Skip to main content

Penetration



What Is a Penetration Test?

A penetration test is a subclass of ethical hacking; it comprises a set of methods and procedures
that aim at testing/protecting an organization’s security. The penetration tests prove helpful in
finding vulnerabilities in an organization and check whether an attacker will be able to exploit
them to gain unauthorized access to an asset.




Vulnerability Assessments versus Penetration Test

 Oftentimes, a vulnerability assessment is confused with a penetration test; however, these terms
have completely different meanings. In a vulnerability assessment, our goal is to figure out all the
vulnerabilities in an asset and document them accordingly.
In a penetration test, however, we need to simulate as an attacker to see if we are actually able
to exploit a vulnerability and document the vulnerabilities that were exploited and the ones that
turned out to be false-positive.

Preengagement

 Before you start doing a penetration test, there is whole lot of things you need to discuss with
clients. This is the phase where both the customer and a representative from your company would
sit down and discuss about the legal requirements and the “rules of engagement.”

 Ethical Hacking and Penetration Testing Guide 

 Rules of Engagement

Every penetration test you do would comprise of a rules of engagement, which basically defines
how a penetration test would be laid out, what methodology would be used, the start and end dates,
the milestones, the goals of the penetration test, the liabilities and responsibilities, etc. All of them
have to be mutually agreed upon by both the customer and the representative before the penetration
test is started. Following are important requirements that are present in almost every ROE:

1. A proper “permission to hack” and a “nondisclosure” agreement should be signed by both
    the parties.
2. The scope of the engagement and what part of the organization must be tested.
3. The project duration including both the start and the end date.
4.The methodology to be used for conducting a penetration test.
5.The goals of a penetration test.
6.The allowed and disallowed techniques, whether denial-of-service testing should be performed
or not.
7. The liabilities and responsibilities, which are decided ahead of time. As a penetration tester
you might break into something that should not be accessible, causing a denial of service;
also, you might access sensitive information such as credit cards. Therefore, the liabilities
should be defined prior to the engagement.

If you need a more thorough documentation, refer to the “PTES Pre-engagement” document
(http://www.pentest-standard.org/index.php/Pre-engagement)




Milestones
Before starting a penetration test, it’s good practice to set up milestones so that your project is
delivered as per the dates given in the rules of engagement.

You can use either a GANTT chart or a website like Basecamp that helps you set up milestones
to keep track of your progress. The following is a chart that defines the milestones followed by the
date they should be accomplished.


Penetration Testing Methodologies
In every penetration test, methodology and the reporting are the most important steps. Let’s first
talk about the methodology. There are several different types of penetration testing methodologies
that address how a penetration test should be performed. Some of them are discussed in brief next.
OSSTMM

 
An open-source security testing methodology manual (OSSTMM) basically includes almost all
the steps involved in a penetration test. The methodology employed for penetration test is concise
yet it’s a cumbersome process which makes it difficult to implement it in our everyday life.
Penetration tests, despite being tedious, demands a great deal of money out of company’s budgets
for their completion which often are not met by a large number of organizations.

Theres another method called NIST.

NIST

 NIST, on the other hand, is more comprehensive than OSSTMM, and it’s something that you
would be able to apply on a daily basis and in short engagements. The screenshot indicates the four
steps of the methodology, namely, planning, discovery, attack, and reporting.
The testing starts with the planning phase, where how the engagement is going to be performed
is decided upon. This is followed by the discovery phase, which is divided into two parts—the first
part includes information gathering, network scanning, service identification, and OS detection,
and the second part involves vulnerability assessment.
After the discovery phase comes the attack phase, which is the heart of every penetration test. If
you are able to compromise a target and a new host is discovered, in case the system is dual-homed
or is connected with multiple interfaces, you would go back to step 2, that is, discovery, and repeat it
until no targets are left. The indicating arrows in the block phase and the attack phase to the reporting
phase indicate that you plan something and you report it—you attack a target and report the results.
The organization also has a more detailed version of the chart discussed earlier, which actually
explains more about the attack phase. It consists of things such as “gaining access,” “escalating

privileges,” “system browsing,” and “install additional tools.” 




Labels:

Comments

Post a Comment

Popular posts from this blog

How to crack iOS device password.

Cracking iOS Passwords I’d venture to guess that many phone and tablet passwords ( really, they’re just 4-digit PINs) can be guessed outright. A mobile device gets lost or stolen and all the person recovering it has to do is try some basic number combinations such as 1234, 1212, or 0000. Soon, voilĂ ! — the system is unlocked. Many phones and tablets running iOS, Android, and Blackberry OS are configured to wipe the device if the incorrect password is entered X number of times (often 10 failed attempts). A reasonable security control indeed. But what else can be done? Some commercial tools can be used to crack simple passwords/PINs and recover information from lost or stolen devices or devices undergoing a forensics investigation.
5 comments
Read more

BackTrack and how to install it.

What Is BackTrack? So now that you are familiar with Linux, let me introduce you to BackTrack. BackTrack is a Linux penetration testing distro developed by Offensive Security especially for ethical hackers and penetration testers. It contains all the popular tools and software used for pen testing a variety of services, networks, and devices. BackTrack 5 is the latest version of the Linux penetration testing distro at the time of writing this chapter. It comes in two flavors: Gnome and KDE. Gnome is an Ubuntu-based Linux operating system that has officially been introduced only in the latest version of BackTrack. Here is a screenshot of BackTrack 5.
1 comment
Read more

How to activate your windows

RemoveWat       Windows 7  Build 7600  This copy of windows is not genuine This is because your windows is not activated. To solve this you need activation key, which is not free. In this article i'll show you how to activate your window without paying  single bucks. All you need is one small application.
1 comment
Read more