Penetration Testing

By | May 11, 2022

Penetration testing also called pen test is a real attack against your network, app or other resources with a proper permission in order to find vulnerabilities that can be exploited.

In other words it is a security testing of systems to find loopholes and to exploit it in a safe way with a proper permission of an organization or company and provide a detailed report of those vulnerabilities and misconfigurations to particular organization or company.

Purpose of Pentesting:

The main purpose of pentesting is to find vulnerabilites or weaknesses in a system and patch those vulnerabilites.

Pentester:

A person who is involved in penetration testing or a person that is performing a penetration testing is called a pentester.

Phases of Penetration Testing:

Planning:

The first phase of penetration testing
In the planning phase, you have to set your objectives like
What are the goals of the pentest?
Whether you are targeting specific data, a specific organization, person, or a group.
What are your targets?

Like applications or network

Establishing boundaries:

So you are attacking real infrastructure and the attack is real so you have to work within the defined boundaries. Because the attack can interrupt the availability of key functions and services.
Means you have to attack weekdays.

Informing need to know employees:

It is wise to inform local security because there will be social engineering involved so in order to make
this happen properly and no one pentester is arrested.

You can study Pentesting rules of engagement from this link

Ethical Hacking Cheat Sheats

Vulnerability Scanning:

Before Penetration testing a vulnerability scan is necessary becuase doing a vulnerability scan can help identifing outdated softwares versions, missing patches and misconfigurations and valid compliance with or deviation from security policy.

It identifies the major applications, or operating systems that are used on the host and maches with the
tools vulnerability database then after the vulnerability is identified we will go to the discovery phase.

Reconnaissance:

Reconnaissance contains different methods through which we can gather different information from our target or related our target (that may be a specific server or a company itself).

The first item in reconnaissance is google Dorks.

Google Dorks:

Google Dorks are special commands that we can use on google to get more information about our target. We can use google dorks inside of a companay web page or we can perform a data analysis through these google dorks.

What data Can we find through Google Dorks?

Through Google dorks we can find

  • Admin Login Page
  • Username and passwords
  • Valuable entities
  • Sensitive Documents
  • Gove/militery data
  • Email Lists
  • Bank account details and lots more

There are two types of Reconnaissance:

Passive Reconnaissance:

Passive reconnaissance involve searching about the target on internet like oberving people in the company or check about the vulnerability about the physical facility.

For Example: Monitoring employees or Listening to network traffic

Active Reconnaissance:

Active reconnaissance contains using listners like (nmaps or tools to scan a network) outside the network. It involves port scanning, Network Mapping and password cracking etc

Social Engineering:

Social Engineering is like deceiving online.
It is an attempt to trick someone into revealing information like passwords and other confidential inormation that can be used to attack systems and networks.

This attempt can be used to test the human like employees that are working in organization. Through this
attempt we can know about the user awareness about cyber security and can reveal weaknesses in users behaviour mean we can know about organization employees that how much they are aware about cyber security.

Tools:

Netmap:

It is also called network mapper which is free to use.

Network Analyzer and Profiler:

Wireshark:

Through wireshark we can capture packets from a network and we can analyze those packets through wireshark.

Password Crackers:

Password Crackers are the tools through which you can crack any password. When you capture packets through wireshare if you find any password file then you can crack it through password cracker.

For example: JohnTheRipper is a famous password cracker tool

Hacking Tools:

Hacking Tools like Metasploit

You can use it to hack databases and tool repository.

CVE:

Common Vulnerability and Exposure is a publically known security flaw database and each vulnerability have a particular id through which you can search that vulnerability in a publically available database.

National Vulnerability Database:

This is a US government repository of standards based vulnerability management. It was originally created in 1999 (Internet – Categorization of Attacks Toolkit or ICAT)

annual X-Force Threat Intelligence Index:

From this site you can learn about the biggest cyber risks that organizations are facing today.

IBM Security Guardium Vulnerability Assessment:

IBM Security™ Guardium® Vulnerability Assessment scans data infrastructures such as databases, data warehouses and big data environments to detect vulnerabilities and suggest relevent actions. This is a vulnerability assessment tool that helps in identifying exposures like missing patches, weak passwords, unauthorized changes and misconfigured privileges. After scanning full reports are provided along with suggestions to address all vulnerabilities.

This post will be updated and more resources and learning materials will be added soon

Leave a Reply

Your email address will not be published.