Beginner’s Guide to Penetration Testing
Since you are here to read this article, we assume that you are already aware of the terms “hacking”, “hackers” and other words associated with unauthorised access. Penetration testing or ethical hacking is the process of attempting to gain access into target resources and perform actual attacks to find loopholes in the system and measure the strength of security.
In this article we will learn about penetration testing, its requirements and understand how real world ethical hackers perform hacking attacks.
Penetration testing (also called pen testing) and Vulnerability Assessment are both individual activities. Vulnerability assessment is carried out to identify the vulnerability of the system or network and patch that particular vulnerability with the creation of some controls.
Although the modus operandi may be similar, the motives behind hacking and penetration testing are polar opposites. Hacking is done with the intention of causing harm. It includes footprinting, attacks, gaining access, exploitation etc. And once the motive is fullfiled the hacker clears the tracks in other words, wipes the evidence. The target might not have any prior information regarding this.
Penetration testing, on the other hand, is carried out with the motive of enhancing the existing security level of the system. It is carried out with the approval of top management or delegates, who provide support for the testing. Penetration testing is the actual testing of the system by targeting and performing real attacks without having much information about the target systems. Many companies and government agencies hire penetration testers to check the strength of their security controls.
UK’s National Cyber Security Center summarised pentesting in one line.”A method of gaining assurance in the security of an IT system by attempting the breach of system’s security, using some tools and techniques as an adversary might”.
There are 3 main type of penetration testing:
Here the attackers have no prior or predefined information regarding the target. They have to perform common attacks using tools and techniques without any knowledge of the target’s IP address, OS details or other information. This type of testing is called covert or Red team testing
In this type of testing, attackers have some amount of information about the target like location, IP address, OS details, email ID etc. Based on the incomplete information at hand, they have to apply the appropriate method of attack and perform penetration testing.
White hat testing is comparatively downright testing with full fledged information about the target, where the hacker has all required information to perform the attack. This might include IP address, OS details, known vulnerabilities, application version and so on. This is also known as overt testing or Blue Team testing.
Penetration testing helps organizations to safeguard their assets and prevent loss of data and financial or other assest. It may be carried out by a variety of cyber criminals including hackers, extornists, disgruntled employees or any other undesirable elements.
It also helps to check the actual implementation of compliance and find out the non-compliance in the entire system or network, which can eventually lead to big mistakes and result in business loss, heavy fines and defamation.
Penetration testing helps shape your information security strategy by identifying vulnerabilities and their impacts, and defining the likelihood of future attacks, that can be mitigated proactively.
Penetration testing is more advanced than any other form of testing. In normal testing, the tester assumes that such a scenario is unlikely to happen, wherein there’s an attempt at unauthorised access and hence might have skipped some functions.
Penetration testing on the other hand requires the tester to think of all possible scenarios of attack and act like an actual attacker to design the perfect system and get the desired result.
To achieve this goal, the penetration testing process is designed in 4 major steps.
In the planning phase, top management involvement is highly recommended. With the help of delegates, the penetration team identifies the rules, objectives and goals to perform successful penetration testing. Risk of testing, required permission to access the information systems, backup plan, alternative source allocation, required downtime etc. are carried out after discussions between the tester and client.(in case of white hat testing). Without proper planning, pentesting may lead to heavy data loss or any similar failure. It is also important to get approval from the management regarding the scope. Testing without management approval can lead to major production/business impact. The penetration tester can get fired or face legal action in some cases.
In this phase, penetration testers have to get as much information as possible about the target. This includes but is not limited to IP address, OS, email IDs, locations, network maps etc. In major cases, OSINT framework will help the tester to get most of the open information about the target. After getting all the required information, they have to start vulnerability assessment using automated tools. Usually testers have their own database giving the details of the vulnerabilities. Once enough data has been gathered during the target discovery phase
This is the core process of any penetration test. In this phase, testers identify potential vulnerabilities and get those vulnerabilities verified by exploiting them. If the vulnerability actually exists, then the attack takes place successfully. This phase includes a variety of attacks like social engineering, SQL injections, implementation of the backdoors, malware attacks, phishing attacks and more. Also, the goal of this phase is to check if access can be maintained that eventually converts into privilege escalation that can keep stealing the organization’s data or keep acting as a threat for the system.
Sometimes, pentesters will leave a clue on the target system that can be reviewed in the post exploitation phase.
The reporting phase is the final stage of penetration testing where the test results are compiled as a PT report. This report includes all details about the penetration test. For example,
This report comes under the “confidential” category and only authorised personnel should have access to this report. Note of the “Acceptable use” of this report must be mentioned in this report and agreed to by both parties.
Tools play a major role in penetration testing. These tools help to identify security weaknesses in the network, server, hardware and application. Penetration tools are nothing but a software application which is developed to check loopholes that are used by the actual hacker. However, the same tools are also used by pentesters to check the threats that may compromise the security of the organization. This is like a weapon that can kill but can also protect from the enemies.
There are hundreds of tools available in the market to perform various penetration testing operations. We will look at some of the most common tools used for penetration testing which are helpful for common testing features and are widely accepted by most organizations.
Metasploit is a widely used penetration testing tool framework. Using metasploit, testing teams can verify and manage security assessments that keep white hat hackers a step ahead.
Metasploit has a user friendly GUI interface along with a command line. It also supports all operating systems like Mac OS, Linux and Windows, But it’s more commonly run on Linux. Metasploit allows testers to break into the system and identify severe flaws. Testers can exploit the flaws and perform actual attacks with this tool. Metasploit provides more than 1500 exploits using metadata.
Wireshark is the world’s most widely used network protocol analyzer. This tool helps testers to check what’s happening on the network at a microscopic level. Wireshark helps for deep inspection of hundreds of protocols along with live captures and offline analysis features. Wireshark also supports all major OS like Windows, Linux, MacOS, Solaris etc.
Powerful display filters, rich VoIP analysis, coloring rules, decryption ability and many other features make Wireshark an unbeatable industry leader in the market.
BeEF stands for Browser Exploitation Framework. This penetration testing tool is used to check a web browser and explore weaknesses on the client system and network. It also looks past hardened network parameters and client systems.
It can use more than one browser for launching directed command modules and further attacks in the context of the browsers.
Burp suit is ideal for testing web-based applications. Burp Suite is widely used by most information security professionals.
This framework uses web based penetration testing on the JAVA platform with automatic crawling capacity over the application.It has features to map the tack surface and analyze requests between a browser and destination servers.
For 20 years, 30000 companies have been using Nessus tools for their penetration testing process. This is the most powerful tool in the world with more than 45000 CES (Cyber Exposure Score) and 100000 plus plugins for scanning the IP addresses, websites and completing sensitive data searches. Using Nessus testers can locate the weak points in the systems. 
Nessus can be helpful for locating and identifying missing patches, malware including all operating systems, applications, mobile scanning. Fully featured dashboard, wide range scanning capacity and multi format report facility makes Nessus the best tool for VAPT worldwide.
Free, flexible, powerful, portable and easy to use, Nmap is an open source network discovery and security auditing tool.
Nmap is useful to check and manage service upgrade schedules, monitoring host and running services with uptime, network inventory management etc. It uses raw IP packets to determine whether hosts are available or not. Nmap also helps to check what services are running hosts along with application name, version, operating systems details. Testers can check what type of packet filters are in use. Nmap has the ability to scan a single system to large networks. It supports almost all operating systems.
Nmap is so popular that it has been featured in 12 movies including The Matrix, Snowden, Ocean’s 8, Die Hard 4, Girl with the Dragon Tattoo etc.
Aircrack NG is the tool for assessment of wireless security. Aircrack can monitor captured packets and transfer data to the text file which can help third party tools for monitoring processes. Using Aircrack, pentesters can crack WEP and WPA protocols. The CLI interface of Aircrack allows heavy scripting yet also supports GUIs and operating systems like Windows, OSx etc.
SQLmap is a tool to automate the process of detection and exploitation of SQL injection flaws into the application and database servers. SQLmap comes with a powerful detection engine that supports all database management systems. It supports all six SQL injection techniques like boolean based blind, time based blind, error based, Union based etc.
By providing proper authentication, IP address, port and database name it can bypass SQL injection and connect with the database.
ZAP is a free, open source penetration testing tool for testing web applications. It is also known as “man in the middle proxy” because it stands between the tester’s browser and the web application so that it can intercept messages, modify if required and send to the destination. It supports all major OSs and Docker.
It can also construct a map of the application and record the requests and responses and generate alerts if something is wrong.
SET (Social engineering toolkit) is an open source penetration testing framework designed to perform social engineering attacks. It is designed to perform a human-side penetration test to check if any human error can convert into a threat for the organization.
SET has a number of custom attack vectors in which targets can get trapped easily. SET can be integrated with Metasploit framework. Using SET penetration, testers can perform Phishing attack, website attack, malware attack, create payload and eavesdropping, mass mailing etc.
These are the very basic and common tools used by penetration testers or white hat hackers to find out major weaknesses in the systems or network. There are more than 300 tools available on specialised OS for penetration testing like Kali Linux, Parrot Security Operating system, Backbox, DEFT, Samurai Web testing framework, Node Zero etc.
In this article we have learned what exactly penetration testing is, and what is the importance of testing in the organization. The tools and techniques discussed can vary from organization to organization, but the objective will remain the same – to protect the assets of the organization from outside attackers. Skilled penetration testers can find more and more loopholes, which can then be patched to make systems more secure.
Mobile device security and cloud security are also expanding the scope of penetration testing. As a penetration tester, one has to get ready and know about the vulnerabilities and testing in these areas as well. Remember, this is a game where a penetration tester always has to stay one step ahead of a black hat hacker, since ultimately there can only be one winner; either the attacker or the organization.
Research & References of Beginner’s Guide to Penetration Testing|A&C Accounting And Tax Services
Source