(W01M02) Building Blocks of Penetration Test - Free Access

Introduction

Ethical hacking and penetration testing go hand in hand. You will not find any difference in between both of them. Nevertheless, the only difference is how you see it.

What is Penetration Testing?

Penetration testing discovers the actual attack footprint of your organization’s information security. Misunderstanding penetration testing with the vulnerability assessments results in less accurate outcomes and doesn’t present the actual weakness of your information security blueprint. Penetration testing requires experience in hacking into systems rather than just highlighting the vulnerabilities, which exist in your IT environment. Generally, you can say that “penetration testing is actual exploitation of vulnerabilities by means of ethical hacking”.

In the cycle of running of penetration test, a security professional is expected to run the exploits and emulate the successful exploitation; thus, penetrating into organizational systems.

There are three the most popular types of penetration testing adopted by the White Hat community:

    • External Penetration Testing

    • Internal Penetration Testing

    • Web Application Penetration Testing

We will cover all three in this module. But, before we discuss in details about the types of penetration testing, let's have a look at penetration testing methodology, which is a common factor among these types. In the information security industry, there are many types of set methodologies that may be easily adopted for any kind of penetration test. Nonetheless, you should be intelligent enough to find out which is the best for your need.

Here, I will name few of these standards & methodologies, and then, we will define the generic model that suites best for your need and can be easily adopted and customized according to the requirement.

Known Methodologies and standards in Penetration Testing

OSSTMM: The aim of The Open Source Security Testing Methodology Manual is to set a standard for Internet security testing. It aims to form a comprehensive baseline for testing, which ensures that  complete and comprehensive penetration test has been undertaken. This should enable a client to be certain of the level of technical assessment, independently from other organizational concerns, such as the corporate profile of the penetration-testing provider.

CHECK: The CESG IT Health Check scheme is instigated to ensure that sensitive government networks and constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) have been secured and tested to a consistently high level. The methodology aims to identify vulnerabilities of IT systems and networks that may compromise the confidentiality, integrity or availability of information held on that systems. CHECK consultants are only required during the assessment to HMG, or related parties, and meet the requirements above. In the absence of other standards, CHECK became a de-facto standard for penetration testing in the UK. Companies belonging to CHECK must have employees that are security cleared and have passed the CESG Hacking Assault Course. However, open source methodologies  provide viable and comprehensive alternatives, without UK Government association.

OWASP: The Open Web Application Security Project (OWASP) is an open source community project that developes software tools,  knowledge and  documentation helpful for people in securing Web applications and Web services. OWASP is an open source reference point for system architects, developers, vendors, consumers and security professionals that involved in designing, developing, deploying and testing the security of Web applications and Web Services. In short, the OWASP aims to help everyone to build more secure Web applications and Web services.

Standards for Information Systems Auditing (ISACA): ISACA was established in 1967 and became a pace-setting global organization for information governance, control, security and audit professionals. Its IS auditing and IS control standards are followed by practitioners worldwide. Its research pinpoint professional issues challenging its constituents. T the Certified Information Systems Auditor (CISA) is ISACA's cornerstone certification. The National Institute of Standards and Technology (NIST) discusses penetration testing in Special Publication 800-42, Guideline on Network Security Testing. NIST's methodology is less comprehensive than the OSSTMM; however, it is more likely to be accepted by regulatory agencies.

Penetration Testing Methodology

In any type of penetration test, there is certain requirement that needs to be fulfilled before you start testing. First of all, you should know the target that is required to be tested. This is the best fit for network penetration testing. In relation to the target, the first phase is called “information gathering” , i.e. knowing more about the target.

Information Gathering

This is where you find more information about the targe. We have already discussed some of these points in module 01 (under reconnaissance); however, we need to understand more on how to perform information gathering during a real penetration test. [There will be no passive information gathering explanation in this module.]

Identifying Live Hosts

Information gathering starts by identifying the live hosts in the targeted organization. How this should be achieved? You will get the information about target by the organization for which you are running penetration test. This could be range of Internet addresses (more than 90% it happens) in the industry until and unless you are just running web application pen test.

Discovering Operating Systems

The second step is identifying the operating system of the hosts, which have been discovered in previous step. Here, it is necessary to know more about the hosted machine. This could be a network device, database server,  windows or Linux machine.

Discovering Ports and Services

Once you have discovered the type of operating system, the next step is finding the open ports and the services hosted by these host machines. Overall Life Cycle of Information Gathering Phase:metodology

Vulnerability Assessment

Vulnerability assessment is the actual phase, where you discover potential vulnerabilities throughout the IT environment. There are many tools available that automate this process, so that even an inexperienced security professional or administrator can effectively determine a security posture of this environment. You cannot directly jump to discover vulnerabilities (generally, you can, but, for understanding at this level you can not). Lets consider what we have gathered so far from previous steps.

We know our target >> we know what operating system is running on which host >> we know what services are hosted.

Its now time to discover vulnerabilities, as we have mentioned that there are many tools available in the market, which do it for you quickly and present the exact picture of the vulnerability blueprint of the scanned systems . This will experience in our lab module.


Exploitation

Before exploitation

Before you commence with testing, there are requirements that must be taken into consideration. You will need to determine the proper scoping of the test, timeframes, restrictions, type of testing, and how to deal with third-party equipment and IP space. The Penetration Testing Execution Standard (PTES) lists these scoping items as part of the "Pre-Engagement Interaction" stage. You should set proper limitations that are essential, if you want to be successful at performing penetration testing.  Also it is highly recommended to define start and end dates for your services.

Exploit the target

This is the last and critical part of the methodology where the actual exploitation begins. I would say, if you have worked well on information gathering then, the success rate for exploitation would be higher. Otherwise, just running the exploits is the job of script kiddies. What required in this phase is, thorough study of the vulnerabilities discovered and the impact of the vulnerabilities, you should have enough skills to understand what the script is or to exploit cause; what are the outcomes of exploiting this vulnerability and more important,what is the risk that vulnerability expose if successfully exploited.


Summary

Working in the field of ethical hacking and penetration requires being up to date with the industry standards, techniques and tools. However, the success factor doesn’t directly depends on the techniques and skills you are using. But, if you have ever get a chance to use backtrack then it’s: “The quieter you are, the more you are able to hear”. If your information gathering was strong, you can succeed in the exploitation phase. Its 90/10 principle which means 90 percent of your time is taken by information gathering part and only 10 percent of your time goes for actual exploitation part of any penetration test.

 

SEE ALL Add a note
YOU
Add your Comment
 

Certificate Code

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.