Processes and tools of Penetration Testing | What is penetration testing?

 

What is penetration testing?

Penetration testing (also called ethical hacking) is the process of attacking a network or system to detect and fix the target’s weaknesses. Businesses are willing to shell out some cash in order to protect their systems from black hat hackers. Because of this, penetration testing serves as a profitable and exciting activity for ethical hackers.

A penetration tester tries to breach the defenses of his target without prior access to any username, password, or other related information. The tester will use his skills, tools, and knowledge to obtain data related to his target and prove the existence of vulnerabilities. When attacking a local network, a penetration test would be considered successful if the tester successfully collects confidential information.

As you can see, penetration testing has a lot of similarities with malicious hacking. There are two major differences between these two: permission and the hacker’s intentions. A tester has the permission to attack his target. And his main goal is to help his clients improve their digital security. In contrast, malicious hackers don’t ask for the target’s permission. They simply perform attacks in order to steal information, destroy networks, or attain other horrible goals. Often, a tester needs to attack his target as a basic user. He must enhance his access rights and/or collect information that other basic users cannot reach.

Some clients want the tester to focus on a single vulnerability. In most cases, however, a tester must record each weakness that he will discover. The repeatability of the hacking process is important. Your clients won’t believe your findings if you can’t repeat what you did.

Penetration Testing – The Process

Here’s a detailed description of the process involved in penetration testing:

Secure Permission

Don’t do anything on your target until you have written permission from your client. This document can protect you from nasty lawsuits or similar problems. Verbal authorization is not sufficient when performing hacking attacks. Remember: countries are implementing strict rules and penalties regarding activities related to hacking.

Formulate a Plan

A plan can boost your chances of succeeding. Hacking a system can be extremely complicated, especially when you are dealing with modern or unfamiliar systems. The last thing you want to do is launch an attack with unorganized thoughts and tricks.
When creating a plan, you should:

• Specify your target/s
• Determine the risks
• Determine the schedule and deadline of your penetration test
• Specify the methods that you’ll use
• Identify the information and access that you will have at the start of your test
• Specify the “deliverables” (the output that you’ll submit to your client)

Focus on targets that are vulnerable or important. Once you have tested the “heavyweights”, the remaining part of the test will be quick and easy. You should be extremely careful when choosing a hacking method. Consider the effects of that method and how your target will likely respond. For example, password crackers can lock out legitimate users from the system. This type of accident can be disastrous during business hours.
Here are some targets that you can attack:

• Mobile devices (e.g. smartphones)
• Operating Systems
• Firewalls
• Email servers
• Network Infrastructure
• Workstations
• Computer programs (e.g. email clients)
• Routers

Choose Your Tools

Kali Linux contains various hacking tools. If you are using that operating system, you won’t need to download other programs for your penetration tests. However, Kali’s large collection of tools can be daunting and/or confusing. You might have problems identifying the tools you need for each task that you must accomplish.

Here are some of the most popular tools in Kali Linux:

• Nmap – You’ll find this program in the toolkit of almost all hackers. It is one of most powerful tools that you can use when it comes to security auditing and network discovery. If you are a network administrator, you may also use Nmap in tracking host uptime, controlling the schedule of your service upgrades, and checking network inventory.

This tool is perfect for scanning huge computer networks. However, it is also effective when used against small targets. Because Nmap is popular, you will find lots of available resources in mastering this program.

• Ghost Phisher – This tool is an Ethernet and wireless attack program. It can turn your computer into an access point (or a hotspot) and hijack other machines. It can also work with the Metasploit framework (you will learn more about Metasploit later).
• Maltego Teeth – With this program, you will see the threats that are present in your target’s environment. Maltego Teeth can show the seriousness and complications of different failure points. You will also discover the trust-based relationships inside the infrastructure of your target.

This tool uses the internet to collect information about your target system and its users.

Hackers use Maltego Teeth to determine the relationships between:

• Domains
• Companies
• Phrases
• Files
• People
• Netblocks
• Websites
• IP addresses
• Affiliations

Wireshark – Many hackers consider this tool as the best analyzer for network protocols. It allows you to monitor all activities in a network. The major features of Wireshark are:

• It can capture data packets and perform offline analysis
• It can perform VoIP (i.e. Voice over Internet Protocol) analysis
• It has a user-friendly GUI (graphical user interface)
• It can export data to different file types (e.g. CSV, plaintext, XML, etc.)
• It can run on different operating systems (e.g. OS X, Linux, NetBSD, etc.)

Exploitdb – The term “exploitdb” is the abbreviation for “Exploit Database”. Basically, exploitdb is a collection of exploits (i.e. a program that “exploits” a target’s vulnerability) and the software they can run on. The main purpose of this database is to provide a comprehensive and up-to-date collection of exploits that computer researchers and penetration testers can use. You need to find vulnerability before attacking a target. And you need an exploit that works on the vulnerability you found. You’ll spend days (or even weeks) just searching for potential weaknesses and creating effective exploits. With exploitdb, your tasks will become quick and easy. You just have to run a search for the operating system and/or program you want to attack, and exploitdb will give you all the information you need.

Aircrack-ng – This is a collection of tools that you can use to test WiFi networks. With Aircrack-ng, you can check the following aspects of wireless networks:

• Testing – You can use it to test your drivers and WiFi cards.
• Attacking – Use Aircrack-ng to perform packet injections against your targets.
• Cracking – This tool allows you to collect data packets and crack passwords.
• Monitoring – You may capture packets of data and save them as a text file. Then, you may use the resulting files with other hacking tools.

Johnny – This tool is an open-source GUI for “John the Ripper”, a well-known password cracker. It is possible to use “JTR” as is. However, Johnny can automate the tasks involved in cracking passwords. In addition, this GUI adds more functions to the JTR program.

Implement Your Plan

Penetration testing requires persistence. You need to be patient while attacking your target. Sometimes, cracking a single password can take several days. Carefulness is also important. Protect the information you’ll gather as much as you can. If other people will get their hands on your findings, your target will be in extreme danger.

You don’t have to search for potential hackers before running your test. If you can keep

your activities private and secure, you are good to go. This principle is crucial during the

transmission of your findings to your clients. If you have to send the information via

email, you must encrypt it and set a password for it.

You can divide the execution of an attack into four phases:

1. Collect information regarding your target. Google can help you with this task.

2. Trim down your options. If you conducted a successful research, you will have a lot

of potential points of entry. You have limited time so it would be impossible to

check all of those entry points. Evaluate each system and choose the ones that seem

vulnerable.

3. Use your tools to reduce your options further. You can use scanners and data packet collectors to find the best targets for your attack.

4. Conduct your attack and record your findings.

Evaluate the Results

Analyze the data you collected. That data will help you in detecting network vulnerabilities and proving their existence. Knowledge plays an important role in this task. You will surely face some difficulties during your first few tries. However, things will become easy once you have gained the requisite knowledge and experience. Create a written report regarding your findings.

The Different Forms of Penetration Tests

The form of penetration test that you’ll conduct depends on the needs of your client. In

this part of the book, you’ll learn about the different kinds of “pen tests”.

Black Box Tests

In a black box test, you don’t have any information regarding your target. Your first task is to research about your client’s network. Your client will define the results they need, but they won’t give you other pieces of data.

The Advantages

• The tester will start from scratch. Thus, he will act like a malicious hacker who wants to access a network.
• The tester will have higher chances of detecting conflicts in the network.
• The tester doesn’t need to be an expert programmer. Unlike other types of pen tests, black box tests don’t rely on ready-made scripts.

The Disadvantages

• It can be time-consuming.
• It is extremely complex. The tester needs to spend time and effort in designing and launching an attack.

White Box Tests

These tests are detailed and comprehensive since the hacker has access to all the information related to his target. For example, the hacker can use the IP addresses and source codes of a network as basis for his attack. This form of test relies heavily on codes and programming skills.

The Advantages

• It makes sure that each module path is working properly.
• It makes sure that each logical decision is verified and comes with the right
• Boolean value.
• It allows the hacker to detect errors in scripts.
• It helps the hacker in identifying design flaws that result from conflicts between the
• target’s logical flow and actual implementation.

Gray Box Tests

Here, the hacker has access to some information regarding his target. You may think of a gray box test as a combination of black box and white box tests.

The Advantages

• The hacker can perform the test even without using the network’s source code.Thus, the penetration test is objective and non-intrusive.
• There will be the minimal connection between the tester and the developer.
• The client doesn’t need to supply every piece of information to the tester. Sharing private or sensitive information with an outsider is extremely risky, especially if that third party is skilled in attacking networks.

Different Facets of a Penetration Test

Network Penetration

This facet focuses on the physical attributes of your target. The main goal of this facet is to identify vulnerabilities, determine risks, and ensure the security of a network. As the hacker, you should search for flaws in the design, operation, or implementation of the network you’re dealing with. You will probably hack modems, computers, and access devices in this part of the attack.

Application Penetration

In this facet, you will concentrate on the target’s logical structure. It simulates hacking attacks to verify the effectiveness of the network’s existing defenses. Application penetration usually requires hackers to test the firewall and/or monitoring mechanisms of their target.

System Workflows or Responses

This facet focuses on how the organization’s workflows and responses will change during an attack. It also involves the relationship of end-users with their computers. During this, the penetration tester will know whether the members of the network can prevent malicious attacks.

What are the types of penetration testers

Manual Penetration Tests

You will run manual tests most of the time. Here, you will use your tools, skills, and knowledge to find the weaknesses of a network.

Manual tests involve the following steps:

• Research – This step has a huge influence over the entire process. If you have a lot of information about your target, attacking it will be easy. You can conduct research using the internet. For example, you may look for specific information manually or run your hacking tools.
• Assessment of Weaknesses – Analyze the information you collected and identify the potential weaknesses of the target. Your knowledge and experience will help you in this task. Obviously, you need to work on the obvious weaknesses first. That’s because these weaknesses attract black hat hackers.
• Exploitation – Now that you know the specific weaknesses of your target, you must perform an attack. You will “exploit” a weakness by attacking it with a hacking tool.
• Preparation and Submission of Output – Record all the information you gathered during the test. Arrange the data so that your clients can easily determine the next steps. Make sure that your report is clearly explained. Don’t use jargon.

White hat hackers divide manual penetration tests into the following categories:

• Comprehensive Tests – This kind of test covers an entire network. A comprehensive test aims to determine the connections between the parts of a target. However, comprehensive tests are time-consuming and situational.
• Focused Tests – Tests that belong to this category concentrate on a specific risk or vulnerability. Here, the hacker will use his skills in pinpointing and exploiting certain vulnerabilities in a network

Automated Penetration Tests

Automated tests are easy, fast, reliable and efficient. You can get detailed reports just by pressing a single button. The program will take care of everything on your behalf. In general, the programs used in this test are newbie-friendly. They don’t require special skills or knowledge. If you can read and use a mouse, you’re good to go. The most popular programs for automated tests are Metasploit, Nessus, and OpenVAs. Metasploit is a hacking framework that can launch attacks against any operating system. Hackers consider Metasploit as their primary weapon.

Infrastructure Tests

A computer system or network usually consists of multiple devices. Most of these devices play an important role in keeping the system/network stable and effective. If one of these devices malfunctions, the entire system or network might suffer. That is the reason why penetration testers must attack the infrastructure of their targets.

The Legal Aspect of Penetration Tests

As a hacker, you will deal with confidential data concerning a business or organization.

Accidents might happen, and the information may leak to other people. That means you

need to be prepared for legal issues that may arise in your hacking projects.

Legal Problems

Here are some of the legal problems that you may face:

• Leakage of confidential information
• Financial losses caused by faulty tests