What Is Penetration Test And Its Stages

What Is Penetration Testing:

penetration test, or pentest, is an attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data.

In Simple terms Penetration testing or a pentest can be explained as a process of identifying the loop holes in a target application,website or a network to patch or the fix the vulnerability in an ethical way.

The process involves identifying the target systems and the goal, then reviewing the information available and undertaking available means to attain the goal. A penetration test target may be a white box (where all background and system information are provided) or black box (where only basic or no information is provided except the company name). A penetration test can help determine whether a system is vulnerable to attack, if the defences were sufficient and which defences (if any) were defeated in the penetration test.


Penetration tests are valuable for several reasons:

1.   Determining the feasibility of a particular set of attack vectors
2.   Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a sequence
3.   Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
4.   Assessing the magnitude of potential business and operational impacts of successful attacks
5.   Testing the ability of network defenders to successfully detect and respond to the attacks
6.   Providing evidence to support increased investments in security personnel and technology

It for most penetration tests these are the main stages that will take place in order, each stage has a higher level of access and control over the system.

Information Gathering: This is using non-intrusive techniques to gather as much information as you can on the target network. Such as crawling the internet webpages, using who is lookups, looking at company adverts and news.

Network Mapping:
 This is a more technical approach to gaining more information on the system, here you will map all live hosts on the network and on the server. Scan the ports and services. Identify the operating systems, identify firewalls, switches and routers, fingerprint services and map out what is available publically over the internet and what services are integral only.

Vulnerability Identification: This is where we will identify vulnerable services and systems. We will do this by using the service banners we attained in the previous phase. We will also perform vulnerability scans for known vulnerabilities and check for false positives. Once we discover vulnerabilities we enumerate these further and estimate the impact and privileges gained from the vulnerability. From here we can plan our attack path and scenario.

Weaponization: This is where we will find tools, scripts and exploits that will help us gain access by exploiting the vulnerabilities in the previous stage. We can also develop our own tools and scripts to exploit these vulnerabilities. Also in this stage we will optimise and customise any scripts we have so that they will work in this scenario, it is very common that we will have to modify exploits to work in the current scenario. Once we have all our tools we can test the proof of concept and see if they work with the vulnerabilities so we can eliminate false positives. At the end of this stage we can document our findings and the possible impact of these exploits.

Gaining Access: Here we will attempt to gain some sort of access to the target system, starting with low privilege access such as finding blank or default passwords in system accounts, brute forcing user accounts, and finding public services with poor configurations allowing us to read and write files for example. Here we also use our tools from the previous phase to gain what access we can.

Privilege Escalation: It is likely that we have low access on the system and cannot complete our goal yet due to incorrect privileges. In this stage we can identify local vulnerabilities that can help us get administrator or root privileges over the system such as 'root' on Unix systems and 'system' on Windows systems. Here we will have to bypass the systems internal antivirus and firewall systems. We can search for known exploits based on the findings of the internal services we have found or we can attempt to write our own.

Enumerating Further: Now we are inside the network and can see many systems that weren't accessible from the outside. Here we can obtain the stored hashes on the current system and decrypt them to see if they work on any other network systems. We can also identify all other hosts, services, firewalls, routers and switches on the network and test if they are vulnerable as done in the previous stages. We can also sniff local traffic and attempt to get more passwords to compromise other systems. Other techniques that are used in this phase are gathering important data on the local system such as cookies and browsing history to attempt password attacks on exterior web pages. We can also gather email accounts that could enable us to perform phishing attacks on other uses in the network. Also we could execute client side attacks on other network users to compromise their system with a little social engineering.

Compromising other Users/Systems: Here we put all the information found in the previous section to use and gain as much access as we can over the network. It is common to find many vulnerabilities here as often companies don't think they need to secure the local network as they do not think anyone can access it.

Maintaining Access: This is where you setup a permanent method of accessing the system so you don't have to exploit it every time you want to access it. Also this could give you access even after the vulnerability was patched. There are number of methods of doing this. You could setup a backdoor on the system that you can connect to and feed commands to, similar to a system shell. This is usually done by opening up a port on the system and allowing access by a user and password, it is important the backdoor has authentication otherwise anyone could have access to the system. Rootkits can be installed these have the highest privileges on a system even higher than the system administrator. You can also setup covert channels such as http-tunnels, icmp-tunnels and vpn tunnels which allows you to send and receive data to and from the target system undetected.

Covering Tracks: This is where you do all you can to remain undetected on the system so you can keep access for as long as possible, here you hide files used to exploit the system and that may raise suspicions. You also should clear the logs files or alter them so the attack logs are not there. You can also disable antiviruses and IDS to prevent them from finding your backdoor/rootkit.

 This is where you write your report on your findings, you must make sure you tailor your report to the skills of who will receive it, such as the developer must have detailed information on how to patch, or if it was the manager he may not have vast IT knowledge so it must be basic details with colourful graphs and images. You must include the summary of the attack, the impact, the tools used, the services that are vulnerable, the systems compromised, the information that was gathered, screenshots, dates and times of the tests, outputs of all the scans, and the next steps to work on to fix the system.

=============  Hacking Don't Need Agreements   =============
Just Remember One Thing You Don't Need To Seek Anyone's Permission To Hack Anything Or Anyone As Long As It Is Ethical, This Is The Main Principle Of Hacking Dream
            Thank You for Reading My Post, I Hope It Will Be Useful For You

I Will Be Very Happy To Help You So For Queries or Any Problem Comment Below Or You Can Mail Me At BhanuHacks@gmail.com
Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Security Analyst, Blogger, Web Developer and a Mechanical Engineer. He Enjoys writing articles, Blogging, Debugging Errors and Capture the Flags. Enjoy Learning; There is Nothing Like Absolute Defeat - Try and try until you Succeed.

No comments:

Post a Comment