Skip main navigation

A cyber hacker’s toolkit: reconnaissance

In this video Dr Nick Patterson demonstrates the back-end mechanics of how attacks like the Panama Papers hack are accomplished.
So first things first, we want to find out what the IP address is of this Mossack Fonseca web server. So one simple way we can do this is just ping the website and see if we can get an IP address. Yes, instantly it tells us it’s active. And you can see up top here the IP address from here it gets pretty simple. Basically I want to find out what ports are open, essentially, what doorways are open to this particular web server, and ultimately I want to find out what servers are running so we can try and exploit one of those. So we use that little tool called ‘nmap’.
And you can kind of see it’s got a wide variety of different parameters. We type in ‘nmap’, and then we put in the IP address, or the web server name, of the target we’re trying to actually attack. I think it was this from memory. Yes, OK. So we can see from here on this particular web server, there’s a range of different ports open and different services running. You can see here. Let’s say FTP in this example, port 21. And it’s operating the TCP protocol, and it’s actually in an open state. So from here, we’re going to try to find a bit more information. So we can actually see there’s other services running as well. They’ve got a web server.
You can see that here. That’s running on port 80. They’ve got what looks like an email server that’s running on port 25. And there’s a range of other ones as well. But let’s focus on FTP because that generally can be quite a weak protocol. Let’s try to find out a bit more information if we can. We’ll try a few more complicated parameters in nmap and see what else we can find out. So we’re at nmap sV, which is essentially a service and script scan. And then we’ll do this for our scripts [enters ‘sC’], and type in the web server name again.
And I think we said port 21 for FTP. And we’ll run that server and script scan against the FTP protocol on that particular website. So what else have we gathered here? Again we’ve got confirmation that we’ve got the FTP server software. We can see here another thing is allowing anonymous FTP logins, which is not always a great thing. The main thing is we want to find from here, which is going to be beneficial for us, is that the version of the FTP software, and that it’s actually in open state, and you can connect to it.
I think we’ve gathered enough information to push forward. We know now that FTP is running and it’s open. And we know what server software they’re actually using for that FTP. So that can be a particularly good weak point to gain access. So using this information we’ve gathered, let’s figure out how we can go ahead and move forward from here. So if we check out this particular website here, it’s a very popular one for security exploits. It’s called ‘’. So let’s do a little search. This website basically lists all the new exploits that are out, pretty much every day if there’s a new one out, it’ll list the operating system, what server is it, what software it’s actually targeted against.
Ok, let’s do a little search for what we’ve discovered about this particular target machine we want to get into. I think that should do it. So we’ll go to an advanced search platform, and we’ll punch that into the search. And we want to get in remotely, so let’s go remote. Anything else we can fill in here– Author– Let’s go with Metasploit, essentially our framework that contains a library of different exploits. We can pick out and target against specific weaknesses in the system. Let’s let that search for a minute. So it brings us back a range of different exploits we can potentially use.
Let’s have a look through the list and see if anything is related to– I think we said vsftpd. Let’s see if we can find that in the list.
There we go. Vsftpd version 2.3.4. We’ll just click on that. It tells us everything about that, when it was published. We can download it if we want. Tells us more about the actual code behind the exploit, how it works there. So now you’ve seen from a hacker’s perspective how to do some reconnaissance and discover vulnerabilities in a particular system. These are things that the hacker will look for in order to exploit your systems. Thanks for watching.

The best way to understand how a cyber attack occurs is to see one in action.

In this video, Dr Nick Patterson demonstrates the back-end mechanics of how attacks like the Panama Papers hack are accomplished.

The simulation is set up in a mock environment to mimic what might have happened in this case and shows you how hackers do their reconnaissance by searching for vulnerabilities. The use of these tools and techniques to access web servers you do not control is of course illegal and this video shows a part of the process as an educational tool to help you think more carefully about guarding your systems.

Your task

Watch the video and share your observations on how hackers can find out information about your systems.

This article is from the free online

Cyber Security for Small and Medium Enterprises: Identifying Threats and Preventing Attacks

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education