Penetration Testing
Penetration Testing Related Stuff
Warning
You should never try to interfere with someone else’s system, illegally. Most likely, you will be caught. Getting into a system is the easy part! Bypassing IDS/IPS and the various alerting is where greater skill comes in to play. Everything has vulnerabilities, everything!
When you are caught, you will be prosecuted. Even if you “win” the court battle, you’ll be out the attorney fees and garbage fines that they will throw at you. Hack your own systems only OR get it in writing from your client that you will be doing a penetration test and let them know what that involves. We are not advocating that you use any technique we publish now or in the future to any illegal purpose.
Learn Pen Testing for Free
If you want to learn safely, and legally download MetaSploit, OWASPBWA, DVWA or other systems designed for the purpose of legal pen testing practice. You can even build your own vulnerable system to test various hacks using free versions of VmWare and use the suite of tools from Kali or Back Box, all of which are free.
With that said (now you have no excuse for doing pentests/hacks illegally), don your black hoodie, pour your caffeinated beverage of choice and engage in the following activities when you are legally able to do so using a combination of social engineering and technical prowess to help your clients secure their data using a variation of the PTES technical guideline:
PTES
Pre-engagement Interactions
What does client want to verify is safe/visible? Figure out what problems you are solving.
Intelligence Gathering
Gather basic reconnaissance from public and private sources
Initial Foothold
Social engineering and basic, more intrusive analysis
Enumerations
Scan and look for vulnerabilities
Local Privilege Escalation
Access one of the vulnerabilities you found
Backdoor Persistence
Install rootkits and other persistence vectors
Domain Privilege Escalation
Look for a domain admin or other higher level account
Post Exploitation/Data Dumps
Dump domain hashes or other data as per client requests
Data Identification/Exfiltration
Sort through and make sense of your data grabs
Reporting
Make the pretty reports that all the clients like
Popular Commercial Applications
When you end up working for a red team and get contracts to ethically hack a client’s resources, you will eventually come across the many flavors of commercial tool kits, such as:
- Burp Suite
- Canvas
- Cobalt Strike
- Core Impact
- Nessus
- Nexpose
To that end, here are a few articles on basic penetration testing techniques that will help with the various steps of white hat, ethical hacking for your clients: