Penetration testing (also called ethical hacking) is the process of attacking a network or

system to detect and fix the target’s weaknesses. Businesses are willing to shell out some

cash in order to protect their systems from black hat hackers. Because of this, penetration

testing serves as a profitable and exciting activity for ethical hackers.

This chapter will teach you the basics of penetration testing. It will explain the core

principles of “pen testing” and give you a list of tools that you must use. In addition, it

will provide you with a step-by-step plan for conducting a penetration test.

Penetration Testing – The Basics

A penetration tester tries to breach the defenses of his target without prior access to any

username, password, or other related information. The tester will use his skills, tools, and

knowledge to obtain data related to his target and prove the existence of vulnerabilities.

When attacking a local network, a penetration test would be considered successful if the

tester successfully collects confidential information.

As you can see, penetration testing has a lot of similarities with malicious hacking. There

are two major differences between these two: permission and the hacker’s intentions. A

tester has the permission to attack his target. And his main goal is to help his clients

improve their digital security. In contrast, malicious hackers don’t ask for the target’s

permission. They simply perform attacks in order to steal information, destroy networks,

or attain other horrible goals.

Often, a tester needs to attack his target as a basic user. He must enhance his access rights

and/or collect information that other basic users cannot reach.

Some clients want the tester to focus on a single vulnerability. In most cases, however, a

tester must record each weakness that he will discover. The repeatability of the hacking

process is important. Your clients won’t believe your findings if you can’t repeat what you

did.

The Rules of Penetration Testing

Remember that there’s a fine line between penetration testing and malicious hacking. To

make sure that you will not “go over” to the dark side, follow these simple rules:

Focus on Ethics

You should work as a professional. Consider your morals and personal principles. It

doesn’t matter whether you’re attacking your own computer or testing a company’s

network: all of your activities must be aligned with your goals. Do not aim for any hidden

agenda.

As an ethical hacker, trustworthiness is your main asset. Never use client-related

information for personal purposes. If you’ll ignore this rule, you might find yourself

behind bars.

Respect Privacy

Every piece of information that you’ll collect during a penetration test is important. Never

use that data to gather corporate details or spy on other people. If you have to share any

information, talk to the authorized personnel.

Don’t Crash Any System

Inexperienced hackers usually crash their targets accidentally. This tendency results from

poor planning and preparation. Most beginners don’t even read the instructions that come

with the tools they are using.

Your system can experience DoS (denial-of-service) during a penetration test. This often

happens when the hacker runs multiple tests simultaneously. It would be best if you’ll wait

for a test to finish before running another one. Don’t assume that your target can survive

your attacks without any form of damage.

Important Note: Your goal is to help your clients in improving their digital security. The

last thing you want to do is bring down their entire network while you’re conducting a

test. This event will ruin your reputation as a hacker.

Penetration Testing – The Process

Here’s a detailed description of the process involved in penetration testing:

Secure Permission

Don’t do anything on your target until you have written permission from your client. This

document can protect you from nasty lawsuits or similar problems. Verbal authorization is

not sufficient when performing hacking attacks. Remember: countries are implementing

strict rules and penalties regarding activities related to hacking.

Formulate a Plan

A plan can boost your chances of succeeding. Hacking a system can be extremely

complicated, especially when you are dealing with modern or unfamiliar systems. The last

thing you want to do is launch an attack with unorganized thoughts and tricks.

When creating a plan, you should:

Specify your target/s

Determine the risks

Determine the schedule and deadline of your penetration test

Specify the methods that you’ll use

Identify the information and access that you will have at the start of your test

Specify the “deliverables” (the output that you’ll submit to your client)

Focus on targets that are vulnerable or important. Once you have tested the

“heavyweights”, the remaining part of the test will be quick and easy.

Here are some targets that you can attack:

Mobile devices (e.g. smartphones)

Operating Systems

Firewalls

Email servers

Network Infrastructure

Workstations

Computer programs (e.g. email clients)

Routers

Important Note: You should be extremely careful when choosing a hacking method.

Consider the effects of that method and how your target will likely respond. For example,

password crackers can lock out legitimate users from the system. This type of accident can

be disastrous during business hours.

Choose Your Tools

Kali Linux contains various hacking tools. If you are using that operating system, you

won’t need to download other programs for your penetration tests. However, Kali’s large

collection of tools can be daunting and/or confusing. You might have problems identifying

the tools you need for each task that you must accomplish.

Here are some of the most popular tools in Kali Linux:

Nmap – You’ll find this program in the toolkit of almost all hackers. It is one of

most powerful tools that you can use when it comes to security auditing and

network discovery. If you are a network administrator, you may also use Nmap in

tracking host uptime, controlling the schedule of your service upgrades, and

checking network inventory.

This tool is perfect for scanning huge computer networks. However, it is also effective

when used against small targets. Because Nmap is popular, you will find lots of available

resources in mastering this program.

Ghost Phisher – This tool is an Ethernet and wireless attack program. It can turn

your computer into an access point (or a hotspot) and hijack other machines. It can

also work with the Metasploit framework (you will learn more about Metasploit

later).

Maltego Teeth – With this program, you will see the threats that are present in your

target’s environment. Maltego Teeth can show the seriousness and complications of

different failure points. You will also discover the trust-based relationships inside

the infrastructure of your target.

This tool uses the internet to collect information about your target system and its users.

Hackers use Maltego Teeth to determine the relationships between:

Domains

Companies

Phrases

Files

People

Netblocks

Websites

IP addresses

Affiliations

Wireshark – Many hackers consider this tool as the best analyzer for network

protocols. It allows you to monitor all activities in a network. The major features of

Wireshark are:

It can capture data packets and perform offline analysis

It can perform VoIP (i.e. Voice over Internet Protocol) analysis

It has a user-friendly GUI (graphical user interface)

It can export data to different file types (e.g. CSV, plaintext, XML, etc.)

It can run on different operating systems (e.g. OS X, Linux, NetBSD, etc.)

Exploitdb – The term “exploitdb” is the abbreviation for “Exploit Database”.

Basically, exploitdb is a collection of exploits (i.e. a program that “exploits” a

target’s vulnerability) and the software they can run on. The main purpose of this

database is to provide a comprehensive and up-to-date collection of exploits that

computer researchers and penetration testers can use.

You need to find vulnerability before attacking a target. And you need an exploit that

works on the vulnerability you found. You’ll spend days (or even weeks) just searching

for potential weaknesses and creating effective exploits. With exploitdb, your tasks will

become quick and easy. You just have to run a search for the operating system and/or

program you want to attack, and exploitdb will give you all the information you need.

Aircrack-ng – This is a collection of tools that you can use to test WiFi networks.

With Aircrack-ng, you can check the following aspects of wireless networks:

Testing – You can use it to test your drivers and WiFi cards.

Attacking – Use Aircrack-ng to perform packet injections against your

targets.

Cracking – This tool allows you to collect data packets and crack passwords.

Monitoring – You may capture packets of data and save them as a text file.

Then, you may use the resulting files with other hacking tools.

Johnny – This tool is an open-source GUI for “John the Ripper”, a well-known

password cracker. It is possible to use “JTR” as is. However, Johnny can automate

the tasks involved in cracking passwords. In addition, this GUI adds more functions

to the JTR program.

Implement Your Plan

Penetration testing requires persistence. You need to be patient while attacking your target.

Sometimes, cracking a single password can take several days. Carefulness is also

important. Protect the information you’ll gather as much as you can. If other people will

get their hands on your findings, your target will be in extreme danger.

You don’t have to search for potential hackers before running your test. If you can keep

your activities private and secure, you are good to go. This principle is crucial during the

transmission of your findings to your clients. If you have to send the information via

email, you must encrypt it and set a password for it.

You can divide the execution of an attack into four phases:

1. Collect information regarding your target. Google can help you with this task.

2. Trim down your options. If you conducted a successful research, you will have a lot

of potential points of entry. You have limited time so it would be impossible to

check all of those entry points. Evaluate each system and choose the ones that seem

vulnerable.

3. Use your tools to reduce your options further. You can use scanners and data packet

collectors to find the best targets for your attack.

4. Conduct your attack and record your findings.

Evaluate the Results

Analyze the data you collected. That data will help you in detecting network

vulnerabilities and proving their existence. Knowledge plays an important role in this task.

You will surely face some difficulties during your first few tries. However, things will

become easy once you have gained the requisite knowledge and experience.

Important Note: Create a written report regarding your findings. Share the data with your

clients to prove that hiring you is one of the best decisions they made.

LEAVE A REPLY

Please enter your comment!
Please enter your name here