. You can also use it to listen on a port by using nc -nvlp PORT.

Option
Meaning

-l

Listen mode.

-p

Port Number.

-n

Numeric only; no hostname resolution.

-v

Verbose.

-vv

Very Verbose

-k

Keep listening after disconnect.

Port numbers less than 1024 require root privileges to run.

Last updated 11 months ago

🖥️
  • Web Browser
  • Ping
  • Traceroute
  • TELNET (Teletype Network)
  • NETCAT