What is Penetration Testing?
Penetration testing is another term for ethical hacking. It is a process of finding security vulnerabilities in computer networks, systems or servers, web-applications, etc. The penetration testers use these vulnerabilities to exploit the target. The main objective of ethical hacking is to find security weaknesses to patch them. The main purpose of penetration testing is to identify the weak spots of the company’s security posture. Companies should penetration testing regularly. This gives them an idea about their security compliance and architecture.
How to conduct a Penetration test?
Pre-engagement
In this stage, the penetration tester collects information to know the type of device on which they conduct a pen-test. It might be a personal computer, a web application, a server, or any IoT (Internet of Things) device. This step will have a drastic impact on the steps that follow. It’s also important in this phase to consider the legal ramifications of performing exploitation on that type of device.
Reconnaissance
Reconnaissance is the phase where you use tools like Nmap to scan local networks. Scanning gives the pentester a brief mapping of the network and the connected devices to the network. It also gives information about the open ports available in the network. In this phase, pentester can also use tools like Shodan to scan the entire internet. shodan is a tool that shows all the vulnerable devices all around the internet.
The Hacking Community, Calls This Recon As OSINT, Which Means Open Source Intelligence. There Are Many OSINT Tools Available. Google Is Also An OSINT Tool. This Means An Attacker Can Just Google An Organization And End Up Finding A Lot Of Useful Information About It Which May Help In A Further Attack. And We Have A Website Dedicated To All OSINT Frameworks.
Vulnerability Assessment
In vulnerability assessment phase, a pentester narrows down the number of devices that he gathers in phase 2. The devices are known to be vulnerable to known exploitation in phase 2. For this, we can use pre-built tools or use the knowledge of outdated versions of software to find devices that are known to be vulnerable.
Vulnerability assessment is the systematic review of security weaknesses in the targeted devices. There are several vulnerability assessments like host assessment, network or wireless assessment, database assessments, and application scans. Most of the security analysts use automated tools for vulnerability scanning or do them manually.
Exploitation
a pentester uses all the intelligence gathered in the first three steps to exploit the targeted device. Now, this can widely be based on the type of exploitation. Based on the vulnerabilities, the pentester finds the exploit. This is inarguably the most exciting phase in penetration testing.
Exploitation is technically malicious software programmed in a way that allows a pentester to take control of the system. In this way, the vulnerabilities are exploited. The most popular tools for exploitation include Metasploit-Framework, weevely, Empire-Framework, etc. The most popular websites for finding exploits based on vulnerabilities Exploit Database, National Vulnerability Database, etc.
Post Exploitation
a Penetration tester does this step after successful exploitation is completed. This is where a pentester uses his newfound access to the device in order to raise the privileges or gain permanent access to that device. This is the step where a pentester does the things after the fact that they have already broken into the systems.
The penetration testers then perform the advanced tasks that include getting access to damaged systems. They also try to find as much sensitive information such as credentials or passcodes or even try to break into mail servers.
Penetration testers use a concept known as privilege escalation. pentester does this step usually in post-exploitation. A pentester tries to gain more and more privilege in the system. For example, if he breaks into a Windows 10 system, he would try to escalate his privileges till he gets administrative control over the computer.
Reporting
The final step of the penetration test is reporting, this is where we gather all the knowledge we gain throughout a penetration test to organize it and publish it. They publish this so that other people can be aware of these vulnerabilities. This report is called the VAPT report. VAPT stands for Vulnerability Assessment and Penetration Testing report.
