Skip to main content

Introduction to Penetration Testing

 Penetration Testing involves finding vulnerabilities within a computer system or web application that can be potentially targeted by hackers, and suggesting ways in which this vulnerabilities can be blocked in order to avoid any future attacks.
It is important to note that Penetration Testing must be performed with prior permission (preferably written) from the owner if the target system. Otherwise you may be in legal trouble, if caught, as hacking is a crime in most countries.
The vulnerabilities that may occur on a system vary in complexity and the amount of damage that may be caused to the system. It may be something as  simple as a weak password that the attacker can guess to gain access to sensitive data, SQL Injection, XSS just to name a few. This are areas that I will cover in future posts.
In penetration testing, the core steps are:
  • Reconnaissance
It invovles gathering as much information as possible about a potential target before any attack takes place. There are various methods by which an attacker can gain valuable information many of which are publicly available and can be accesed by anyone. The information gathered includes but is not limited to, phone numbers and email addresses on websites that can be used for social engineering, url analysers that can reveal the structure of a website, eaves dropping on employees of a specific company to find some information on the inner workings of the organiztion and shoulder surfing to try and see passwords that a person may type into their computer.
  • Scanning
Vulnerabilitites and posiible attack vectors are identified in this phase. The attacker actively probes the target system to identify any security weakness that may be present and that can be expoited to achieve the end goal of the attacker. Weaknesses can include, easily accessible administrator pages with default/easy passwords and  suceptability to SQL injection.
  • Gaining Access
  • Vulnerabilities identified in the previous phase are used by the attacker to gain access to the target system. The attacker will try each one of the vulnerabilities to see which one will work and allow him to gain priviledged acccess to the system. Multiple attack vectors may be used to end up with a successfull attack.
  • Maintaining Access
  • Once the attacker has priviledged access on the target, they would need to maintain this access for future access to the system. Thee attacker would not want their activities to be detected and therefore would want to get rid of any evidence that an attack has taken place. This usually involves clearing log files. The compromised system can now be used to perform attacks on other system.
A penetration tester would keep a log of all this activities and create a documentation to show that this vulnerabilities are present and how they can be fixed in order to prevent a potential attacker from acessing the system with the same or simmilar techniques.

In this blog I will be going through various aspects penetration testing protecting and protecting ine self from this vulnerabilities and hopefully add something useful  to anyone who chooses to read.

Sources:
https://www.redteam-pentesting.de/en/pentest/
https:www.veralab.com
Labels:

Comments

Post a Comment

Popular posts from this blog

Natas Level 11 Writeup: XOR Encryption

1. Objective Find the password for natas level 12. 2. Introduction When we open the webpage for Natas 11, we are greeted with the following message: Cookies are protected with XOR encryption. What is XOR: XOR is a binary operation that returns true (1) only when the number of true inputs is odd. It compares corresponding bits of two binary numbers, resulting in 1 for differing bits and 0 for identical bits. Example: Let's consider two binary numbers, A = 1010 and B = 1101. 1010 X 1101 ------- 0111 In this case, A XOR B equals 0111 in binary, or 7 in decimal. XOR Property: If A XOR B = C, then A XOR C = B. Verification: Let A = 1010, C = 0111, and find B. 1010 X 0111 ------- 1101 The result is 1101 in binary, which is B. So, A XOR C equals B, confirming the XOR property. This property holds true for any combination of A, B, and C, demonstrating that given any two values, you can find the third using XOR. 3. Exploration Ch...
Post a Comment
Read more

Natas Level 14 Writeup: SQL Injection

1. Objective  Find the password for natas level 15. URL: http://natas14.natas.labs.overthewire.org   2. Introduction After opening the webpage, we see a login form. We need to get the correct credentials or somehow bypass the login page in order to proceed to the next level.   3. Exploration Clicking on the View sourcecode link we are able to view the logic of the server side code. The following code snippet is used to query the database to check if the username and password are valid $query = "SELECT * from users where username=\"".$_REQUEST["username"]."\" and password=\"".$_REQUEST["password"]."\""; However, we immediately notice that the input is not being sanitized and is being used directly in the query via string concatenation. These shows us that there is potential for sq injection        SQL injection is a cyber attack that exploits vulne...
Post a Comment
Read more

Natas Level 7 Writeup: Directory Traversal

  URL: http://natas7.natas.labs.overthewire.org Open the Website : Exploration : Page Navigation: Clicking on the "home" and "about" pages reveals the following links: http://natas7.natas.labs.overthewire.org/index.php?page=home http://natas7.natas.labs.overthewire.org/index.php?page=about Hint in Source Code: Inspecting the source code provides a hint about how the application includes pages. Exploit : URL Parameter Manipulation: Replace the page parameter with the desired file path: http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8   Success : You have successfully manipulated the URL parameter to access the password for natas8. Proceed to the next level using the acquired information.   PS: In Natas0, it was stated that    All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5 That is how we know that the file...
Post a Comment
Read more