Penetration Testing Ethical Hacking Course by HackersWorld
Penetration Testing
A penetration test is when ethical hackers do their magic. They can test many of the vulnerabilities identified during the vulnerability assessment to quantify the actual threat and risk posed by the vulnerability.
When ethical hackers are carrying out a penetration test, their ultimate goal is usually to break into a system and hop from system until they "own" the domain or environment. They own the domain or environment when they either have root privileges on the most critical Unix or Linux system or own the domain administrator account that can access and control all of the resources on the network. They do this to show the customer (company) what an actual attacker can do under the circumstances and current security posture of the network.
Many times, while the ethical hacker is carrying out her procedures to gain total control of the network, she will pick up significant trophies along the way. These trophies can include the CEO's passwords, company trade-secret documentation, administrative passwords to all border routers, documents marked "confidential" held on the CFO's and CIO's laptops, or the combination to the company vault. The reason these trophies are collected along the way is so the decision markers understand the ramification of these vulnerabilities. A security professional can go on for hours to the CEO, CIO, or COO about services, open ports, misconfigurations, and hacker potential without making a point that this audience would understand or care about. But as soon as you show the CFO his next year's projections, or show the CIO all of the blueprints to the next year's product line, or tell the CEO that his password is "IAmWearingPanties," they will all want to learn more about the importance of a firewall and other countermeasures that should be put into place.
Caution No security professional should ever try to embarrass a customer or make them feel inadequate for their lack of security. This is why the security professional has been invited into the environment. He is a guest and is there to help solve the problem, no point fingers. Also, in most cases, any sensitive data should not be read by the penetration team because of the possibilities of future lawsuits pertaining to the use of confidential information.
The goal of a vulnerability test is to provide a listing of all of the vulnerabilities within a network. The goal of a penetration test is to show the company how these vulnerabilities can be used against it by attackers. From here, the security professional (ethical hacker) provides advice on the necessary countermeasures that should be implemented to reduce the threats of these vulnerability tools and methods as well as sophisticated to reduce the threats of these vulnerabilities individually and collectively. Here we will cover advanced vulnerability tools and methods as well as sophisticated penetration techniques. Then we'll dig into the programming code to show you how skilled attackers identify vulnerabilities and develop new tools to exploit their findings.
Let's take a look at the ethical penetration testing process and see how it differs from that of unethical hacker activities.
The Penetration Testing Process
1. Form two or three teams:
- Red team - The attack team
- White team - Network administration, the victim
- Blue team - Management coordinating and overseeing the test (optional)
2. Establish the ground rules:
- Testing objectives
- What to attack, what is hand-off
- Who know what about the other team (Are both teams aware of the other? Is the testing single blind or double blind?)
- Start and stop dates
👉Just because a client asks for it, doesn't mean that it's legal.
👉The ethical hacker must know the relevant local, state, and federal laws and how they pertain to testing procedures.
- Confidentiality/Nondisclosure
- Reporting requirements
- Formalized approval and written agreement with signature and contact information
👉Keep this document handy during the testing. It may be needed as a "get out of jail free" card
Penetration Testing Activities
3.Passive Scanning Gather as much information about the target as possible while maintaining zero contact between the penetration tester and the target. Passive scanning can include interrogating:
- The company's website and source code
- Social networking
- Whois database
- Edgar database
- Newsgroups
- ARIN, RIPE, APNIC, LACNIC databases
- Google, Monster.com, etc.
- Dumpster diving
4. Active Scanning Probe the target's public exposure with scanning tools, which might include:
- Commercial scanning tools
- Banner grabbing
- Social engineering
- War dialing
- DNS zone transfers
- Sniffing traffic
- Wireless war driving
5. Attack surface enumeration Probe the target network to identify, enumerate, and document each exposed device:
- Network mapping
- Router and switch locations
- Perimeter firewalls
- LAN, MAN, and WAN connections
6. Fingerprinting Perform a through probe of the target systems to identify:
- Operating system type and patch level
- Applications and patch level
- Open ports
- Running services
- User accounts
7. Target System Selection Identify the most useful target(s).
8. Exploiting the uncovered vulnerabilities Execute the appropriate attack tools targeted at the suspected exposures.
- Some may not work.
- Some may kill services or even the server.
- Some may be successful.
9. Escalation of privilege Escalate the security context so the ethical hacker has more control.
- Gaining root or administrative rights
- Using cracked password for unauthorized access
- Carrying out buffer overflow to gain local versus remote control
10. Documentation and reporting Document everything found, how it was found, the tools that were used, vulnerabilities that were exploited, the timeline of activities, and successes, etc.
My Official YouTube channel 👉 HackersWorld (You Tube)
Follow me on Facebook Page 👉 OMG (Hackersworld Official)
Comments
Post a Comment