Penetration Testing – The Process

Penetration Testing – The Process

Here’s a detailed description of the process involved in penetration testing:

Secure Permission

 Don’t do anything on your target until you have written permission from your client. This document can protect you from nasty lawsuits or similar problems. Verbal authorization is not sufficient when performing hacking attacks. Remember: countries are implementing strict rules and penalties regarding activities related to hacking

Formulate a Plan

A plan can boost your chances of succeeding. Hacking a system can be extremely complicated, especially when you are dealing with modern or unfamiliar systems. The last thing you want to do is launch an attack with unorganized thoughts and tricks.

When creating a plan, you should:

• Specify your target/s
• Determine the risks
• Determine the schedule and deadline of your penetration test
• Specify the methods that you’ll use
• Identify the information and access that you will have at the start of your test
• Specify the “deliverables” (the output that you’ll submit to your client)
• Focus on targets that are vulnerable or important. Once you have tested the

“heavyweights”, the remaining part of the test will be quick and easy.

Here are some targets that you can attack:

• Mobile devices (e.g. smartphones)
• Operating Systems
• Firewalls
• Email servers
• Network Infrastructure
• Workstations
• Computer programs (e.g. email clients)
• Routers

Important Note: You should be extremely careful when choosing a hacking method. Consider the effects of that method and how your target will likely respond. For example, password crackers can lock out legitimate users from the system. This type of accident can be disastrous during business hours

Choose Your Tool

Kali Linux contains various hacking tools. If you are using that operating system, you won’t need to download other programs for your penetration tests. However, Kali’s large collection of tools can be daunting and/or confusing. You might have problems identifying the tools you need for each task that you must accomplish.

Here are some of the most popular tools in Kali Linux:

• Nmap – You’ll find this program in the toolkit of almost all hackers. It is one of most powerful tools that you can use when it comes to security auditing and network discovery. If you are a network administrator, you may also use Nmap in tracking host uptime, controlling the schedule of your service upgrades, and checking network inventory.

This tool is perfect for scanning huge computer networks. However, it is also effective when used against small targets. Because Nmap is popular, you will find lots of available resources in mastering this program

• Ghost Phisher – This tool is an Ethernet and wireless attack program. It can turn your computer into an access point (or a hotspot) and hijack other machines. It can also work with the Metasploit framework (you will learn more about Metasploit later).
• Maltego Teeth – With this program, you will see the threats that are present in your target’s environment. Maltego Teeth can show the seriousness and complications of different failure points. You will also discover the trust-based relationships inside the infrastructure of your target.

This tool uses the internet to collect information about your target system and its users. Hackers use Maltego Teeth to determine the relationships between:

• Domains
• Companies
• Phrases
• Files
• People
• Netblocks
• Websites
• IP addresses
• Affiliations
• Wireshark – Many hackers consider this tool as the best analyzer for network protocols. It allows you to monitor all activities in a network. The major features of Wireshark are: It can capture data packets and perform offline analysis It can perform VoIP (i.e. Voice over Internet Protocol) analysis It has a user-friendly GUI (graphical user interface) It can export data to different file types (e.g. CSV, plaintext, XML, etc.) It can run on different operating systems (e.g. OS X, Linux, NetBSD, etc.)

• Exploitdb – The term “exploitdb” is the abbreviation for “Exploit Database”. Basically, exploitdb is a collection of exploits (i.e. a program that “exploits” a target’s vulnerability) and the software they can run on. The main purpose of this database is to provide a comprehensive and up-to-date collection of exploits that computer researchers and penetration testers can use.

You need to find vulnerability before attacking a target. And you need an exploit that works on the vulnerability you found. You’ll spend days (or even weeks) just searching for potential weaknesses and creating effective exploits. With exploitdb, your tasks will become quick and easy. You just have to run a search for the operating system and/or program you want to attack, and exploitdb will give you all the information you need.

• Aircrack-ng – This is a collection of tools that you can use to test WiFi networks. With Aircrack-ng, you can check the following aspects of wireless networks: Testing – You can use it to test your drivers and WiFi cards. Attacking – Use Aircrack-ng to perform packet injections against your targets. Cracking – This tool allows you to collect data packets and crack passwords. Monitoring – You may capture packets of data and save them as a text file. Then, you may use the resulting files with other hacking tools.

• Johnny – This tool is an open-source GUI for “John the Ripper”, a well-known password cracker. It is possible to use “JTR” as is. However, Johnny can automate the tasks involved in cracking passwords. In addition, this GUI adds more functions to the JTR program.