### HackOdense #3 - recon!  :::info - **Who:** HackOdense and friends - **Location:** Room X0.03 - **Date:** June 6th 2019, 17.00 ::: --- ### Agenda 1. Hello and welcome - [name=moozer], [name=Jeppe], [name=silverbaq] 3. Introducing network recon :watch: `17:15` - [name=moozer] 5. Hands-on - guided stuff :watch: `17:45` -[name=moozer] 5. Pizza :watch: `18:30` 7. Hands-on - free form w. suggestions :watch: `19:00` - [name=moozer] 8. The end --- ### Welcome | Silverbaq | Jeppe | Moozer | | -------- | -------- | -------- | | @silverbaq | @ern_st | @moozer | | |  |  | and the rest of the crew --- ### Introducing recon Recon is many things... Network recon today --- ### What is a network?  * Geek basics: routers, switches, ip adresses, ports and services * For users: URL => Webservers, DNS servers, Mail and so on --- ### indispensibles!!!  or `tshark`or `tcpdump` (but we are not using it today) --- ### Status 1. find subdomains and their IPs 2. find services --- ### Simple domain lookup | Simple | MX | | -------- | -------- | |  |  | `apt-get install dnsutils`, dnsenum is cool too DNS is complex with lots of details --- ### Alternatives to `dig *.eal.dk` :smile:  Look into `sublist3r`, `dnsrecon` --- ### and their ips/CNAMES :+1:  `dig -f eal.dk.subdomains +short` (check the man page) --- ### BTW, Who owns it? | domain | IP | | -------- | -------- | | | | `dig eal.dk` gave me the IP notice: RIPE vs. dkhostmaster --- ### How to get there? use `traceroute` --- ### Status 1. find subdomains and their IPs :white_check_mark: 3. find services (NB: :sound:) --- ### web is easy 1. `nmap -iL eal.dk.subdomains --top-ports 5 -oX /root/eal_dk_ports.xml` 1. `eyewitness -x /root/eal_dk_ports.xml anything interesting? --- ### nmap  know your nmap https://www.shellhacks.com/20-nmap-examples/ --- ### web server and openssl versions?  any known vulnerabilities on [apache](https://www.cvedetails.com/vulnerability-list/vendor_id-45/Apache.html) [openssl?](https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/Openssl-Openssl.html) --- ### shodanhq [](https://www.shodan.io/search?query=net%3A185.19.132.0%2F22) `net:185.19.132.0/22` from `whois eal.dk` --- bonus if we have time --- ### ssl certificates e.g. `sslscan mail.eal.dk`, `sslscan selvbetjening.eal.dk` --- ### Pizza!  --- ### your turn 1. select a domain 2. find subdomains anything odd? 4. find services anything odd? 6. finde versions anything odd? --- ### Links * DNS and subdomains: https://geekflare.com/find-subdomains/ * fun with RIPE and whois: https://apps.db.ripe.net/db-web-ui/#/query?bflag=true&dflag=false&rflag=true&searchtext=DK-SDE-IPV4&source=GRS#resultsSection * ssl online tests: https://geekflare.com/ssl-test-certificate/ --- ### The End * Andre events, tak til, mm [name=moozer] [name=Jeppe] --- # Evaluation! <span style="background: black; font-size: 40px !important;"> Please use 5 minutes to tell us what you liked and/or didn't today :) </br> bit.ly/ho-eval-3 </span> ---  ---  We want volunteers for the NOC team --- # Next thursday!  **13/6 17:00 @ PROSA Odense** Alexander Færøy - tor project core developer will be talking about the tor project The grill will be 🔥 and 🌭 will be served We'll bust out some board games if people want to stick around 🎲 **sign up at prosa.dk**