Initially thanks for studying the Penetration Testing Half 1, Lets begin with Part2.
Right here I’ll present you conduct a penetration take a look at for a corporation XYZ earlier than beginning the precise penetration take a look at lets see on the sorts of penetration take a look at and the methodology for penetration testing and the instruments out there for conducting a penetration take a look at.
Penetration Testing Methodology:
Typically there are 4 phases to conduct a penetration take a look at as we mentioned earlier than in Part1 are
1. Planning
2. Discovery
3. Assault
4. Reporting
Kinds of penetration take a look at:
1. Black Field
2. White Field
3. Gray Field
Black field:
Black-box testing includes performing a safety analysis and testing with no prior information of the community infrastructure or system to be examined. Testing simulates an assault by a malicious hacker exterior the group’s safety perimeter
White field:
White-box testing includes performing a safety analysis and testing with full information of the community infrastructure comparable to a community administrator would have
Gray field:
Gray-box testing includes performing a safety analysis and testing internally.
Testing examines the extent of entry by insiders throughout the community.
Situation:
A agency named XYZ is consulting with a agency who conducts penetration take a look at as a 3rd celebration. Firm XYZ have to have a black field pen testing on account of some authorized necessities and so as to consider the safety measures positioned to manage the entry.
Now the consulting agency solely has a named XYZ to begin the penetration take a look at for the corporate.
Mr.RAK has been assigned the duty to conduct the pen take a look at on this consulting agency; right here I’ll present you ways the methodology will probably be adopted.
Planning:
MR.RAK ought to have signed NDA in order that findings ought to be saved confidential secondly SLA ought to be current so as to know at what ranges or until what depth ought to the penetration be happen so as to completeness plus the time restrict ought to be talked about earlier than beginning the take a look at
Discovery:
Passive:
Right here the data gathering section is beginning now; good sources can be search engines like google and yahoo, XYZ’s official web site, job postings and extra…
Whereas wanting round on search engines like google and yahoo Mr.RAK found that Firm XYZ has the net portal at [http://www.XYZ-Portal.com] , hmm appears good thus far lets go extra deep, now its time to do nslookup, from nslookup you possibly can uncover what mail server deal with is and what’s the identify and deal with of the identify server for the corporate XYZ these are greater than sufficient at this stage.
Lively:
Right here is the time to do some energetic stuff. Finest method to do is mapping the companies working on the addresses we present in passive section. Finest method to obtain that is port or service scanning, on the earth of data safety there’s a very well-known instrument for port scanning named NMAP.
With nmap we are able to run port scan on the deal with we present in Passive data gathering section, its now time to run the port scan
ethicalHacker/pentesterBox# nmap -A -v wwwDotXYZ-PortaldOTcom -P0 -oA outputfileName
The above command will do an entire port scan on the XYZ-Portal and can generate the out put file named outputfileName to make use of in reporting section.Under is the output of the port scan with nmap.
Beginning Nmap 4.20 ( insecuredotorg ) at 2007-07-02 21:19 GMT
Attention-grabbing ports on [http://www.XYZ-Portal]
PORT STATE SERVICE
445/tcp filtered microsoft-ds
Attention-grabbing ports on [http://www.XYZ-Portal.com]
PORT STATE SERVICE
445/tcp open microsoft-ds
23/tcp open telnet
80/tcp IIS 5.0
PORT STATE SERVICE
445/tcp open microsoft-ds
Nmap completed: 1 IP addresses (1 hosts up) scanned in 19.097 seconds
Right here you possibly can see that the wwwDotXYZ-PortalDotcom is working net server IIS5.0 which exhibits that the server is working on home windows machine.
Right here is the time to run a vulnerability scan on the home windows machine to test the recognized vulnerabilities on the server.
To carry out vulnerability scan there are numerous business and non-commercial instruments out there, amongst them the most effective instrument which I’d suggest is Nessus, it may be downloaded simply. Vulnerability scans to reporting can be in Part3.