Scribd
Upload
13 views

3.2 Penetration Testing 1

Penetration testing is a method used to identify and exploit vulnerabilities in systems to assess security. It involves various phases including goal definition, intelligence gathering, and vulnerability mapping, and can be categorized by targeted area, knowledge level, and position. Tools like Metasploit and Nmap are commonly used for conducting penetration tests and vulnerability assessments.

Uploaded by

Ch Umer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views

3.2 Penetration Testing 1

Penetration testing is a method used to identify and exploit vulnerabilities in systems to assess security. It involves various phases including goal definition, intelligence gathering, and vulnerability mapping, and can be categorized by targeted area, knowledge level, and position. Tools like Metasploit and Nmap are commonly used for conducting penetration tests and vulnerability assessments.

Uploaded by

Ch Umer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 61

Penetration Testing

What is Penetration Testing


Penetration testing is an
attempt to exploit the
vulnerabilities to determine
whether unauthorized access or
other malicious activity is
possible.
Vulnerabilities
Causes
• Design and Implementation
• Poor System Configuration
• Insecure network
• System complexity
• Human Errors
Phases of Penetration Testing
Penetration Testing Phases
Testing Phases (1)
Activities involved in this phase

• Defining goals and scope of a test

• Gathering Intelligence

• Deciding on testing methods to be


used
Testing Phases (2)
Mapping the attack vectors and identifying
vulnerabilities
Testing Phases (3)
Testing Phases (4)
Testing Phases (5)
Penetration Testing Types
Penetrating Testing Types
Based on targeted area
Based on Targeted Area
1) Network Services
It usually aims at finding out weakness and loop holes related to a network
infra-structure or an organization. It involves firewall testing, bypass testing,
DNS attacks and many others.

2) Web Application
To check the security level of a web based application. Core components java
Aplus, API etc.

3) Wireless
For wireless devices like notebooks, smartphones and laptops etc. These are
used to check vulnerabilities of wireless access points.
Based on Targeted Area
4) Social Engineering
Confidential or sensitive information for employee of an organization using
any medium like email or message.

5) Client Side
To find the vulnerabilities of client side program. Like web browsers which we
use such as Firefox, Google chrome etc.
Penetrating Testing Types
Based on knowledge
Based on Knowledge
White Box
When the penetration tester is giving complete knowledge about the target, it is
called white box testing. The attacker usually have knowledge of IP address,
components of applications and all other required information.

Black Box
When the tester has no knowledge.

Grey Box
When the attacker has some knowledge like URLs, IP address etc but has not
complete knowledge or access.
Penetrating Testing Types
Based on position
Based on Position
External
If the testing is conducted from outside the network, it is referred as external
penetration testing. It usually targets the assets that are visible from outside
like web application itself, email or domain name.

Internal
If the attacker is present inside the network. Like an employee whose
credentials have been stolen via phishing attack.

Targeted
This is performed by IT team and penetration testing team of an organization
working together.

Blind
The attacker is given limited information.
Penetration Testing Tools
Penetration Testing Tools
For More Knowledge
Metasploit
What is Vulnerability Assessment?
A vulnerability assessment is the
process of defining, identifying,
classifying and prioritizing
vulnerabilities in computer systems,
applications and network
infrastructures and providing the
organization doing the assessment
with necessary knowledge, awareness
and risk background to understand
the threats to its environment and
react appropriately.
Download MetaSploit Framework
Checking Server for Pen-testing
“Help” Command

https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/
“Show exploits”
“search mysql”
“info exploit”
Using an Exploit
“show options” while using exploit
Setting Options as per Previous Info
Run the command using “exploit”
Download metasploitable2
Installing on Virtual Machine
Installing on Virtual Machine (2)
Installing on Virtual Machine (3)
Checking IP address on metasploitable2
“whois ipaddress”
Port Details
Search for exploit of a version
Using exploit
Gaining backdoor access
Run Exploit
Experimentation
For More Knowledge
NMAP
What is NMAP
Nmap or Network Mapper is a free and open source
(license)utility for network discovery and security
auditing. Many systems and network administrators also
find it useful for tasks such as network inventory,
managing service upgrade schedules and monitoring
host or service uptime.
Display Flags
• Go to nmap
• Type “--help”
• This will give a list of all
flags and options that
are avialable to actually
use on nmap
Scanning
• Type “nmap –F serverdomain”
Scanning through IP Address
• Nmap also gives public IP
address of DNS
Scanning through IP
• Type "nmap -F 34.210.230.35"
will produce same results for
the website for what we used
domain name
Scanning Multiple Hosts
nmap "IP address1" "IP address2" IP address 3“
OR
nmap -F "IP address1" "IP address2" IP address 3“
For example
• nmap 192.168.1.1 192.168.1.2 192.168.1.3
Scanning Multiple Hosts (2)
Other way
"nmap -F 192.1.168.1-30"
Scanning multiple addresses
Scanning Target List (3)
We can also give a target list to the nmap
For example,
If target list with name “target.txt” has some addresses
Then simply type command
“nmap –iL targets.txt” to scan
What’s inside
The target list

Create Target list

Write in target list


Scan IP addresses in the file
Scanning Ports (4)
“nmap -p port_number website.com”
Example
nmap -p 20 www.navtttccourse.com
nmap -p 20-25 www.navttccourse.com
nmap -p 20,25,29 www.navttccourse.com
Scanning

nmap -p http www.navttccourse.com For scanning http port


nmap -p www.navttccourse.com For scanning all ports
Aggressive Scan
• "nmap -A website.com"
Aggressive Scan command

Trace route information


Services and Version Scan
• nmap -sV website.com
service version of a port
• service name alongwith version is provided by port

Command Line

Port Service along with version


Trace route Scanning
--traceroute website.com

Command

Revealed Information
Save Everything
While performing as a security Type “ls” to check whether results
analyst, we need to save have been saved or not.
required information what we Folder will be appeared
scanned.

nmap -oN results.txt

Command

ls command
THANK YOU

You might also like