Recon-ng Lab Part 1
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
2 hours 37 minutes
Hey, everyone, welcome back to the course. So in the last video, we covered a tool called the Harvester again. We took a very high level overview of that tool
in this video. Wanted to cover a tool called Re Kon en G. Now we'll go ahead and run some scans with this tool. But again, it's another high level overview. We're not gonna deep dive into any of these tools,
so let's go ahead and get started. So you will need a Kelly machine for this lab and I have a correct recommend. You run it in a virtual machine. Now re kon Angie actually comes with the latest version of Callie, so it's pre installed, as are many of the tools that we use. So just keep that in mind if you got an older version of Cali just going upgrade and up updated,
I'll see you can actually use this tool.
So go ahead. Logging your Callie machine once you do. So just click on applications at the top left, go to information gathering and then go down the list here to re Kon en G is go ahead and click on that is gonna launch a terminal window for us,
and it'll take us to our command. Prompt. Right there.
All right, so what we're to do first, we're gonna type show demands to see if we have any domains already at it. So course you're number one will be for you. Do you see any domains listed?
So what is gonna type show domains?
So on your end, you shouldn't see any domains in there if you haven't used his tool before On my end. When I do this, I'm gonna see domain in there. So show domains and you'll see I've already got Microsoft dot com added, But for you, you probably won't see anything there, and that's fine.
What's the next part of our lab I will be able to do on my end because it doesn't make sense, but I'll go ahead and type it in Anyways. I'll probably get an air message, but we're gonna add domain. So at the prompt, we're gonna type in ad domains, and then we'll type in Microsoft dot com as the domain we want to add. As I mentioned, I've already gotten it added here, so we'll see what kind of air we get back
but on your end of things, it should just go ahead and add the demand for you.
So we'll say at domains, and then it's gonna prompt us and say, Okay, well, what domain do you want? We're just gonna say Microsoft dot com.
All right, so good deal. No air spit back. But again, I've already gotten that added.
So now, once we've done that,
what we're gonna do before we move on to step, uh,
eight of our lab,
we're going to quickly Just make sure that you can see the domain on your side now, so we're gonna type show domains again.
And what you should see is that you have Microsoft dot com now on you're into fix, pause the video, go back through the steps of adding a domain and then typing in Microsoft dot com. And then once you've done that, do show domains again and see if it's showing up for you there.
All right, so let's go back to our lab doctor, you know?
So we're here it step eight, not what we're gonna do is try to locate our domain contacts using who is. So we're looking for those points of contact.
So let's go ahead at the prompt and type in use who is underscore P O C s. So let's go in tight that now. So use space
underscore P O C s.
So again, use who is underscore P. O. C s.
So once we do that, we're just gonna press enter.
And now what we're gonna do is
type in their show info. So we're just gonna type in show and then space info
press enter on the keyboard. Now, if we want to make any changes to this information, we could certainly do so.
But we're not gonna do any of that stuff in this lab.
So the next thing we're gonna do is just type the word run here and step 11 that's gonna show us a list of context. Now it's gonna run, and it could virtually run forever. But we're gonna let it run for, you know, 10 or 20 seconds or so and that we're going to utilize control, see, to stop it from running.
So again we're gonna type and run, press enter, and then we'll let it run for a while. So run, kid, enter and it might take a bummer. Silver. You'll see. It starts pulling of context in the background there.
So, as I mentioned, you don't have to let it run too long. We don't need an extreme amount of contacts or anything that generally like 10 to 20 seconds. If you want to let it run, run longer, you're welcome to We'll go ahead and go and stop it now, So to stop it just do controls. Hold on controlling your keyboard and press the letter C So, control, see?
And you'll see it'll stop it now it shows us that has found 100 19 total of 14 new contacts. So, you know, again, we only let it run for, you know, about 10 seconds, Sarah. So I didn't get too much information. But that's plenty for our purposes.
So let's go back to our lab document. No.
So now we're at step 14.
So what we're gonna do is we're to type in show contacts, so it's gonna show us a database of the contacts that we've pulled.
Let's go and do that now. So just type show space contacts
and press enter
and you'll see here that it puts those on database for us shows us the individual's name
where they're located. An email address. So contact email address for them, etcetera, etcetera.
All right, so the next thing we're gonna do is just kind of keep things a little clean. So we're gonna type in, clear, and then we'll type in back so that all the back command will take us out of the who is search and clear. Just clears the screen for. So let's start off with clear and then press enter.
You'll see it clears everything for us, and then back, we'll take us back to our original command. Prompt.
All right, so now, at the proper we're gonna do is type in being underscored. Domain underscore Web.
All right, we're gonna do a bing search here for the domain. So
being underscored domain underscore web,
and then just press enter any keyboard.
Yeah, well, make sure I take that correctly.
Oh, I forgot to put you so,
uh, type use being underscored. Domain underscore wit.
That'll work a lot better for us.
All right, so underscore web. And now we'll go ahead and run that.
And now it just gives us our prompt here. So let's go back to our lab document.
So what we're gonna do now is just show info again. We want to see what our options are, and then we're just gonna go ahead and run again.
All right, so we're gonna type in show space info, press enter again. If we want to change anything, these items up, we could certainly do. So we're not worried about all that. We're just gonna say run,
then go ahead and run it.
Now it's gonna take some time. One thing They're gonna notice that every so often it says sleeping tow, Avoid lockout.
So you'll see in the lab document, I mentioned what that means and basically just means that it's pausing to help you avoid detection, of course, is not 100% but it's just pausing there to avoid detection.
Now, one thing to note that the skin may actually take a few minutes to run.
You can always control see out of it if you want to. Will kind of see how long it takes on this side. Uh, during testing before it was pretty quick, but we'll see if it takes forever or not. Will this let it kind of run down.
So what we're looking for once it's all done, we want to find out how many new host did the scan find it? That's kind of why we wantto Generally speaking, we want to let it run until the end if we can. So that way we can get that total number.
So pause for just a few more seconds here. We'll see if it goes, it should be finishing up here, Um, for the most part, and we'll find out if it if it actually is or not.
And then the next thing we're gonna d'oh! Once we find out how many new hosts that actually found, we're gonna again kind of keep things clean. So we'll clear our securing, and we'll go back on and run some other additional commands.
So I'm actually gonna pause the video there. I think it's gonna take a little time. So positive, Leo, in the next video, we'll pick this back up again and we'll finish out the rest of our lab.
So you see, it just finished up there with four new host. But just for time's sake, I want to make sure we stay under that 10 minutes, and I know the next part's gonna take a couple minutes, at least,
so we'll go ahead. Possibly. Oh, here will come back and we'll finish out the rest of her lab, as I mentioned.