In this walk through, we will be going through the Red Team Recon room from Tryhackme. This room will teach us how to use DNS, advanced searching, Recon-ng, and Maltego to collect information about your target. On that note, let’s get started.
Table of Contents
Task 1 – Introduction
Task 2 – Taxonomy of Reconnaissance
Task 3 – Built-in Tools
Question 1 – When was
thmredteam.com created (registered)? (YYYY-MM-DD)
Question 2 – To how many IPv4 addresses does
Question 3 – To how many IPv6 addresses does
Task 4 – Advanced Searching
Question 1 – How would you search using Google for
xls indexed for http://clinic.thmredteam.com?
Question 2 – How would you search using Google for files with the word
passwords for http://clinic.thmredteam.com?
Task 5 – Specialized Search Engines
Question 1 – What is the
shodan command to get your Internet-facing IP address?
Task 6 – Recon-ng
Question 1 – How do you start
recon-ng with the workspace
recon-ng -w clinicredteam
Question 2 – How many modules with the name
Question 3 – There is a single module under
hosts-domains. What is its name?
Question 4 –
censys_email_address is a module that “retrieves email addresses from the TLS certificates for a company.” Who is the author?
Task 7 – Maltego
Question 1 – What is the name of the transform that queries NIST’s National Vulnerability Database?
Question 2 – What is the name of the project that offers a transform based on ATT&CK?
Task 8 – Summary
Also Read: Tryhackme – Red Team Engagements
So that was “Red Team Recon” for you. In this room, we have learned how to use DNS, advanced searching, Recon-ng, and Maltego to collect information about your target. We have covered the taxonomy of reconnaissance, some built in tools like whois, nslookup and traceroute. Further, we got into some Google Dorking and Shodan Searching. At last, we peeked into some of the famous Red Team Recon framework like Recon-ng and Maltego. On that note, i will take your leave and meet you in next one. So stay tuned and till then, “Hack the planet”.