[Learning Module] Metasploit The Penetration Tester's Guide : Basic Absolute For Penetration Testing

CyberNews404 - Before going into the Penetration Tester Guide, I'll cover a bit about Penetration Testing. Penetration testing is a way to simulate methods that attackers can use to avoid security control. And get permissions into a system.

Penetration testing is more than just running a scanner/tools automatically and then compiling a bugs report. You will not be an expert penetration tester overnight. It may take years of practice and experience in the real world to become an expert.

Currently, there are changes in the way people perceive and pinpoint penetration testing in the security industry. Penetration Testing Execution Standard (PTES) redefines penetration testing which will affect both beginners and experienced. This definition has also been endorsed by some of the leading members of the security community.

Charter is to define and raise awareness about correct penetration testing. That is to form the basis of the basic principles necessary for penetration testing. If you are new to penetration testing or unfamiliar with PTES, please visit www.pentest-standard.org to learn more about it.

Phase of PTES

The phase of the PTES (Penetration Testing Execution Standard) is designed to define penetration testing and ensure the standard level client organization of the efforts to be issued in penetration testing by anyone who does so. This standard is divided into 7 categories with different levels depending on the effort required for each organization being attacked.

1. Pre-engagement Interactions

This pre-engagement interaction usually occurs when you discuss the scope and requirements of penetration testing with clients. It is important that you convey what the purpose of this engagement is during pre-engagement. This stage also serves as an opportunity to tell thoroughly what can be expected from this penetration testing during an engagement.

2. Intelligence Gathering

At this stage, you will collect whatever information you get from the client organization. Like gathering information through social media, Google hacking, target footprinting, etc.

One of the important skills of the penetration tester is having the ability to learn about the target. Includes how the target behaves, operates. and how it can finally be attacked. The information you collect about the target will provide a valuable understanding of the types of on-site security controls.

During this phase too, you try to identify what kind of protection mechanisms exist in a place and the target system. For example, an organization will often only allow port traffic to certain parts of its external device. And if your query is listed aside from whitelist, then you will be blocked. The same is true when you are testing a web application. Where after a certain limit, the web application firewall will block you and make further requests. In order to remain undetected during the test, you can perform an initial scan of the IP address range that cannot be reconnected to you.

Notes: "In some cases, it might make sense to run very noisy scans of different IPs completely different than those you would use for the main attack. This will help you determine how well the organization responds to the tools you use. "

3. Threat Modeling

Threat modelling uses the information you get in the Intelligence Gathering stage. Then the information is used to identify vulnerabilities that exist in the target system. When doing this stage, you will determine the most effective method. Of course, this attack method uses the information you have already obtained. Then figure out how the target could be possible to attack. And try to exploit vulnerabilities like what an attacker might do.

4. Vulnerability Analysis

After identifying the most effective attack methods, you need to consider how to access the target. During this Vulnerability Analysis, you will combine the information you have obtained from the previous stage. And use it to look for attacks that will be effective. Such as taking into account ports, vulnerability scans, data collected by banner grabbing, and information gained during Intelligence Gathering.

5. Exploitation

This stage may be one of the most glamorous parts of penetration testing. But this stage is often done with brute force or hard path and not blindly with precision. The exploit is done only when you know that this exploit will work. Of course, maybe at the time of the trip, there will be an unexpected refuge in the target spot. This will certainly hinder the exploit before you trigger the vulnerability. You should know very well that the target system is vulnerable.

6. Post Exploitation

This stage is an important component in penetration testing. Here you will distinguish you from the attacker. In this stage, you will target specific target systems, identify critical infrastructure, and target sensitive information/data that the target has been trying to secure. In this stage, you will also exploit the system one by one. Then try to show an attack that has a big impact on the target.

When attacking in Post Exploitation stage, you should take the time to identify the functions of various systems. And it also differentiates each user's different roles. For example in your domain infrastructure system running as admin. Maybe you become a superuser against the domain. But what about systems that communicate with Active Directory? What about the main financial applications used to pay employees? Can you access the system? Then what about the target intellectual property?

Suppose, for example, that the target is a software development store that develops applications for use in a manufacturing environment. Can you insert a backdoor into their source code or their system?

Post Exploitation is one of the most complicated scenarios. Where should you take the time to process the information available and then use that information? Attackers will generally do the same and spend a lot of time on systems like this. Think like an attacker, adapt quickly, and rely on your wits instead of relying on automated tools.

7. Reporting

Reporting is a much more important element in penetration testing. You will report what you have done. Reported how you did it. And most importantly, report how the target should fix the vulnerabilities found during penetration testing.

When doing penetration testing, you will work in the attacker's point of view. The information you get at the test is very important. To achieve the success of targeted information security program. And anticipate a possible attack will come. When Reporting also you should think about how to target using your invention. Raise awareness, recover problems found, and improve overall security. Not just patching technical vulnerabilities.

In this Reporting stage, you will also share your report into executive summary, and technician meetings. At this technician's meeting, you will also discuss how to recover the vulnerability.

Types of Penetration Tests

Now you know the basic understanding of the 7 PTES categories. Now let's review the 2 main types of penetration testing: Openly and Secretly. Penetration is done openly or commonly called "white hat" test is done with full knowledge of the target. While tests conducted in secret are done to simulate the action of the attacker. Absolutely unnoticed and unannounced. Both types of tests have their respective advantages and disadvantages.

1. Penetration Testing Openly

Using this method you will work with targets to identify potential security threats. One benefit of this open test is that you will have access to classified information. And can launch an attack without fear of being blocked. Lack of this open test is that such a test cannot be effective to test the target response program. It also tests how well the target security program detects a particular attack or attack. When your time is up and not being able to perform certain PTES steps, this type of test may be the best option.

2. Penetration Testing Secretly

Unlike the previous method, a secret test was performed to simulate the attacker's actions. Certainly without the knowledge of the target. This test is performed to test the ability of the target internal security team in detecting and responding to attacks.

But with this method will be costly and time-consuming. And requires more skill than an open test. Among the penetration testers, this method tends to be preferred. Because this method is closest to simulate the actual attack. This secret test relies on the ability to obtain information with surveillance. Therefore, in this tide, it is usually not trying to find some big vulnerability loopholes in the target system. But to try to find the easiest way to get access to the system without being detected.

Vulnerability Scanners

Vulnerability Scanners play a very important role in penetration testing. Especially in the test openly. The wealth of knowledge gained in the vulnerability scanner will be valuable. But do not rely too much on this stage. The art of real penetration testing is that it cannot be done automatically. The success of attacking the system requires you to have knowledge and skills. In most cases when it becomes a penetration tester, you will rarely use a vulnerability scanner. But you will rely on the knowledge and skills to disrupt a system.

Pulling It All Together

If you are new to penetration testing or even have not actually adopted a formal methodology, study PTES. As in any trial, while doing penetration testing make sure you run a smooth process. And certainly easy to adapt and do it repeatedly. As a penetration tester, you need to make sure that Intelligence Gathering and Vulnerability Analysis are done as well as possible.

Maybe, that's the only material I can deliver. See you in the next chapter guys....