Penetration Testing for Beginners (1)
Interested in penetration testing? Welcome to Part 1 of our beginners guide to the noble art of pen testing.
There is no handbook or a checklist of actions for engaging in penetration test, but what can help is the knowledge of methodologies, tools, and protective techniques that expand your knowledge to detect, identify, assess, and operate effectively in the face of a cyber attack. In principle, the starting point is pretty much always the same, identify the target and choose how best to proceed in the face of it.
I wanted to make a kind of ladder but the subject is so vast that my list for all of the important topics kept growing. I finally gave up, and I decided to start to talk about it in the best way I could, a kind of "see where takes us the discussion."
First, we start by saying that the "security process" is endless and does not end with a product. The process, once put into operation, has to be followed; go out and continuously look for security holes every day, a security system left to its fate can only be a system doomed to failure and inevitably to infiltration. A system that today is "safe" will not be for long, before long a new vulnerability is discovered.
In the penetration testing world, what are the tools that can return useful results and which proven to be helpful when conducting penetration tests? There are many Linux distributions designed to help with pentesting, to name a few:
Kali Linux: Probably the most common, with a set of tools vast and ready for every need. Contain a huge range of pre-installed software makes it the most widely used distribution available today.
Parrot OS: This is very well known, like Kali, however, is much lighter and more user friendly. This OS has the most commonly used tools, thus making it a very clean distribution.
BlackArch: It is the well-known Linux based on Arch Linux distribution, used by the most competent, many of its tool are the envy of all others, placing it among the most complete distributions. The use of tools, in most cases, is only from the command line, so those accustomed to graphical interfaces might find it difficult to use.
There are many more, but these are the most used, of course, is just a guideline, and you are welcome to use the distribution you prefer and which is at ease. These are less-commonly known distributions, so you are aware: ArchStrike (formerly known as ArchAssault and based on the Arch distribution); Caine; Pentoo Linux; BugTraq and BackBox.
The Basic Tools
In addition to a " full bodied" distribution ready to be used in many scenarios on a specific target, it is important to know, at least, those "sources" that will be the basics to identifying possible attacks we will make. Below I list a couple that, in my experience, are the basis of knowledge when it comes to information security.
The first is a tool that you will find in all the distributions mentioned above. It is the most used framework for penetration testing: Metasploit. This framework helps identify and verify vulnerabilities and perform the specific attack for the detected vulnerability. The framework is based on a command-line system, but exist different interfaces that simplify the lives of those who are not so practical in Linux bash! Among them, in Kali, you'll find Armitage, but there are many others.
You can use https://www.exploit-db.com, a great source of knowledge that Metasploit also uses. Exploit-db.com is a database to find a vast number of exploits (e.g., scripts, viruses, worms) that exploit bugs and vulnerabilities of the most popular systems. Besides all this, we do not forget our most loyal friend on the internet, a source of wisdom and knowledge, to which for years we regularly retrieve the information we need to proceed in our regular life or professional: GOOGLE.
The Phases Of Attack
Phases of attack refers to seven stages of a cyber attack. To simplify, we will split the seven phases again into three further stages and then go into the detail of each phase. Stage and phases are divided as follows (of course dependent on the types of attack):
- Reconnaissance: Research the vulnerabilities of the target system.
- Weaponization: Identified the possible vulnerabilities, you gather or write payload and scripts needed to exploit the flaw.
- Delivery: Delivery of the payload to the target (this phase, in most cases, is applied to the phishing attacks).
- Exploitation: Exploit running on the target system.
- Installation: Malware installation (phishing type scenarios also occur in this phase).
- Command & Control: A connection is established between the target and the attacker, taking control of the target.
- Action: The last phase in which the attack ends. The hacker has a list of actions to carry out the attack, which can be an appropriation of data, use of the system for purposes, which come out from its normal process or malfunction of the machine itself.
Try now to analyze every single phase going deeper into the activities and tools used in the specific.
We will discuss each phase in more depth in my upcoming articles.