Four steps methodology
Let us briefly review each of the four steps that will be covered so you’ve a solid understanding of them. The first step in any penetration testing is “reconnaissance”. This phase deals with information gathering about the target. As was mentioned previously, the more information you collect on your target, the more likely you’re to succeed in later steps. Reconnaissance will be discussed in detail in the second topic.
Regardless of the information you had to begin with, after completing in-depth reconnaissance you should have a list of target Ip addresses that can be scanned. The second step in our methodology can be broken into two distinct activities. The first activity we conduct is port scanning. Once we’ve finished with port scanning, we’ll have a list of open ports and potential service running on each of the targets. The second activity in the scanning phase is vulnerability scanning. Vulnerability scanning is the process of locating and identifying specific weakness in the software and services of our targets.
With the results from step 2 in hand, we continue to the “exploitation” phase Once we know exactly what ports are open, what services are running on those ports, and what services are running on those ports, and what vulnerabilities are associated with those services, we can begin to attack our target. This is the phase that most newcomers associate with “real” hacking. Exploitation can involve lots of different techniques, tools and code. We’ll review a few of the most common tools in Topic 4. The ultimate goal of exploitation is to have administrative access (complete control) over the target machine.
The final phase we’ll examine is “maintaining access”. Oftentimes, the payloads delivered in the exploitation phase provide us with only temporary access to the system. Because most payloads ain’t persistent, we need to create a more permanent backdoor to the system. This process allows our administrative access to survive program closures and even reboots. As an ethical hacker, we must be very careful about the use and implementation of this phase. We’ll discuss how to complete this step as well as the ethical implications of using backdoor or remote control software.
Although not included as a formal step in the penetration testing methodology, the final (and arguably the most important) activity of every PT is the report. Regardless of the amount of time and planning you put into conducting the penetration test, the client will often judge your work and effectiveness on the basis of the quality of your report. The final PT should include all the relevant information uncovered in your test and explain in detail how the test was conducted and what was done during the test. Whenever possible, mitigations and solutions should be presented for the security issues you uncovered. Finally, an executive summary should be included in every PT report. The purpose of this summary is to provide a simple one to two-page, nontechnical overview of your findings. This report should highlight and briefly summarize the most critical issues your test uncovered. It’s vital that this report be readable (and comprehendible) by both technical and nontechnical personnel. It’s important not to fill the executive summary with too many details; that’s the purpose of the detailed report.