Penetration testing (also called ethical hacking) is the process of attacking a network or
system to detect and fix the target’s weaknesses. Businesses are willing to shell out some
cash in order to protect their systems from black hat hackers. Because of this, penetration
testing serves as a profitable and exciting activity for ethical hackers.
This chapter will teach you the basics of penetration testing. It will explain the core
principles of “pen testing” and give you a list of tools that you must use. In addition, it
will provide you with a step-by-step plan for conducting a penetration test.
Penetration Testing – The Basics
A penetration tester tries to breach the defenses of his target without prior access to any
username, password, or other related information. The tester will use his skills, tools, and
knowledge to obtain data related to his target and prove the existence of vulnerabilities.
When attacking a local network, a penetration test would be considered successful if the
tester successfully collects confidential information.
As you can see, penetration testing has a lot of similarities with malicious hacking. There
are two major differences between these two: permission and the hacker’s intentions. A
tester has the permission to attack his target. And his main goal is to help his clients
improve their digital security. In contrast, malicious hackers don’t ask for the target’s
permission. They simply perform attacks in order to steal information, destroy networks,
or attain other horrible goals.
Often, a tester needs to attack his target as a basic user. He must enhance his access rights
and/or collect information that other basic users cannot reach.
Some clients want the tester to focus on a single vulnerability. In most cases, however, a
tester must record each weakness that he will discover. The repeatability of the hacking
process is important. Your clients won’t believe your findings if you can’t repeat what you
The Rules of Penetration Testing
Remember that there’s a fine line between penetration testing and malicious hacking. To
make sure that you will not “go over” to the dark side, follow these simple rules:
Focus on Ethics
You should work as a professional. Consider your morals and personal principles. It
doesn’t matter whether you’re attacking your own computer or testing a company’s
network: all of your activities must be aligned with your goals. Do not aim for any hidden
As an ethical hacker, trustworthiness is your main asset. Never use client-related
information for personal purposes. If you’ll ignore this rule, you might find yourself
Every piece of information that you’ll collect during a penetration test is important. Never
use that data to gather corporate details or spy on other people. If you have to share any
information, talk to the authorized personnel.
Don’t Crash Any System
Inexperienced hackers usually crash their targets accidentally. This tendency results from
poor planning and preparation. Most beginners don’t even read the instructions that come
with the tools they are using.
Your system can experience DoS (denial-of-service) during a penetration test. This often
happens when the hacker runs multiple tests simultaneously. It would be best if you’ll wait
for a test to finish before running another one. Don’t assume that your target can survive
your attacks without any form of damage.
Important Note: Your goal is to help your clients in improving their digital security. The
last thing you want to do is bring down their entire network while you’re conducting a
test. This event will ruin your reputation as a hacker.
Penetration Testing – The Process
Here’s a detailed description of the process involved in penetration testing:
Don’t do anything on your target until you have written permission from your client. This
document can protect you from nasty lawsuits or similar problems. Verbal authorization is
not sufficient when performing hacking attacks. Remember: countries are implementing
strict rules and penalties regarding activities related to hacking.
Formulate a Plan
A plan can boost your chances of succeeding. Hacking a system can be extremely
complicated, especially when you are dealing with modern or unfamiliar systems. The last
thing you want to do is launch an attack with unorganized thoughts and tricks.
When creating a plan, you should:
Specify your target/s
Determine the risks
Determine the schedule and deadline of your penetration test
Specify the methods that you’ll use
Identify the information and access that you will have at the start of your test
Specify the “deliverables” (the output that you’ll submit to your client)
Focus on targets that are vulnerable or important. Once you have tested the
“heavyweights”, the remaining part of the test will be quick and easy.
Here are some targets that you can attack:
Mobile devices (e.g. smartphones)
Computer programs (e.g. email clients)
Important Note: You should be extremely careful when choosing a hacking method.
Consider the effects of that method and how your target will likely respond. For example,
password crackers can lock out legitimate users from the system. This type of accident can
be disastrous during business hours.
Choose Your Tools
Kali Linux contains various hacking tools. If you are using that operating system, you
won’t need to download other programs for your penetration tests. However, Kali’s large
collection of tools can be daunting and/or confusing. You might have problems identifying
the tools you need for each task that you must accomplish.
Here are some of the most popular tools in Kali Linux:
Nmap – You’ll find this program in the toolkit of almost all hackers. It is one of
most powerful tools that you can use when it comes to security auditing and
network discovery. If you are a network administrator, you may also use Nmap in
tracking host uptime, controlling the schedule of your service upgrades, and
checking network inventory.
This tool is perfect for scanning huge computer networks. However, it is also effective
when used against small targets. Because Nmap is popular, you will find lots of available
resources in mastering this program.
Ghost Phisher – This tool is an Ethernet and wireless attack program. It can turn
your computer into an access point (or a hotspot) and hijack other machines. It can
also work with the Metasploit framework (you will learn more about Metasploit
Maltego Teeth – With this program, you will see the threats that are present in your
target’s environment. Maltego Teeth can show the seriousness and complications of
different failure points. You will also discover the trust-based relationships inside
the infrastructure of your target.
This tool uses the internet to collect information about your target system and its users.
Hackers use Maltego Teeth to determine the relationships between:
Wireshark – Many hackers consider this tool as the best analyzer for network
protocols. It allows you to monitor all activities in a network. The major features of
It can capture data packets and perform offline analysis
It can perform VoIP (i.e. Voice over Internet Protocol) analysis
It has a user-friendly GUI (graphical user interface)
It can export data to different file types (e.g. CSV, plaintext, XML, etc.)
It can run on different operating systems (e.g. OS X, Linux, NetBSD, etc.)
Exploitdb – The term “exploitdb” is the abbreviation for “Exploit Database”.
Basically, exploitdb is a collection of exploits (i.e. a program that “exploits” a
target’s vulnerability) and the software they can run on. The main purpose of this
database is to provide a comprehensive and up-to-date collection of exploits that
computer researchers and penetration testers can use.
You need to find vulnerability before attacking a target. And you need an exploit that
works on the vulnerability you found. You’ll spend days (or even weeks) just searching
for potential weaknesses and creating effective exploits. With exploitdb, your tasks will
become quick and easy. You just have to run a search for the operating system and/or
program you want to attack, and exploitdb will give you all the information you need.
Aircrack-ng – This is a collection of tools that you can use to test WiFi networks.
With Aircrack-ng, you can check the following aspects of wireless networks:
Testing – You can use it to test your drivers and WiFi cards.
Attacking – Use Aircrack-ng to perform packet injections against your
Cracking – This tool allows you to collect data packets and crack passwords.
Monitoring – You may capture packets of data and save them as a text file.
Then, you may use the resulting files with other hacking tools.
Johnny – This tool is an open-source GUI for “John the Ripper”, a well-known
password cracker. It is possible to use “JTR” as is. However, Johnny can automate
the tasks involved in cracking passwords. In addition, this GUI adds more functions
to the JTR program.
Implement Your Plan
Penetration testing requires persistence. You need to be patient while attacking your target.
Sometimes, cracking a single password can take several days. Carefulness is also
important. Protect the information you’ll gather as much as you can. If other people will
get their hands on your findings, your target will be in extreme danger.
You don’t have to search for potential hackers before running your test. If you can keep
your activities private and secure, you are good to go. This principle is crucial during the
transmission of your findings to your clients. If you have to send the information via
email, you must encrypt it and set a password for it.
You can divide the execution of an attack into four phases:
1. Collect information regarding your target. Google can help you with this task.
2. Trim down your options. If you conducted a successful research, you will have a lot
of potential points of entry. You have limited time so it would be impossible to
check all of those entry points. Evaluate each system and choose the ones that seem
3. Use your tools to reduce your options further. You can use scanners and data packet
collectors to find the best targets for your attack.
4. Conduct your attack and record your findings.
Evaluate the Results
Analyze the data you collected. That data will help you in detecting network
vulnerabilities and proving their existence. Knowledge plays an important role in this task.
You will surely face some difficulties during your first few tries. However, things will
become easy once you have gained the requisite knowledge and experience.
Important Note: Create a written report regarding your findings. Share the data with your
clients to prove that hiring you is one of the best decisions they made.