Penetration testing deals with legitimate attacks on a computer system so as to assess the level of security the system has. Here, vulnerabilities are identified in the form of: known vulnerabilities, backdoors, loopholes, probability of unauthorized access, or perhaps a vulnerability that has to yet been publicly disclosed (Zero day). Curious about how to pen test a system? A quick overview of such methodologies may help you out:
Reconnaissance: You have to know what you are dealing with, if you are pen testing a particular institution, gather as much information as possible. What kind of clients do they receive? How security-savvy is the target/employees? Any available open ports? What operating systems do the company use? What authentication methods does the login page on the website go through? On what kind of database management system is data stored? Public records can be used as can social networking sites for information gathering. Nmap can also be a fantastic network reconnaissance tool.
Finding vulnerabilities: Once you know more about the target individual or company at hand, it’s time to find vulnerabilities. There may be some improperly configured firewall that perhaps exposes some ports it shouldn’t. Maybe the database is vulnerable to SQL injection due to un-sanitized user inputs. An insecure website maybe susceptible to session hijacking. Various vulnerabilities exist, depending on the system at hand. It may involve data storage, connectivity or networks, authentication and authorization methods. Finding all possible weaknesses is one of the most important steps.
Creating the attack: Now that you know the weaknesses, how exactly can said weaknesses be exploited? Using password brute-forcing?, through Man in the Middle attacks?, By utilizing social engineering skills against an employee? Use tools to craft a suitable attack or create your own tools.
Delivering the attack: The ideal delivery method can determine whether or not an attack will fail. How likely would it be to gain a reverse shell from social engineering? Here, reconnaissance comes in; having inside knowledge on the company and its employees would be beneficial. Data-mining malware and phishing scams can be delivered through email. A payload can be directly delivered into a computer should the system be unpatched and vulnerable to a remote code execution vulnerability. Think like a hacker and consider all the possible ways someone is likely to exploit a system. A few tools like Metasploit, Netsparker, SQLMap and BeEF are useful for exploiting vulnerabilities.
Reporting: Whether or not the attack was successful, you’re going to have to report back to the client. Highlight all your discoveries and suggest possible solutions and mitigations. Install security measures if necessary, patch all vulnerabilities, and educate employees on security if required.