Recent Posts

In penetration testing, report writing is a comprehensive task that includes methodology, procedures, proper explanation of report content and design, detailed example of testing report, and tester’s personal experience. Once the report is prepared, it is shared among the senior management staff and technical team of target organizations. If any such kind of need arises in future, this report is used as the reference. Why is a penetration test report so important? Never forget, penetration testing is a scientific process, and like all scientific processes it should be repeatable by an independent party. If a client disagrees with the findings of a test, they have every right to ask for a second opinion from another tester. If your report doesn’t detail how you arrived at a conclusion, the second tester will have no idea how to repeat the steps you took to get there. This could lead to them offering a different conclusion, making you look a bit silly and worse still, leaving a potential vulnerability exposed to the world. Your efforts will go to waste if you won’t record your results. To become a successful white hat hacker, you should know how to write good reports. In this part of the book, you’ll discover important tips, tricks, and techniques in writing reports for penetration tests. Report Planning Report planning starts with the objectives, which help readers to understand the main points of the penetration testing. This part describes why the testing is conducted, what are the benefits of pen testing, etc. Secondly, report planning also includes the time taken for the testing.   Main Elements of a Report Goals – Describe the purpose of your test. You may include the advantages of penetration testing in this part of the report.   Time – You should include the timestamp of the activities you will perform. This will give an accurate description of the network’s status. If a problem occurs later on, the hacker can use the timestamps of his activities to determine the cause of the issue.   Audience – The report should have a specific audience. For example, you may address your report to the company’s technical team, IT manager, or CEO.   Classification – You should classify the document since it contains sensitive data. However, the mode of classification depends on your client.   Distribution – Your report contains confidential information. If a black hat hacker gets access to that document, the network you were meant to protect will go down. Thus, your report should indicate the total number of copies you made as well as the people to whom you sent them. Each report must have an ID number and the name of its recipient.   Information Collection Because of the complicated and lengthy processes, pen tester is required to mention every step to make sure that he collected all the information in all the stages of testing. Along with the methods, he also needs to mention about the systems and tools, scanning results, vulnerability assessments, details of his findings, etc. Penetration tests involve long and complex processes. As a result, you need to describe every piece of information that you’ll collect during the attack. Describing your hacking techniques isn’t enough. You should also explain your assessments, the results of your scans, as well as the output of your hacking tools.   Writing the First Draft Once, the tester is ready with all tools and information, now he needs to start the first draft. Primarily, he needs to write the first draft in the details – mentioning everything i.e. all activities, processes, and experiences. Creating Your First Draft Write the initial draft of your report after collecting all the information you need. Make sure that this draft is full of details. Focus on the processes, experiences, and activities related to your test.   Proofreading  Typographical and/or grammatical errors can ruin your report. Thus, you need to review your work and make sure that it is error-free. Once you’re satisfied with your output, ask your colleagues to check it. This approach will help you produce excellent reports.   Review and Finalization Once the report is drafted, it has to be reviewed first by the drafter himself and then by his seniors or colleagues who may have assisted him. While reviewing, reviewer is expected to check every detail of the report and find any flaw that needs to be corrected Content of Penetration Testing Report Following is the typical content of a penetration testing report − Executive Summary Scope of work Project objectives Assumption Timeline Summary of findings Summary of recommendation Methodology Planning Exploitation Reporting Detail Findings Detailed systems information Windows server information References Appendix    

Penetration Testing – The Process   Here’s a detailed description of the process involved in penetration testing:   Secure Permission  Don’t do anything on your target until you have written permission from your client. This document can protect you from nasty lawsuits or similar problems. Verbal authorization is not sufficient when performing hacking attacks. Remember: countries are implementing strict rules and penalties regarding activities related to hacking   Formulate a Plan A plan can boost your chances of succeeding. Hacking a system can be extremely complicated, especially when you are dealing with modern or unfamiliar systems. The last thing you want to do is launch an attack with unorganized thoughts and tricks. When creating a plan, you should: Specify your target/s Determine the risks Determine the schedule and deadline of your penetration test Specify the methods that you’ll use Identify the information and access that you will have at the start of your test Specify the “deliverables” (the output that you’ll submit to your client) Focus on targets that are vulnerable or important. Once you have tested the “heavyweights”, the remaining part of the test will be quick and easy.   Here are some targets that you can attack: Mobile devices (e.g. smartphones) Operating Systems Firewalls Email servers Network Infrastructure Workstations Computer programs (e.g. email clients) Routers Important Note: You should be extremely careful when choosing a hacking method. Consider the effects of that method and how your target will likely respond. For example, password crackers can lock out legitimate users from the system. This type of accident can be disastrous during business hours Choose Your Tool Kali Linux contains various hacking tools. If you are using that operating system, you won’t need to download other programs for your penetration tests. However, Kali’s large collection of tools can be daunting and/or confusing. You might have problems identifying the tools you need for each task that you must accomplish. Here are some of the most popular tools in Kali Linux: Nmap – You’ll find this program in the toolkit of almost all hackers. It is one of most powerful tools that you can use when it comes to security auditing and network discovery. If you are a network administrator, you may also use Nmap in tracking host uptime, controlling the schedule of your service upgrades, and checking network inventory. This tool is perfect for scanning huge computer networks. However, it is also effective when used against small targets. Because Nmap is popular, you will find lots of available resources in mastering this program Ghost Phisher – This tool is an Ethernet and wireless attack program. It can turn your computer into an access point (or a hotspot) and hijack other machines. It can also work with the Metasploit framework (you will learn more about Metasploit later). Maltego Teeth – With this program, you will see the threats that are present in your target’s environment. Maltego Teeth can show the seriousness and complications of different failure points. You will also discover the trust-based relationships inside the infrastructure of your target.   This tool uses the internet to collect information about your target system and its users. Hackers use Maltego Teeth to determine the relationships between: Domains Companies Phrases Files People Netblocks Websites IP addresses Affiliations Wireshark – Many hackers consider this tool as the best analyzer for network protocols. It allows you to monitor all activities in a network. The major features of Wireshark are: It can capture data packets and perform offline analysis It can perform VoIP (i.e. Voice over Internet Protocol) analysis It has a user-friendly GUI (graphical user interface) It can export data to different file types (e.g. CSV, plaintext, XML, etc.) It can run on different operating systems (e.g. OS X, Linux, NetBSD, etc.)   Exploitdb – The term “exploitdb” is the abbreviation for “Exploit Database”. Basically, exploitdb is a collection of exploits (i.e. a program that “exploits” a target’s vulnerability) and the software they can run on. The main purpose of this database is to provide a comprehensive and up-to-date collection of exploits that computer researchers and penetration testers can use.   You need to find vulnerability before attacking a target. And you need an exploit that works on the vulnerability you found. You’ll spend days (or even weeks) just searching for potential weaknesses and creating effective exploits. With exploitdb, your tasks will become quick and easy. You just have to run a search for the operating system and/or program you want to attack, and exploitdb will give you all the information you need.   Aircrack-ng – This is a collection of tools that you can use to test WiFi networks. With Aircrack-ng, you can check the following aspects of wireless networks: Testing – You can use it to test your drivers and WiFi cards. Attacking – Use Aircrack-ng to perform packet injections against your targets. Cracking – This tool allows you to collect data packets and crack passwords. Monitoring – You may capture packets of data and save them as a text file. Then, you may use the resulting files with other hacking tools.   Johnny – This tool is an open-source GUI for “John the Ripper”, a well-known password cracker. It is possible to use “JTR” as is. However, Johnny can automate the tasks involved in cracking passwords. In addition, this GUI adds more functions to the JTR program.  

Web application attacks are the single most prevalent and devastating security threat facing organizations today. Attacks such as SQL injection and Cross-Site Scripting (XSS) are responsible for some of the largest security breaches in history, including the top three credit card breaches between 2005 and 2010. At one retailer, hackers used SQL injection to compromise servers and steal 45 million records, costing the organization an estimated $256 million. Web attacks are growing in number, with 100% of organizations in a broad survey reporting that they had recently suffered a web attack.1 The same survey found that Web attacks are also the most detrimental type of attack; they cost organizations over 100 times more than malware and 50 times more than viruses, worms and trojans annually. Web Attacks Are Targeted Web applications are easily accessible to hackers. They are also a lucrative attack target because they often store valuable data such as credit card numbers, personally identifiable information (PII) and financial data Web Attacks Are Often Successful Most Web applications – over 80% – have had high, critical, or urgent vulnerabilities. This is due in part to the lack of effort applied to secure coding; most developers are motivated to write code quickly or create new functionality rather than to develop secure applications. Cyberattacks on web applications are increasingly common. As more and more governments and businesses move their services online, web applications become an easy target for cybercriminals. Web attacks are one of the biggest threats to corporate security and data security. They can lead to a wide range of devastating consequences from service disruptions and shutdowns to information theft and data manipulation.   Ever been overwhelmed by all those complicated cybersecurity terms shown on the news, and head to Wikipedia only to get more confused? Here we are explaining in the simplest way some of the most common cyberattacks aimed at web applications.   What is a web application? A web application is an application program that is installed on a remote server and delivered through the internet, with the website being the user interface. Think about email, social media, and e-commerce sites – you are basically using these applications on the web without having the need to install it locally on your computer. Simply put, if your interaction with a website involves the request of data, it is likely a web application. For example, most web forms are web applications; when you enter your information in a login form and click the “login” button, you are sending a request to the server to extract your data and reflect them on the user interface.   5 major web attacks in 2020   Cross-Site Scripting (XSS)  Involved in about 40 percent of web attack attempts last year, this remains the most common attack technique we see. XSS typically involves inducing a website to execute arbitrary or malicious script code an attacker uploaded, usually because the site fails to properly sanitize user-submitted inputs. If another visitor loads the malicious or compromised web page, their browser may execute the malicious code, infecting the victim. Most XSS attacks are not particularly sophisticated, and we see a lot of attacks come from so-called script kiddies, who are inexperienced attackers using scripts and tools others wrote.    2 .Path Traversal   These web attacks were used in about 7 percent of cases we examined. They attempt to access unauthorized files or directories outside the web root folder by injecting patterns such as “../” to move up in the server directory hierarchy. Successful path-traversal can allow attackers to improperly access site or user credentials, configuration files, databases or other sites co-located on the same physical machine. As with XSS and SQLi, successful path traversal attacks usually result from inadequate input sanitization and often are combined with other attacks, such as local file inclusion, to steal the targeted data or credentials.   3.  Zero-day attack A zero-day attack exploits publicized (or sometimes known through other means) software flaws before they are patched with software updates. Wondering how it got its name? Well, if the day of the software update is seen as “day one”, then an attack that comes before the update is said to occur on “day zero”, making it a zero-day attack. Since these attacks target flaws that do not yet have a fix, they can be difficult to deal with in the short run. Think of it as a new virus without any vaccine or treatment.   Many zero-day attacks target Microsoft Windows right after a software update is released, leaving those who do not update immediately wide open to the attacks. The next time you get notified of a software update, think twice before you click that “postpone” button!   4 . SQL Injection (SQLi) At about 24 percent of web attack attempts, this was the second most common attack technique we witnessed. The most common form of SQLi occurs when an attacker enters malicious SQL code into a field on a web page and the server-side code submits it to the database without properly sanitizing it first. A successful SQLi attack can delete or change sensitive data or reveal it to the attacker. 5. Distributed Denial of Service (DDoS) These accounted for about 3 percent of attacks we examined. DDoS involves commanding numerous computers, typically compromised computers in a botnet, to bombard a targeted web server with requests, overloading its resources and rendering it unavailable to legitimate visitors. While DDoS alone does not provide an attacker with improper access to any resources, in 2017 we saw a trend of attackers increasingly using DDoS alongside other attacks to distract automated defense systems from responding to an issue.