Penetration Testing Guidance

1. Planning and Preparation

Tasks Steps
Gather information on the Network/Application/Infrastructure/Domain from the Client with the help of a questionnaire or a kickoff meeting between the organization and the client. Get a client details by domain name.
Time and duration the penetration tests are performed – it will ensure that while penetration tests are being conducted, normal business and everyday operations of the organization will not be disrupted. 1. Get a client details by rage of IP.
2. Get a client details by Single IP.

2. Information Gathering and Analysis

Tasks Steps Tools to Use
Gather as much information as possible about the targeted systems or networks. Execute fierce or dnsenum command to get sub domain details.
A network survey serves as an introduction to the systems that are to be tested. The goal here is to find the number of systems that are reachable from internet. The expected results that should be obtained from a network surveying should consist of domain names, server names, internet service provider information, IP addresses of hosts involved as well as a network map. A network survey will also help us to determine the domain registry information for the servers. This allows us to check and see the range of IP addresses that are owned by the targeted organization. If we get a range of IP’s we can use nessus to get the details of live servers. Nmap, Cheops-ng, WireShark, Snort, fierce, dnsenum.
Do a port scanning to obtain information about closed and open ports running on the systems or network. Using NMAP, find out the open port as well as running services in each server.

3. Vulnerability Detection

Tasks Steps Tools to Use
Manual vulnerability detection – An analysis will be done on the information obtained to determine any possible vulnerability that might exist. This is called manual vulnerability scanning as the detection of vulnerabilities is done manually. Scan the live server using OpenVAS to identify the vulnerabilities.
Automate vulnerability detection – Use different tools to automate vulnerability detection. It produces a list of vulnerabilities that exist in a network as well as steps that should be taken to address these vulnerabilities. Scan the live server using Nessus to identify the vulnerabilities. OpenVAS, Nessus, w3af, Nikto, Backtrack, Acunetix, Burp Suite,OWASP, Wapti, Arachni, Vega, Paros, WebScarabNG.

4. Penetration Attempt

Tasks Steps Tools to Use
Identify suitable targets for a penetration attempt. After choosing the suitable targets, the penetration attempt will be performed on these chosen targets using the required tools. Try Bruit force password attack to identify web application to check whether it used a week password.
Password cracking has become a normal practice in penetration tests. In most cases, you’ll find services that are running on systems like telnet, ssh and ftp. This is a good place to start and use our password cracking methods to penetrate these systems. The list below shows just some of the password cracking methods used: –
1. Dictionary Attack – Uses a word list or dictionary file
2.Hybrid Crack – Tests for passwords that are variations of the words in a dictionary file.
3. Brute Force – Tests for passwords that are made up of characters going through all the combinations possible.
If SSH access enabled, tryout Bruit force paword attack to these host to check whether it used a week password. Brutus, Hydra, John the Ripper.

5. Analysis and Reporting

  • Summary of any successful penetration scenarios.
  • Detailed listing of all information gathered during penetration testing.
  • Detailed listing of all vulnerabilities found.
  • Description of all vulnerabilities found.
  • Suggestions and techniques to resolve vulnerabilities found.

6. Cleaning Up

The cleaning up process is done to clear any mess that has been made as a result of the penetration test. A good example of a clean-up process is the removal of user accounts on a system previously created externally as a result of the penetration test.
Download as PDF