Linux Network Security

Penetration Testing Phases and Tools

Penetration Testing
Penetration Testing

What is penetration testing?

In this article we are going to breakdown the basics of penetration testing. People who are new to information security and want to learn more about it have a lot of questions about penetration testing. Penetration testing also known as pen testing is the process of testing the security weakness of the network or an application system. In pen testing we try to determine how well can our network perform against the attacks and how can we enhance our security parameters by testing it.

Performing Reconnaissance

Reconnaissance in penetration testing is the process of gathering information about the target. Reconnaissance can be done actively or passively, which means either you can passively listen on your target and find information or you can directly reach out to host and touch it. In this very first phase we will be looking for things like IP address of the system, technologies used by target system and location of the system etc. Any possible information that you can get from any source about the target will help you map out the system framework. Once we know enough about the tech used by our target we can use appropriate tools to assess any possible security weakness on target machine in the next phase.

There are multiple approaches in this phase. Some of them are internet research, social engineering, dumpster diving and email harvesting. We can also make use of tools like whois and framework detectors.

Scanning and Enumeration

Second step in penetration testing is the scanning and enumerating. 90% of penetration testing is preparing. This is where you try to find even more information about your target using disclosure at our advantage. This is where we start doing port scanning, service detection and vulnerability assessment. Specifically we would be looking for any vulnerable service listening on a port. Once we find the vulnerability in the system all we need to do is find the exploit for the system. Even if program itself has no exploitable flaw but if it is poorly configured by the administrator, it can also be exploited with the right tools. As people say, tiniest crack becomes the flood.

Tools used for this phase are Nmap, wireshark, OpenVAS, Microsoft Baseline Security Analyzer etc.

Gaining Access

Gaining access is the third phase of penetration testing. This is where we run actual exploit based on our vulnerability assessment. We will send the payload to gain access to the system after successful exploitation of the vulnerability. Most famously used tool for this phase is Metasploit. We try to gain complete control of a target system in this phase. But based on the threat level of the known vulnerability we may not get higher level access to the system. So that’s why after gaining the access in the next phase we would try to get system level access.

Tools used in this phases are Metasploit, Canvas and Core Impact etc.

Privilege Escalation

Fourth phase of penetration testing is Privilege escalation. Privilege escalation is to get elevated access in the system which current user is not supposed to have. They design Operating Systems to lock out certain settings on a user level. This means users can not perform certain tasks based on their access level defined by root or system administrator. So privilege escalation means to attain the higher access level on the system. There are two types of privilege escalation- horizontal and vertical privilege escalation.

Vertical privilege escalation. Also known as privilege elevation, where a user or application with lower level of permission set accesses functions or content which is meant for higher privilege users or applications (e.g. Website users can access site administrative functions)

Horizontal privilege escalation. Where a normal user with certain set of permissions set accesses functions or content which is meant for other normal users (e.g. Website User A accesses the Website account of User B)

You can use BeRoot project for privilege escalation.

Maintaining access and placing backdoor

In the last phase of penetration testing you try to maintain the access by placing a backdoor on a target system. You can place backdoors to regain the access in the later stages if you you ever want to get back into the system. While placing backdoor one should cover all the tracks. Because if the system detects a backdoor, it can trace the attacker. We would recommend to use any reputable paid VPN service.

You can use tools like MSFvenom to create backdoors.

These are the traditional steps that you go through in penetration testing to infiltrate the security variable of any system. This practice only works for known reported vulnerabilities. There are chances that target may be using patches against these vulnerabilities. If you want to develop an exploit yourself then you need to have in depth knowledge of Operating system and programming.

About the author

Ajay Verma

A Computer Science Graduate, who works extensively on open source projects. His Areas Of interest are: Network Security, Linux Administration, FOSS, Python, and C programming.

Add Comment

Click here to post a comment