As A Penetration Tester, You Need To Make Sure Your Pentesting Process Is Similar To What A Hacker Would Do To Gain Access To Systems And Infrastructure.
It is essential to understand because some security professionals don’t take the time to profile what needs to be done.
It means you will never know what information the communication network and systems make available to all users on the Internet.
When you are doing penetration testing, follow the hacking process and use the tools used by hackers to perform a real test to see if systems can be compromised. Also, prepare a general plan on how to conduct penetration testing. Below is a list of what you need to do for penetration testing.
Initial meeting: Start the process by meeting with upper management to find out how much work they want you to do for them. At this point, you should figure out if it’s okay to run various tests, such as denial-of-service attacks, buffer overflow attacks, and password attacks (to name a few). Also, at this point, you should reiterate that you cannot guarantee that a denial of service will not occur.
Draft legal documents: After the initial meeting, see a lawyer and draw up a legal document stating that you are authorized to perform penetration testing. Ensure a trusted organization representative signs the paper. You will commit penetration testing.
Create a pentest plan: After signing the document, plan the types of attacks or tests you will do. The purpose of such a plan is to be organized and use a specific and structured way of doing things. In this case, you can do the process of hacking the enterprise network on different days.
Test the pentest plan: Test the tools you use to perform different attacks to ensure they work and see if they cause a denial of service when executed.
Perform a penetration test: At this point, you are on the customer’s site, where you will perform a penetration test. Now you have to take steps according to the planning you have done—test for password cracking, wireless network breaking, and buffer overflow attacks. Make sure you document everything you do, including when each step starts and ends. Conduct physical elements and social engineering attacks against the organization and its employees.
Prepare a report related to your findings (Present report results): After completing the experiment, prepare a statement about your conclusions. You don’t need to prepare a piece of complete information on activities. Just make sure the CEO and other stakeholders have access to it. Additionally, you should provide screenshots of successful and failed attacks with recommendations for securing them.
Present report results: At this stage, contact the top management to present your findings to him. Make sure the client signs the report after viewing it.
Destroy any copies of the report: As a final step, ensure you do not have any other assessment documents in print or electronic form. Hackers may use your information to attack the systems if you are careless about this matter.
Conduct a vulnerability assessment
Another type of security testing you can do instead of penetration testing is a vulnerability assessment. A vulnerability assessment is considered a passive assessment because you are not simulating attacks against the system. With a vulnerability assessment, you’re looking to identify any weaknesses in the configuration of your network and its methods, and you’re not interested in testing those weaknesses to see if you can compromise the systems.
When management asks you to do a security assessment but isn’t comfortable that you’ll be running hacking tools against the systems, you should go for a vulnerability assessment. The main benefit is that it is a safe type of evaluation and does not make accessing system services difficult.
In general, when performing a manual assessment and vulnerability assessment, it is recommended that you first perform a manual evaluation of the network and its systems. A manual inspection performs a configuration assessment and verifies the configuration of the network, client, devices, and servers. In this manual assessment, you are looking to ensure that best practices are followed, such as ensuring that each system has the correct password and policy and that anti-virus software is used on the plans. Keep in mind that this process will take time on an extensive network, so it’s essential to have a checklist to keep you on track.
Perform an automated assessment
When you perform a vulnerability assessment, you most likely use vulnerability assessment software such as Languard or Nessus. These are two of the leading products for vulnerability assessment, and they automate much of what you need to do. In this tutorial, I use GFI Languard to demonstrate the usefulness of a vulnerability scanner.
The first thing to notice when scanning with vulnerability scanners like Nessus or Languard is that these tools automate the process by checking multiple systems and comparing system settings to a database of vulnerabilities.
When performing a vulnerability scan, I recommend that you complete the scan twice: once as a routine scan where your identity is not verified to the network and you do not have the username and password of an account.
In the second case, perform the scan using an administrative account and compare the results. The first scan allows you to see how people not members of the organization can communicate with the corporate network. In contrast, the second scan will enable you to connect to all systems with an administrative account to perform a detailed assessment. The following exercise shows you how to scan using the Nessus tool.
Perform a vulnerability scan with Nessus
This exercise uses the famous Nessus vulnerability scanner in the Kali Linux system. The vulnerability scanner can identify existing vulnerabilities and provide detailed information about them. For this purpose, you must download, install and run the above scanner. Make sure you are running Windows Server and a Kali Linux virtual machine.
1. Launch a Kali Linux virtual machine browser and go to https://www.tenable.com/products/nessus.
2. Select the AMD64 Debian/Kali Linux version to download the above tool option.
3. Open a terminal and run the following commands to view the download status:
4. Run the following command to install Nessus.
dokg -i Nessus-#.#.#-debian#_amd64.deb
Note that the place where # is located shows the number of the downloaded version.
5- After installation, you must run the Nessus service with the following command:
service nessusd start
6. To use Nessus, go to your web browser and type the following URL:
7. Select Nessus Essentials as the version you intend to use (this version is free and allows you to scan up to 16 IP addresses).
8. Enter the relevant details along with your correct email address.
9. Open your email and enter the activation code in the corresponding field in Nessus.
10. Use the following information to create a Nessus account:
11. Next, the required system plugins are downloaded. Each plugin is used to check for a specific type of vulnerability. Note that this step will take time.
12. After downloading the plugins, you enter the Welcome Nessus page. Select the Choose Close option.
13. Create a new advanced scan to scan the IP address of your Windows server.
14. Make sure all plugins are enabled. Pay attention to the plugins shown in the bottom window during the scan. Each plugin checks for a specific type of vulnerability during the scan.
15. Save the scan settings.
16. If you look at the scan list, you will notice that the scan has just started.
17. In this case, scanning will take time. Once done, review the results to identify system vulnerabilities.
Note that it is essential to interpret the results after completing the vulnerability scan. The time you spend reviewing the results to determine if the systems are secure allows you to make an accurate assessment. If the plans are not safe, you should think about the solutions that are necessary to improve the security of the system.
Among these security measures, the following should mention:
- Uninstall software: A vulnerability scanner may inform you after scanning that you have installed software prone to attack. In this case, you should delete the software or patch it if needed.
- Disable services: The vulnerability scanner may detect standard services that are running and are not usually used. In this case, you should disable these services and set their startup type to Disabled.
- Update patches: Most vulnerability scanning software will try to identify missing patches and provide users with a report on missing updates. You must install any missing updates quickly so that hackers cannot exploit the vulnerabilities to attack your network or infrastructure.
- Change settings: Vulnerability assessment software may detect some common mistakes in system configuration. Reporting on this issue helps to improve the security of the systems significantly.
Among the critical points that you should pay attention to when evaluating vulnerabilities in connection with the Security Plus certificate, the following should note:
- Passively tested security controls are the opposite of penetration testing or functional testing. The above evaluation is considered a passive test because no attempt is made to penetrate the systems.
- Identify vulnerabilities: It refers to a particular type of evaluation that tries to identify vulnerabilities in specific systems or parts of the network that are more exposed to cyber-attacks.
- Identify lack of security controls: In vulnerability assessment, one critical issue that must consider is the lack of security controls necessary to protect networks. For example, if you have not set the permissions on a folder or have not set the firewall installed on a system, it is among the things addressed in this type of assessment.
- Identify common misconfigurations: One of the most critical issues a vulnerability scanner may identify is misconfigurations or misconfigurations. An approach that, in both cases, makes a system open to cyber attacks.
Tools used for security assessment
Now that you understand the steps involved in performing penetration testing, let’s look at some of the tools you use to perform security assessments and penetration testing. Undoubtedly, you will see questions about the tools and what they do on the Security Plus exam.
Various security testing tools and websites can help you with penetration testing. The following websites provide good vulnerability information related to multiple products.
One thing that you should pay attention to as a security expert is that there are tools designed for penetration testing used by both security experts and hackers.
These tools are as follows:
- Kali Linux is a particular distribution of Linux that you can download from www.kali.org. The above distribution includes several security tools installed in the operating system. Most of the tools mentioned are already installed in Kali Linux. Kali Linux contains tools for cracking passwords, wireless encryption, and performing passive tests such as OSINT, DNS profiling, etc.
- Metasploit: It is a collection of exploits of different products. You can download Metasploit from www.metasploit.com and learn more about it. Metasploit is also pre-installed and ready to use on Kali Linux.