• Join CraxPro and earn real money through our Credit Rewards System. Participate and redeem credits for Bitcoin/USDT. Start earning today!
    Read the detailed thread here

Penetration Testing Introduction: Scanning & Reconnaissance

Currently reading:
 Penetration Testing Introduction: Scanning & Reconnaissance

F0rS3c

Member
LV
1
Joined
Apr 24, 2023
Threads
12
Likes
7
Awards
4
Credits
3,116©
Cash
0$

Penetration testing methodology​

  1. Scanning and Reconnaissance — Getting to know the target using passive methods like researching publicly available information and network scanning.
  2. Threat Modeling — A description or model of all the security concerns and why they should be resolved.
  3. Vulnerability Analysis — Identifying vulnerabilities and determining their severity.
  4. Exploitation — Gaining access by breaching security of a system or finding an bug to exploit in the software.
  5. Post-Exploitation Reporting — Detailing the vulnerabilities found and providing information on potential impact on the company if exploited.
With the general methodology laid out, let’s jump into the initial steps to get up and running with penetration testing.


Going deeper into Scanning and Reconnaissance​

Unlike the movies hackers don’t just start typing and automatically get access to a system. Scanning and reconnaissance is a key part of an attack in that it can detail vulnerable areas of a system. The first step of information gathering can be as simple as a quick google search.

One way to think about information gathering is like breaking into a house. There’s no need to break down the door to get inside when there is a window open. In information gathering we want to find if the company we are testing has left any doors unlocked or maybe a window open.

What are we looking for?​

Information gathering starts in a passive way. We want to get clues on what the company architecture looks like and if there is any routine we can map out. This comes down to finding some key publicly available information such as:

  • Email addresses
  • Phone numbers
  • System information
  • Job Postings
  • Resumes
  • Contact Names

Nmap​

Nmap is a powerful command line scanning tool. Using nmap network architectures and open ports are easier to locate. As a command line tool the main interaction with the tool is based on giving the correct commands for the job. To get a better understanding of how nmap could be used, let’s run through a couple commands.

To do a simple scan we can just provide an address to scan.

We will use scanme.nmap.org which gives permission for scanning. Make sure you have permission before you scan a system you do not own.
nmap scanme.nmap.org
1*1NYbo9G0z5D7Q6x91UYO5w.png

The results show the open ports of the target. With this simple scan you could identify if any vulnerable ports are open. By adding additional modifiers we can focus on certain aspects of the targets.

nmap -A scanme.nmap.org
1*RqhKy1mkyRiytegmjNp6vg.png

In this case the nmap scan also finds the OS type, version and any open ports. Nmap is a powerful tool with many more commands to do specific tests. Checkout nmap’s official website for a the learning guide or take a look at the variety of nmap cheat sheets available online.

Wireshark​

During a penetration test we may want to monitor what is on the network. To do this we can use Wireshark which is a network monitoring tool. Wireshark has shows collects information on all network traffic by providing information on IP addresses, protocols, requests etc.

0*GIEf5tLMKy0JAl5r.png

https://upload.wikimedia.org/wikipedia/commons/0/03/Wireshark_screenshot.png
By filtering the network information we can focus on particular systems and interactions on the network. In a work setting we could filter for any network traffic going to YouTube or Netflix to identify how heavily they are used during work ours. In the same way during a penetration test we could identify what systems

Google Hacking (a.k.a Google Dorking)​

Even though their are great tools for doing scanning and recon, we can just use google to find the same information. Many security issues happen because of misconfiguration of software or accidentally opening information up to public. By querying google with specific strings we can find information not available on a website itself. Using these searches we can find files with user information, passwords, vulnerable servers etc. These search queries are being included into more scanning tools so that this process of searching for these files is automated.

Checkout the Google Hacking Database to see some current examples of

Up Next — Exploitation​

The exploitation phase of a penetration test also utilizes its own set of tools. The go to tool for many penetration testers attacking other systems on a network is the Metasploit Framework.

The Metasploit Framework​

The Metasploit Framework is developed by Rapid7 and comes pre-installed on Kali Linux. Metasploit has a database of exploitation and payloads built-in that updated regularly. Check out our other article — Kali Linux & Metasploit: Getting Started with Pen Testing — to learn more about using metasploit.

1*_yXkEW-CDSevOuoEOdyE0A.png

Opening the metasploit console

Additional Resources​

There are many courses out in the wild that cover penetration testing. Below are a few options that I have found to be good investments of time. If you have any suggestions then comment below!

Courses​

Offensive Security Certified Professional Certificate — A very in depth course on penetration testing provided by the developers of Kali Linux.

Books​

Grey Hat Hacking: The Ethical Hacker’s Handbook — Introduction to both hacking and penetration testing.

Penetration Testing: A Hands-On Introduction to Hacking — A good introduction to the main concepts of pen testing with hands-on exercises.

Websites​

PentesterLab — Provides walkthroughs and vulnerable machines to learn and practice on.
 
  • Like
Reactions: PicKim

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Tips

Similar threads

Top Bottom