Performing Passive Reconnaissance (4e)

Ethical Hacking, Fourth Edition - Lab 01

Student: Email:
Deepak Jugran [email protected]

Time on Task: Progress:

25 hours, 33 minutes 100%

Report Generated: Saturday, July 19, 2025 at 7:35 AM

Section 1: Hands-On Demonstration

Part 1: Explore Google Hacking Techniques

5. Make a screen capture showing the site:nytimes search results.

Page 1 of 9
Performing Passive Reconnaissance (4e)
Ethical Hacking, Fourth Edition - Lab 01

7. Make a screen capture showing the inurl:nytimes search results.

9. Briefly describe the differences you noticed in the search results for each search operator
and identify one or two scenarios in which any of these particular findings could be useful to
the ethical hacker.

Link Previously employed to identify pages that contain a hyperlink to a particular URL, this operator
was discontinued by Google in 2017. In relation to Applies to websites that are associated with a
given URL. As an illustration, the query "nytimes.com" will yield outcomes pertaining to websites that
are comparable in nature to nytimes.com. Info Employed to present details pertaining to a webpage.
"nytimes.com" will, for instance, provide information regarding nytimes.com.
Instances involving ethical hackers: When an ethical hacker is tasked with identifying a security flaw
on a particular website, he or she may leverage the site operator's cooperation to streamline the
analysis by concentrating solely on that domain. An ethical hacker conducting research on a potential
data breach could employ the inurl operator to pinpoint particular directories within a domain that may
contain sensitive information.

16. Describe any search results obtained in steps 14 and 15 that you think might provide a
malicious hacker with information that could be used to target users or systems of your chosen
organization.

Step 14 involved performing a search for exposed configuration files, which malicious hackers could
exploit to obtain sensitive data such as IP addresses and credentials. A WHOIS database search was
performed in step 15 in order to gain insight into the security practices of an organization. The WHOIS
database contains comprehensive data on all globally registered domains, including the most recent
update date. This information can be exploited to identify organizations that have inadequate security
protocols. This aids in safeguarding systems and users against potential intrusions.

Page 2 of 9
Performing Passive Reconnaissance (4e)
Ethical Hacking, Fourth Edition - Lab 01

Part 2: Explore the WHOIS Database

3. Make a screen capture showing the results of the WHOIS search.

4. Document the date of the most recent update to the domain record.

2023-05-16

Page 3 of 9
Performing Passive Reconnaissance (4e)
Ethical Hacking, Fourth Edition - Lab 01

11. Make a screen capture showing the results of the MX query.

14. Make a screen capture showing the results of the NS query.

Page 4 of 9
Performing Passive Reconnaissance (4e)
Ethical Hacking, Fourth Edition - Lab 01

Section 2: Applied Learning

Part 1: Collect Information with TheHarvester
Make a screen capture showing the search results from theHarvester using Bing.

Page 5 of 9
Performing Passive Reconnaissance (4e)
Ethical Hacking, Fourth Edition - Lab 01

7. Make a screen capture showing the search results from theHarvester using
DuckDuckGo.

Part 2: Collect Information with Maltego

Page 6 of 9
Performing Passive Reconnaissance (4e)
Ethical Hacking, Fourth Edition - Lab 01

20. Make a screen capture showing the graph of the NS Records for the target domain.

28. Make a screen capture showing the graph of the email addresses for the target domain.

Page 7 of 9
Performing Passive Reconnaissance (4e)
Ethical Hacking, Fourth Edition - Lab 01

35. Make a screen capture showing the first page of the IP addresses and domain names for
the target domain.

Page 8 of 9
 Performing Passive Reconnaissance (4e)
Ethical Hacking, Fourth Edition - Lab 01

Section 3: Challenge and Analysis

Part 1: Perform Reconnaissance on a Chosen Target

Document the above details you discovered for your selected organization.

1. Amazon Inc2. Domain name: .amazon , ext : amazon.com3. url : www.amazon.com , social
networkin sites: Spark4. 10 Terry Avenue North, Seattle, Washington, 981095. Andy Jassy currently
serves as Amazon's president and CEO . Jeff Bezos founded Amazon.com in 1994.6. Chennai, India:
6,000 employees in an 8.3 lakh square foot office Seattle, Washington: 50,000 employees, down from
60,000 in 20207. HubSpot. Maropost. Microsoft. myob. SAP. ServiceNow. Shopify. Slack.

Part 2: Analyze Reconnaissance Results

Describe one or two possible scenarios in which these findings could be used in
further ethical hacking endeavors.

In the below scenarios, Ehtihcal hacking can be used and hence a reaoson to have a Ethical hacker in
a Corporate:
Ethical Hackers perform security tests to identify vulnerabilities and fix issues. Ethical Hackers secure
confidential data from adversaries and prevent unauthorized access. They execute testing tools and
techniques to reduce the occurrence of similar vulnerabilities in the system. They play a significant
role in ensuring the organization’s security, and many government organizations also hire Ethical
Hackers to protect their privacy. Ethical Hackers view every issue from the perspective of attacks to
find the potential entry points of vulnerabilities. They also provide security guidance on cybersecurity
to all other IT teams, such as Developers, Quality Assurance, and Risk Management.

Page 9 of 9
Powered by TCPDF (www.tcpdf.org)