Scribd
Upload
370 views

PenetrationTesting Notes

Penetration testing involves legally and ethically exploiting systems to test security by using the same tools as attackers. It includes reconnaissance to gather information, scanning open ports and services to find vulnerabilities, exploitation to take control of systems, and reporting to improve security. The process starts broadly and becomes more specific, potentially pivoting through other machines. Reconnaissance uses both public and technical methods to collect details without detection. Scanning maps which ports accept connections to understand how systems are used, with some ports receiving more traffic. Vulnerabilities found during scanning and exploitation may provide varying levels of access or control.

Uploaded by

Raúl Cálcamo Alonzo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
370 views

PenetrationTesting Notes

Penetration testing involves legally and ethically exploiting systems to test security by using the same tools as attackers. It includes reconnaissance to gather information, scanning open ports and services to find vulnerabilities, exploitation to take control of systems, and reporting to improve security. The process starts broadly and becomes more specific, potentially pivoting through other machines. Reconnaissance uses both public and technical methods to collect details without detection. Scanning maps which ports accept connections to understand how systems are used, with some ports receiving more traffic. Vulnerabilities found during scanning and exploitation may provide varying levels of access or control.

Uploaded by

Raúl Cálcamo Alonzo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Penetration Testing- Writing Inquiry

AKA Ethical Hacking


Penetration testing can be defined as a legal and authorized attempt to locate and
successfully exploit computer systems for the purpose of making those systems more secure
-Use of the same tools an attacker would make use of
-Purpose to increase security of a computer or network
Vulnerability assessment is the process of reviewing services and systems
for potential security issues unlike in pen testing, theres no exploitation
White hat and Black Hat Hackers
-Authorization: obtaining approval before performing pen testing scope of the test
-Motivation: help vs extort
-Intent: White box testing (overt testing) no concern for stealth, through but
unrealistic
Black box testing (covert testing) stealthy and realistic penetration test,
single exploitation

Kali Linux
Offensive Security
Virtual Machine
Advance Package Tool
LINUX IS HUGE

Phases of Penetration Testing


Organized process
Four to Seven steps processes usually
1-Reconnaissance: information gathering get IPs
2-Scanning: Port scanning (find open and running ports) and vulnerability scanning
(weaknesses of software and services)
3-Exploitation: Local or remote, objective of eventually taking control of the
machine
4-Post Exploitation: Creating a permanent way to control and access, Exploitation
is nly temporary

5-Hiding and or Report


From broad to specific
Pivoting: hacking a machine to attack another and so on, repeating these steps in
circle

Recognizance
Gathering of information, requires techonological ,social and researching skills
overlook no details
Open-source intelligence: common knowledge on a company or any possible target
Important to stay in the scope of the testing
This is where related vulnerable systems are found
-Active recongnaissance: direct interaction with the target; higher likelihood
of being detected
-Passive recognissance: using the information available on the web; almost
impossible for a single target to track it

HTTrack: Website copier


Makes an exact offline copy of a website; allows to explore thoroughly a website
with a lower risk of being detected
Cloning a website is easier to trace and offensive ask for
authorization first
There are also automated tools that automatically extract information from a
website
News and Announcements are priority targets due to the possible leaks of
information
GUI version

Google Hacking

Social Engineering

Scanning

-Mapping IP addresses to open ports and services


-Most networks allow some information to flow in and out
Ports data connections that provide a way for networks, services and software to
communicate with the hard drive multiple ports = multiple simultaneous
connections
Some ports receive more traffic than others (front door vs backdoor)
Attackers can gather information of what the system is being used for based on
what ports are being used.
Port Number

Service

20
21
22
23
25
53
80
137139
443
445
1433
3306
3389
5800
5900

FTP data transfer


FTP control
SSH
Telnet
SMTP (e-mail)
DNS
HTTP
NetBIOS
HTTPS
SMB
MSSQL
MySQL
RDP
VNC over HTTP
VNC

4 Sub-steps:
-Determining if the system is alive:
-Identifying the ports and services running every open port is a potential
door to the system
-Leverage the NSE to further interrogate the ports and other findings.
NSE = TOOL that extends Nmaps power and flexibility makes use of custom or
premade scrypts to discover processes and vulnerabilities
Vulnerabilities may be very different. Some will allow the attacker to take complete
control of a system, while others will just give him a small window to attack or non
at all

FIRST SCAN PERIMETER DEVICES (USUALLY LESS PROTECTED), THEN MAIN TARGET
not easy to get into a network unless you chain machines PIVOTING

PINGS and PING sweeps

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy