This document outlines the methodology for performing a penetration test in three phases: planning and preparation, assessment, and reporting. The planning phase involves setting scope and contacts. The assessment phase consists of information gathering, network mapping, vulnerability identification, penetration testing, privilege escalation, and maintaining access. The final phase covers reporting findings, cleanup, and destroying artifacts. The goal is to find security vulnerabilities before attackers do.
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
Â
Pen test methodology
1. PENETRATION
TESTING
METHODOLOGY
Ver. 1.0
Cahyo Darujati, MT.
Open Information Systems Security Group
2. REQUEST A
PENETRATION TEST
QUOTE
â Find Holes Now Before Somebody Else
Does :-p
â FREE Consultation.
â +62-8123-594969 (SMS ONLY)
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 2
3. Quote
â Security is a process not a product
(Bruce Schneier)
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 3
4. CONTENTS
What is Pen-Testing?
Why perfoms Pen-testing?
PHASE â I: PLANNING AND PREPARATION
PHASE â II: ASSESSMENT
PHASE â III: REPORTING, CLEAN UP &
DESTROY ARTIFACTS
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 4
5. What is Pen-Testing?
â Penetration testing is the process of
attempting to gain access to resources
without knowledge of usernames,
passwords and other normal means of
access. If the focus is on computer
resources, then examples of a
successful penetration would be
obtaining or subverting confidential
documents, pricelists, databases and
other protected information.
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 5
6. Why perfoms Pen-testing?
â There are a variety of reasons for
performing a penetration test. One of the
main reasons is to find vulnerabilities
and fix them before an attacker does.
Sometimes, the IT department is aware
of reported vulnerabilities but they need
an outside expert to officially report them
so that management will approve the
resources necessary to fix them.
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 6
7. PHASE â I
PLANNING AND PREPARATION
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 7
8. PLANNING AND
PREPARATION
(a) Identification of contact individuals from
both side,
(b) Opening meting to confirm the scope,
approach and methodology, and
(c) Agree to specific test cases and
escalation paths
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 8
11. 1.Information Gathering
Essentially using the Internet to find all the
information you can about the target (company
and/or person) using both technical
(DNS/WHOIS) and non-technical (search
engines, news groups, mailing lists etc)
methods.
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 11
12. 2.Network Mapping
Many tools and applications can be used in this stage to aid the
discovery of technical information about the hosts and networks
involved in the test.
·Find live hosts
·Port and service scanning
·Perimeter network mapping (router, firewalls)
·Identifying critical services
·Operating System fingerprinting
·Identifying routes using Management Information Base (MIB)
·Service fingerprinting
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 12
13. 3.Vulnerability
Identification
The assessor will perform several activities to detect exploitable
weak points. These activities include:
1. Identify vulnerable services using service banners
2. Perform vulnerability scan to search for known
vulnerabilities.
3. Perform false positive and false negative verification
4. Enumerate discovered vulnerabilities
5. Estimate probable impact (classify vulnerabilities found)
6. Identify attack paths and scenarios for exploitation
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 13
14. 4.Penetration
1.Find proof of concept code/tool
2.Develop tools/scripts
3.Test proof of concept code/tool
4.Customize proof of concept code/tool
5.Test proof of concept code/tool in an isolated environment
6.Use proof of concept code against target
7.The proof of concept code/tool is used against the target to
gain as many points of unauthorized access as possible.
8.Verify or disprove the existence of vulnerabilities
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 14
15. 5.Gaining Access &
Privilege Escalation
5.1 Gaining Access
5.1.1 Gain Least Privilege
5.1.2 Compromise
5.1.3 Final Compromise on Target
5.2 Privilege Escalation
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 15
16. 6.Enumerating Further
1.Obtain encrypted passwords for offline cracking
2.Obtain password (plaintext or encrypted) by using sniffing or
other techniques
3.Sniff traffic and analyze it
4.Gather cookies and use them to exploit sessions and for
password attacks
5.E-mail address gathering
6.Identifying routes and networks
7.Mapping internal networks
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 16
17. 7.Compromise Remote
Users/Sites
A single hole is sufficient to expose an entire network,
regardless of how secure the perimeter network may be. Any
system is as strong (in this case, as secure) as the weakest of
its parts.
Communications between remote users/sites and enterprise
networks may be provided with authentication and encryption
by using technologies such as VPN, to ensure that the data in
transit over the network cannot be faked nor eavesdropped.
In such scenarios the assessor should try to compromise
remote users, telecommuter and/or remote sites of an
enterprise. Those can give privileged access to internal
network.
Heker Biasa, http://cahyod.dosen.narotama.ac.id/ 17