Ready to Start Your Career?
November 20, 2016
How to Hack: The Full Penetration Testing Process
November 20, 2016
Step 1: Reconnaissance Phase.Prior to an attack, the penetration tester should know as much as possible about the target environment and the characteristics of the system. The more targeted information the penetration tester finds, the better the chances of identifying the easiest and fastest way to succeed. Black-box testing requires more reconnaissance than white-box testing because testers do not get enough data. Scouting services may include Internet footprints for investigating targets, monitoring resources, monitoring personnel, processes, etc., scanning network information (such as IP addresses and system types), and social engineering public services such as help desks. Reconnaissance is the first step in penetration testing, whether the penetration tester is known to confirm the target system, or to find known intelligence. When reconnaissance, the target environment must be defined according to the work area. Once the target is identified, a survey is performed to gather information about the target, such as which ports are used for communication, where the target is hosted, what services it provides to the customer, and so on. This data can be used to develop a plan to see what the best way to get the desired results. The results of the reconnaissance process should include the following: a list of all target assets, what applications are associated with the asset, services to be used, and possible asset owners. Kali Linux provides a category labeled “Information Gathering”, which is a reconnaissance resource. Tools include tools for investigating networks, data centers, wireless networks, and host systems. The following is a checklist of reconnaissance goals: Acknowledging the goals Defining the use of applications and services Acknowledging the type of system Confirming the available ports Confirming the running services Passive social engineering information Document discovery. Step 2: Vulnerability Scanning.After confirming and investigating the target through reconnaissance, the next step is to assess the vulnerability of the target. At this point, the penetration tester should be sufficiently knowledgeable about the target so that it can choose how to analyze possible vulnerabilities. As the saying goes, there is no right to speak without investigation. The scope of the test vulnerability may include: Web application how to run, what services, what communication port, and so on. Vulnerability assessment and security audits often come at this stage of the target assessment process. Scouting for information can improve the accuracy of identifying potential vulnerabilities, shorten the time it takes to target services and help avoid existing security. For example, running a generic vulnerability scanner for a Web application server could potentially warn the owner of the asset or warn the IDE & IDS, generating only general details about the system and the application. Depending on the data acquired during the reconnaissance phase, scanning the server for specific vulnerabilities may be more difficult for the asset owner, providing an easy-to-use vulnerability and taking the time to implement it. The vulnerability of the assessment targets can be automated either manually or through tools. There is a set of tools in Kali Linux called Vulnerability Analysis. The capabilities of these tools range from evaluating network devices to database aspects. The following list shows the assessment objectives: assessing the vulnerabilities of the target system; prioritizing the vulnerable system; mapping the vulnerable system to the asset owner and recording the discovered problem. Step 3: Exploitation.In this step to use the loopholes found to verify whether these vulnerabilities are true, and verify what access or access may be. Exploit vulnerabilities to separate penetration testing services from passive services such as vulnerability assessment and auditing. Vulnerability exploits and all subsequent steps can be legitimately obtained without the authorization of the owner of the target system. The success of this step is mainly dependent on the previous work. Most exploits are developed for specific vulnerabilities and can cause unpredictable results if performed incorrectly. The best approach is to identify a few vulnerabilities and then develop an attack strategy against the vulnerabilities that are most vulnerable to exploitation. The process of exploiting the vulnerabilities of the target system may be manual or automated, based on the ultimate goal. There are cases where SQL injection is run to gain administrative access to the Web application or, by means of social engineering, to enable the service desk personnel to provide the administrator’s login credentials. Kali Linux provides a set of exploit-specific tools called Exploitation Tools to take advantage of targeted vulnerabilities ranging from exploiting specific service vulnerabilities to social engineering packages. The following are some of the exploit goals: exploiting vulnerabilities; gaining access; capturing unauthorized data; actively implementing social engineering; attacking other systems or applications and recording the findings. Step 4: Privilege Elevating.Access goals do not guarantee that infiltration tasks can be completed. In many cases, the use of a vulnerable system may require access to restricted data and resources. Attackers must be privileged to gain access to critical data (sensitive data, critical infrastructure). Privilege elevation may include acknowledging and breaking passwords, user accounts, unlicensed IT space, and so on. For example, an attacker could implement limited user access, confirm a shadow file that contains administrator login credentials, obtain passwords for the administrator by password cracking, and access the internal application through administrator access. Kali Linux’s Password Attack and Vulnerability Toolkit provides a number of tools to help you gain privilege elevation. Because most of these tools include methods to gain initial access and elevation of privilege, these tools are grouped according to the toolset. The following lists the privilege escalation goals: obtaining higher privileges to access the system and network; revealing other user account information; accessing privileged access to other systems, and recording the findings. Step 5: Maintaining Access.This step is to maintain access by establishing other entry points to the target and, if possible, to cover the evidence of penetration. The penetration process may trigger a defense mechanism, which ultimately helps to ensure that the penetration tester’s security when accessing the network. The best approach is to establish other means of access to the target as a guarantee that the primary path is closed. Alternative access methods can be backdoors, new administrator accounts, encrypted channels, new network access channels, and so on. Another important aspect of establishing a foothold in the target system is the removal of evidence of penetration. This can make detection of attacks more difficult, and thus can reduce the security defense response. Clearing evidence includes deleting user logs, masking existing access channels, and clearing traces of corruption (such as error messages caused by the infiltration process). Kali Linux includes a directory called “Maintaining Access”, whose goal is to maintain a foothold on the target system. In order to create various forms of backdoors in the target system, tools are required. The goal of establishing a foothold on the target system is as follows: establishing multiple access points on the target network; removing evidence that access has been granted; repairing the affected system; Encryption and other means to hide the communication method; record the findings. Step 6: Reporting.Reporting stage is the last phase in the penetration test methodology. Reporting phase will parlay occurred with other three stages or it will happen after attack phase. This reporting phase is a vital stage and this report will cover both management and technical aspects, provide detailed information about all findings, figures with proper graphs. A penetration tester will provide the suitable presentation of vulnerabilities and their impact on the business of the target organization. Finally, documentation will be detailed and it will provide a technical description of the vulnerabilities. Penetration testers should meet the client's requirements in the documents, and documents should be detailed to show the ability of the successful penetration tester. Done Guys :D I hope all of you enjoyed the article, leave your comments below!You can read my old article: Programming languages that you should learn to be an Expert Hacker!Keep in touch with me here on Cybrary or Facebook.