Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
The Ultimate Kali Linux Book

You're reading from   The Ultimate Kali Linux Book Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire

Arrow left icon
Product type Paperback
Published in Feb 2022
Publisher Packt
ISBN-13 9781801818933
Length 742 pages
Edition 2nd Edition
Arrow right icon
Author (1):
Arrow left icon
Glen D. Singh Glen D. Singh
Author Profile Icon Glen D. Singh
Glen D. Singh
Arrow right icon
View More author details
Toc

Table of Contents (23) Chapters Close

Preface 1. Section 1: Getting Started with Penetration Testing
2. Chapter 1: Introduction to Ethical Hacking FREE CHAPTER 3. Chapter 2: Building a Penetration Testing Lab 4. Chapter 3: Setting Up for Advanced Hacking Techniques 5. Section 2: Reconnaissance and Network Penetration Testing
6. Chapter 4: Reconnaissance and Footprinting 7. Chapter 5: Exploring Active Information Gathering 8. Chapter 6: Performing Vulnerability Assessments 9. Chapter 7: Understanding Network Penetration Testing 10. Chapter 8: Performing Network Penetration Testing 11. Section 3: Red Teaming Techniques
12. Chapter 9: Advanced Network Penetration Testing — Post Exploitation 13. Chapter 10: Working with Active Directory Attacks 14. Chapter 11: Advanced Active Directory Attacks 15. Chapter 12: Delving into Command and Control Tactics 16. Chapter 13: Advanced Wireless Penetration Testing 17. Section 4: Social Engineering and Web Application Attacks
18. Chapter 14: Performing Client-Side Attacks – Social Engineering 19. Chapter 15: Understanding Website Application Security 20. Chapter 16: Advanced Website Penetration Testing 21. Chapter 17: Best Practices for the Real World 22. Other Books You May Enjoy

Exploring the need for penetration testing and its phases

Each day, cybersecurity professionals are always in a race against time with threat actors in discovering vulnerabilities in systems and networks. Imagine that a threat actor is able to exploit a vulnerability on a system before a cybersecurity professional can find it and implement security controls to mitigate the threat. The threat actor would have compromised the system. This would leave the cybersecurity professional to perform incident response (IR) strategies and plans to recover the compromised system back to an acceptable working state.

Organizations are realizing the need to hire white hat hackers such as penetration testers who have the skills to simulate real-world cyber-attacks on the organization's systems and networks with the intent of discovering and exploiting hidden vulnerabilities. These techniques allow the penetration tester to perform the same types of attacks as a real hacker; the difference is the penetration tester is hired by the organization and has been granted legal permission to conduct such intrusive security testing.

Important note

Penetration testers usually have a strong understanding of computers, operating systems, networking, and programming, as well as how they work together. Most importantly, you need creativity. Creative thinking allows a person to think outside the box and go beyond the intended uses of technologies and find exciting new ways to implement them.

At the end of the penetration test, a report is presented to the organization's stakeholders detailing all the findings, such as vulnerabilities and how each weakness can be exploited. The report also contains recommendations on how to mitigate and prevent a possible cyber-attack on each vulnerability found. This allows the organization to understand what a hacker will discover if they are a target and how to implement countermeasures to reduce the risk of a cyber-attack. Some organizations will even perform a second penetration test after implementing the recommendations outlined in the penetration test report to determine whether all the vulnerabilities have been fixed and the risk has been reduced.

Creating a penetration testing battle plan

While penetration testing is interesting, we cannot attack a target without a battle plan. Planning ensures that the penetration testing follows a sequential order of steps to achieve the desired outcome, which is identifying and exploiting vulnerabilities. Each phase outlines and describes what is required before moving onto the next steps. This ensures that all details about the work and target are gathered efficiently and the penetration tester has a clear understanding of the task ahead.

The following are the different phases of penetration testing:

Figure 1.1 – Penetration testing phases

Figure 1.1 – Penetration testing phases

As shown in the preceding diagram, penetration testing usually consists of the pre-engagement, information gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and report writing phases. Each of these phases will be covered in more detail in the following sections.

Pre-engagement

During the pre-engagement phase, key personnel are selected. These individuals are key to providing information, coordinating resources, and helping the penetration testers to understand the scope, breadth, and rules of engagement in the assessment.

This phase also covers legal requirements, which typically include a Non-Disclosure Agreement (NDA) and a Consulting Services Agreement (CSA). The following is a typical process overview of what is required prior to the actual penetration testing:

Figure 1.2 – Pre-engagement

Figure 1.2 – Pre-engagement

An NDA is a legal agreement that specifies that a penetration tester and their employer will not share or hold onto any sensitive or proprietary information that is encountered during the assessment. Companies usually sign these agreements with cybersecurity companies who will, in turn, sign them with employees working on the project. In some cases, companies sign these agreements directly with the penetration testers from the company carrying out the project.

The scope of a penetration test, also known as the rules of engagement, defines the systems the penetration tester can and cannot hack. This ensures the penetration tester remains within legal boundaries. This is a mutual agreement between the client (organization) and the penetration tester and their employer. It also defines sensitive systems and their IP addresses as well as testing times and which systems require special testing windows. It's incredibly important for penetration testers to pay close attention to the scope of a penetration test and where they are testing in order to always stay within the testing constraints.

The following are some sample pre-engagement questions to help you define the scope of a penetration test:

  • What is the size/class of your external network? (Network penetration testing)
  • What is the size/class of your internal network? (Network penetration testing)
  • What is the purpose and goal of the penetration test? (Applicable to any form of penetration testing)
  • How many pages does the web application have? (Web application penetration testing)
  • How many user inputs or forms does the web application have?

This is not an extensive list of pre-engagement questions, and all engagements should be given thorough thought to ensure that you ask all the important questions so you don't underscope or underprice the engagement.

Now that we've understood the legal limitation stages of penetration testing, let's move on to learn about the information gathering phase and its importance.

Information gathering

Penetration testing involves information gathering, which is vital to ensure that penetration testers have access to key information that will assist them in conducting their assessment. Seasoned professionals normally spend a day or two conducting extensive reconnaissance on their target. The more knowledge that is known about the target will help the penetration tester to identify the attack surface such as points of entry in the target's systems and networks. Additionally, this phase also helps the penetration tester to identify the employees, infrastructure, geolocation for physical access, network details, servers, and other valuable information about the target organization.

Understanding the target is very important before any sort of attack as a penetration tester, as it helps in creating a profile of the potential target. Recovering user credentials/login accounts in this phase, for instance, will be vital to later phases of penetration testing as it will help us gain access to vulnerable systems and networks. Next, we will discuss the essentials of threat modeling.

Threat modeling

Threat modeling is a process used to assist penetration testers and network security defenders to better understand the threats that inspired the assessment or the threats that the application or network is most prone to. This data is then used to help penetration testers simulate, assess, and address the most common threats that the organization, network, or application faces.

The following are some threat modeling frameworks:

  • Spoofing, Tampering, Repudiation, Information disclosure, Denial of server and Elevation of privilege (STRIDE)
  • Process for Attack Simulation and Threat Analysis (PASTA)

Having understood the threats an organization faces, the next step is to perform a vulnerability assessment on the assets to further determine the risk rating and severity.

Vulnerability analysis

Vulnerability analysis typically involves the assessors or penetration testers running vulnerability or network/port scans to better understand which services are on the network or the applications running on a system and whether there are any vulnerabilities in any systems included in the scope of the assessment. This process often includes manual vulnerability discovery and testing, which is often the most accurate form of vulnerability analysis or vulnerability assessment.

There are many tools, both free and paid, to assist us in quickly identifying vulnerabilities on a target system or network. After discovering the security weaknesses, the next phase is to attempt exploitation.

Exploitation

Exploitation is the most commonly ignored or overlooked part of penetration testing, and the reality is that clients and executives don't care about vulnerabilities unless they understand why they matter to them. Exploitation is the ammunition or evidence that helps articulate why the vulnerability matters and illustrates the impact that the vulnerability could have on the organization. Furthermore, without exploitation, the assessment is not a penetration test and is nothing more than a vulnerability assessment, which most companies can conduct in-house better than a third-party consultant could.

To put it simply, during the information gathering phase, a penetration tester will profile the target and identify any vulnerabilities. Next, using the information about the vulnerabilities, the penetration tester will do their research and create specific exploits that will take advantage of the vulnerabilities of the target—this is exploitation. We use exploits (malicious code) to leverage a vulnerability (weakness) in a system, which will allow us to execute arbitrary code and commands on the target.

Often, after successfully exploiting a target system or network, we may think the task is done—but it isn't just yet. There are tasks and objectives to complete after breaking into the system. This is the post-exploitation phase in penetration testing.

Post-exploitation

Exploitation is the process of gaining access to systems that may contain sensitive information. The process of post-exploitation is the continuation of this step, where the foothold gained is leveraged to access data or spread to other systems via lateral movement techniques within the target network. During post-exploitation, the primary goal is typically to demonstrate the impact that the vulnerability and access gained can pose to the organization. This impact assists in helping executive leadership to better understand the vulnerabilities and the damage it could cause to the organization if a real cyber-attack was to occur.

Report writing

Report writing is exactly as it sounds and is one of the most important elements of any penetration test. Penetration testing may be the service, but report writing is the deliverable that the client sees and is the only tangible element given to the client at the end of the assessment. Reports should be given as much attention and care as the testing.

Report writing involves much more than listing a few vulnerabilities discovered during the assessment. It is the medium through which you convey risk and business impact, summarize your findings, and include remediation steps. A good penetration tester needs to be a good report writer, or the issues they find will be lost and may never be understood by the client who hired them to conduct the assessment.

Having completed this section, you are now able to describe each phase of a penetration test and have gained a better idea of the expectations of penetration testers in the industry. Next, we will dive into understanding various penetration testing approaches.

You have been reading a chapter from
The Ultimate Kali Linux Book - Second Edition
Published in: Feb 2022
Publisher: Packt
ISBN-13: 9781801818933
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image