Penetration testing also called pentest is a real attack against your network, app, or other resources with proper permission in order to find vulnerabilities that can be exploited.
In other words, it is a security testing of systems to find loopholes and exploit them in a safe way with a proper permission of an organization or company and provide a detailed report of those vulnerabilities and misconfigurations to a particular organization or company.
Purpose of Penetration Testing:
The main purpose of Penetration Testing is to find vulnerabilities or weaknesses in a system and patch those vulnerabilities.
Pentester or Penetration Tester:
A person who is involved in penetration testing or a person that is performing penetration testing is called a pentester.
Phases of Penetration Testing:
Following are the Phases of penetration testing
- It is the first phase of penetration testing
- In the planning phase, you have to set your objectives like
- What are the goals of the pentest?
- Whether you are targeting specific data, a specific organization, a person, or a group.
- What are your targets? for e.g Like applications or network
So you are attacking real infrastructure and the attack is real so you have to work within the defined boundaries. Because the attack can interrupt the availability of key functions and services.
This means you have to attack on weekdays.
Informing need-to-know employees:
It is wise to inform local security because there will be social engineering involved so in order to make
this happen properly and no one pentester is arrested.
You can study Pentesting rules of engagement from this link
Ethical Hacking Cheat Sheets
Before Penetration testing, a vulnerability scan is necessary because doing a vulnerability scan can help identify outdated software versions, missing patches, and misconfiguration, and valid compliance with or deviation from security policy.
During vulnerability scanning, we can identify the major applications or operating systems that are used on the host machine. after the vulnerability is identified we will go to the discovery phase.
Reconnaissance contains different methods through which we can gather different information from our target or related to our target (that may be a specific server or a company itself).
The first item in reconnaissance is google Dorks.
Google Dorks are special commands that we can use on google to get more information about our target. We can use google dorks inside of a company web page or we can perform data analysis through these google dorks.
What data Can we find through Google Dorks?
Through Google dorks, we can find
- Admin Login Page
- Username and passwords
- Valuable entities
- Sensitive Documents
- Govt/military data
- Email Lists
- Bank account details and lots more
There are two types of Reconnaissance:
Passive reconnaissance involves searching for the target on the internet like observing people in the company or checking about the vulnerability of the physical facility.
For Example: Monitoring employees or Listening to network traffic
Active reconnaissance contains using listeners like Nmap tools to scan a network) outside the network. It involves port scanning, Network Mapping, password cracking, etc
Social Engineering is like deceiving online.
It is an attempt to trick someone into revealing information like passwords and other confidential information that can be used to attack systems and networks.
This attempt can be used to test the human, like employees that are working in the organization. Through this attempt, we can know about the user’s awareness of cyber security and can reveal weaknesses in users’ behavior mean we can know about organization employees and how much they are aware of cyber security.
Following is the list of tools that can be used during penetration testing.
It is also called a network mapper which is free to use. Nmap is basically used for port scanning, operating system fingerprinting and version scanning, etc.
Network Analyzer and Profiler:
Through Wireshark, we can capture packets from a network and we can analyze those packets through Wireshark.
Password Crackers are tools through which you can crack any password. When you capture packets through Wireshark if you find any password file then you can crack it through a password cracker or you can crack different hashes.
For example, JohnTheRipper is a famous password cracker tool
Hacking Tools/Exploitation Tools:
Hacking Tools like Metasploit
Metasploit is a widely used tool that contains different types of exploits and payloads. You can use this tool in order to exploit different vulnerabilities.
Common Vulnerability and Exposure is a publically known security flaw database and each vulnerability has a particular id through which you can search that vulnerability in a publically available database.
This is a US government repository of standards-based vulnerability management. It was originally created in 1999 (Internet – Categorization of Attacks Toolkit or ICAT)
From this site, you can learn about the biggest cyber risks that organizations are facing today.
IBM Security™ Guardium® Vulnerability Assessment scans data infrastructures such as databases, data warehouses, and big data environments to detect vulnerabilities and suggest relevant actions. This is a vulnerability assessment tool that helps in identifying exposures like missing patches, weak passwords, unauthorized changes, and misconfigured privileges. After scanning full reports are provided along with suggestions to address all vulnerabilities.
This post will be updated and more resources and learning materials will be added soon. This post is not arranged properly, It will be updated shortly… Stay tuned…