Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Metasploit

You're reading from   Mastering Metasploit Discover the next level of network defense with the Metasploit framework

Arrow left icon
Product type Paperback
Published in Sep 2016
Publisher Packt
ISBN-13 9781786463166
Length 440 pages
Edition 2nd Edition
Arrow right icon
Author (1):
Arrow left icon
Nipun Jaswal Nipun Jaswal
Author Profile Icon Nipun Jaswal
Nipun Jaswal
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Approaching a Penetration Test Using Metasploit FREE CHAPTER 2. Reinventing Metasploit 3. The Exploit Formulation Process 4. Porting Exploits 5. Testing Services with Metasploit 6. Virtual Test Grounds and Staging 7. Client-side Exploitation 8. Metasploit Extended 9. Speeding up Penetration Testing 10. Visualizing with Armitage

Preinteractions

The very first phase of a penetration test, preinteractions, involves a discussion of the critical factors regarding the conduct of a penetration test on a client's organization, company, institute, or network; this is done with the client. This serves as the connecting line between the penetration tester and the client. Preinteractions help a client get enough knowledge on what is about to be done over his or her network/domain or server. Therefore, the tester will serve here as an educator to the client. The penetration tester also discusses the scope of the test, all the domains that will be tested, and any special requirements that will be needed while conducting the test on the client's behalf. This includes special privileges, access to critical systems, and so on. The expected positives of the test should also be part of the discussion with the client in this phase. As a process, preinteractions discuss some of the following key points:

  • Scope: This section discusses the scope of the project and estimates the size of the project. Scope also defines what to include for testing and what to exclude from the test. The tester also discusses ranges and domains under the scope and the type of test (black box or white box) to be performed. For white box testing, what all access options are required by the tester? Questionnaires for administrators, the time duration for the test, whether to include stress testing or not, and payment for setting up the terms and conditions are included in the scope. A general scope document provides answers to the following questions:
  • What are the target organization's biggest security concerns?
  • What specific hosts, network address ranges, or applications should be tested?
  • What specific hosts, network address ranges, or applications should explicitly NOT be tested?
  • Are there any third parties that own systems or networks that are in the scope, and which systems do they own (written permission must have been obtained in advance by the target organization)?
  • Will the test be performed against a live production environment or a test environment?
  • Will the penetration test include the following testing techniques: ping sweep of network ranges, port scan of target hosts, vulnerability scan of targets, penetration of targets, application-level manipulation, client-side Java/ActiveX reverse engineering, physical penetration attempts, social engineering?
  • Will the penetration test include internal network testing? If so, how will access be obtained?
  • Are client/end-user systems included in the scope? If so, how many clients will be leveraged?
  • Is social engineering allowed? If so, how may it be used?
  • Are Denial of Service attacks allowed?
  • Are dangerous checks/exploits allowed?
  • Goals: This section discusses various primary and secondary goals that a penetration test is set to achieve. The common questions related to the goals are as follows:
    • What is the business requirement for this penetration test?
      • This is required by a regulatory audit or standard
      • Proactive internal decision to determine all weaknesses
    • What are the objectives?
      • Map out vulnerabilities
      • Demonstrate that the vulnerabilities exist
      • Test the incident response
      • Actual exploitation of a vulnerability in a network, system, or application
      • All of the above
  • Testing terms and definitions: This section discusses basic terminologies with the client and helps him or her understand the terms well.
  • Rules of engagement: This section defines the time of testing, timeline, permissions to attack, and regular meetings to update the status of the ongoing test. The common questions related to rules of engagement are as follows:
    • At what time do you want these tests to be performed?
      • During business hours
      • After business hours
      • Weekend hours
      • During a system maintenance window
    • Will this testing be done on a production environment?
    • If production environments should not be affected, does a similar environment (development and/or test systems) exist that can be used to conduct the penetration test?
    • Who is the technical point of contact?

For more information on preinteractions, refer to http://www.pentest-standard.org/index.php/File:Pre-engagement.png.

You have been reading a chapter from
Mastering Metasploit - Second Edition
Published in: Sep 2016
Publisher: Packt
ISBN-13: 9781786463166
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime