Pentesting and Ethical Hacking
Pentesting and Ethical Hacking
Types of Tests
The prototypical hacker is skilled at finding the one vulnerability or vulnerable machine that gives away the rest of the network. This type of scanning, probing, exploiting, and escalating are called penetration testing. The primary goal of pen testing is to "OWN" the network. It also doesn’t just stops there the second goal is to own the network in as many different ways possible. As pen testing is a great way to test out the network, it also tells you the effectiveness of an organization’s security measures and to expose the security gaps. Although you hear about penetration testing and vulnerability assessment you should never get the two confused. Vulnerability assessment scans for and points out the vulnerabilities but does not exploit them. There are tools such as ISS, Nessus, or Retina. You can download these tools at there original website I will post them at the end of this article. Alright now on to the beginning steps.
The first step in the pen-testing process is target discovery. Given that you have no information on the target, you want to find out as much about the target before jumping straight into ping sweeps and port scans. This process is called “foot printing” and is an important part of the attack. This is the way an unauthorized hacker would start an attack. This is called open source research. The whois and ARIN/RIPE/APNIC databases provide a wealth of information including ip ranges, name servers and potential usernames listed as contacts. One good source to find out information like this is http://www.networksolutions.com.
After gathering as much information as possible anonymously, its time to get a little more aggressive. This is the part where you find out which hosts are alive in your targets ip range. Ping sweeps would usually get you through this but now in days everyone is packing firewalls. Once you have got a list of live hosts it is time to find out which ports are open on them. There are many port scanners out there but I find most people like to use NMAP. Now that you got the lists of open ports to the live host it is time to find the vulnerabilities.
Each open port indicates a running service. Many of these services have known vulnerabilities. This enumeration involves actively trying to pull service banners, sniffing credentials on the wire, enumerating network shares from NETBIOS information, and pinpointing unpatched operating system components. There are many exploits for these services so I will not be able to even touch all of them. Keep in mind this should be the steps that an ethical hacker should take for pen testing. After having a list of systems you think are vulnerable to various exploits, its time to prove it.
On pen-test especially, it’s important to actually penetrate, gaining user and eventually privileged access on as many systems as possible. If you can show that you “own” every box on the network or that you have unfettered access to information considered to be a “golden nugget”. Those are some of the basic steps to pen testing. Although it does go in to depth, if these simple steps prove that you have flaws in your network you need to consider your security of you network. There are many websites and companies out there will to test out your network for a reasonable fee. ResearchRooted.org is one of the sites that will provide these tools to further help your company. As I said I would give you a website where you can find most the things I have talked about.
ResearchRooted.org Article.pro Networksolutions.com Seclists.org