SlideShare ist ein Scribd-Unternehmen logo

Phases of penetration testing

Als PPTX, PDF herunterladen
A
Abdul Rahman

Phases of penetration testing With detail Examples

Technologie
1 von 40
Phases of Penetration Test Abdul Rehman IOC Bahauddin Zakariya University Multan
What is Penetration Test? • A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. • A penetration test target may be a ”white box” or ”black box” . • A penetration test can help determine whether a system is vulnerable to attack, if the defenses were sufficient and which defenses were defeated in the penetration test.
Phases of Penetration Test • Reconnaissance • Scanning • Exploitation • Maintaining Access
Reconnaissance • Reconnaissance refer as information gathering before attack. It is the work of gathering information before planning attack. • The more information we gather, our chances of success in later phases of penetration Testing are greater. • Abraham Lincoln Quote “if I had six hours to chop down a tree, I'd spend the first four of them sharpening my axe.” • Reconnaissance conducted by white hat and black hat as well as.
Main Goals and Types of Reconnaissance Two main Goals of Reconnaissance listed below • Gather information as much as possible • Create a list of attachable IP addresses Two main Types of Reconnaissance listed below • Active Reconnaissance • Passive Reconnaissance
Famous Tools use for Reconnaissance(I) • HTTrack • Google • Harvester • Whois • Netcraft
Famous Tools use for Reconnaissance(II) • Host • Extracting information from DNS  NS Lookup  Dig • Extracting information from Emails • Metagoofill • Social Engineering
Famous Tools use for Reconnaissance(III) • HTTrack(Win ,B.T)  Tool for make identical copy of the target site.  Copy consist of Pages, Pics, links etc. • Google  Properly use of Google=Vital skill for penetration tester.  Directives (Keywords, enable accurate information from Google)site, inurl, cache Use of directive 1)name 2)colon 3)term e.g. site:bzu.edu filetype ppt
Famous Tools use for Reconnaissance(IV) • Harvester(Win, B.T) Use for catalog emails and subdomains that are belong to our target. • Whois(Online, B.T) Whois service allow us to access specific information about our target including IP addresses ,host names ,contact info ,phone no. ,Address etc. • Netcraft(Win, B.T) It give us information about site report ,IP address ,OS of the web server.
Famous Tools use for Reconnaissance(V) • Host Use for Translate host name to IP address. • Social Engineering Is exploiting the “human” weakness that inherit in every organization.
Scanning • Scanning is the process of finding the system is alive, ports and vulnerability of the target. • Ethical hacker use scanning tools to determine open ports and services presence of known weaknesses on target systems.
Types of Scanning • Types of scanning are listed below 1. System Scanning 2. Port Scanning 3. Vulnerability Scanning
System Scanning • In system scanning we determine if the system alive and it can interact with other machine or not. • It is important to conduct this step and make note of any machines that respond as alive. • If the system is alive then the penetration test will more fruitful.
Port Scanning(I) • Port scanning is to finding the open port. It is a process of finding the channel from where the attack can be launched. • The basic idea is to analysis the network port and keep information about them so that it can be used In future. • In port scanning we find open port and services such as FTP, Printing or e- mail that are available. • There are total 65536 ports on every computer may be UDP or TCP.
Port Scanning(II) Port Number Description 1 TCP Port Service Multiplexer (TCPMUX) 20 FTP Data 21 FTP Control 53 Domain Name System (DNS) 69 Trivial File Transfer Protocol (TFTP) 115 Simple File Transfer Protocol (SFTP) 156 SQL Server 190 Gateway Access Control Protocol (GACP) 443 HTTPS
Vulnerability Scanning • Vulnerability scanning is performed in which the weakness of target are find out for attack. • Usually the vulnerability scanners find operating system and version number that is installed on target. • Then find weakness in O.S, get information and use this information for exploit it in future.
Tools Used for Scanning • For System Scanning 1. Ping and ping sweeps • For Port Scanning 1. NMap • For Vulnerability Scanning 1. Nessus
Ping and Ping Sweep • Special type of network packet called an ICMP packet. • Work by sending specific types of network traffic, called ICMP echo request packets, to the target. • Telling us that a host is alive and accepting traffic, pings provide other valuable information including the total time it took for the packet to travel to the target and return. • Ping Sweep is work with Fping, in this Ping sent to the series of IP addresses.
Ping and Ping Sweep(II) Results of ping
NMap • Using Nmap to perform a TCP Connect Scan
NMap • Using Nmap to perform UDP Scans
Nessus • Nessus is a GUI bases Vulnerability Scanning tool. • Available for free. • One of the key components of Nessus is the plug-ins. • A plug-in is a small block of code that is sent to the target machine to check for a known vulnerability. Nessus has literally thousands of plug-ins.
Nessus
Nessus
Exploitation • Exploitation is the process of gaining control over a system. • Exploitation is the attempt to turn the target machine into a puppet that will execute your commands and do your bidding.
Password Cracker • Using online password crackers, the potential for success can be greatly increased if you combine this attack with information gathered. • Remote access systems employ a password throttling technique that can limit the number of unsuccessful log-ins you are allowed. • Medusa and Hydra are famous password cracker for exploitation. • JOHN THE RIPPER: KING OF THE PASSWORD CRACKERS
Medusa • Medusa is described as a parallel log-in brute forcer that attempts to gain access to remote authentication services. • Medusa is capable of authenticating with a large number of remote services including AFP, FTP, HTTP, IMAP, MS-SQl , MYSQl , NetWare NCP, NNTP etc. • You need several pieces of information for medusa Target IP Address A username or username list A password or dictionary file containing multiple passwords
Medusa
METASPLOIT HACKING, HUGH JACKMAN STYLE! • Metasploit is a powerful, flexible and free tool. • Truly open source exploit framework. • Open Source meant that for the first time everyone could access, collaborate, develop and share exploits for free. • It allows you to select the target and choose from a wide variety of payloads. • A payload is the “additional functionality” or change in behavior that you want to accomplish on the target machine.
MSFCONSOLE • We focus on Menu-driven Non-GUI text-based system called msfconsole. • msfconsole is fast, friendly and easy to use.
MSFCONSOLE Result of Metaspoilt
SNIFFING NETWORK TRAFFIC • Sniffing is the process of capturing and viewing traffic as it is passed along the network. • Popular technique that can be used to gain access to systems is network sniffing. • Sniffing clear text network traffic is a trivial but effective means of gaining access to systems. • Macof Tool is used for Sniffing
Maintaining Access • In maintaining access, create backdoors in the Target system for future use. • Backdoor is a piece of software that resides on the target computer and allows the attacker to return to the machine at any time. • In some cases, the backdoor is a hidden process that runs on the target machine • There are many tools now-a-days for creating backdoor e.g. netcat ,netcat cryptic cousin ,Netbus , rootkits.
NETCAT THE SWISS ARMY KNIFE • A tool for communication and control network traffic flow. • Excellent choice for a backdoor. • Can be used to transfer files between machines. • Conduct port scans. • Serve as a simple instant messenger. • even function as a simple web server.
NETCAT THE SWISS ARMY KNIFE • Supports sending and receiving both TCP and UDP traffic. • Netcat can connect from any port on your local machine to any port on the target machine.
NETBUS: A CLASSIC • Backdoor and remote control software.
Hacker Defender It Is Not What You Think • Hacker defender is a Rootkit. • Easy to understand and configure. • There are three main files o hxdef100.exe o hxdef100.ini o bdcli100.exe
Hacker Defender
DETECTING AND DEFENDING AGAINST ROOTKITS • Closely monitor the information you put onto the internet. • Properly configure your firewall and other access control lists. • Patch your systems. • Install and use antivirus software. • Make use of an intrusion detection system. • Tools like rootkit revealer, Vice, and F-secure’s ,Backlight are some great free options for revealing the presence of hidden files and rootkits.
Questions?

Empfohlen

How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framworkDeepanshu Gajbhiye
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Rishabh Upadhyay
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 

Empfohlen

How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framworkDeepanshu Gajbhiye
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Rishabh Upadhyay
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Lessons from a Red Team Exercise
Lessons from a Red Team ExerciseLessons from a Red Team Exercise
Lessons from a Red Team ExercisePeter Wood
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 PresentationAmy McMullin
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 PresentationAmy McMullin
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingVi Tính Hoàng Nam
 
Metaploit
MetaploitMetaploit
MetaploitAjinkya Pathak
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingPrabhat kumar Suman
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Standard Penetration Test
Standard Penetration TestStandard Penetration Test
Standard Penetration TestAbdur Rahman Quadri
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51martinvoelk
 

Weitere ähnliche Inhalte

Was ist angesagt?

chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Lessons from a Red Team Exercise
Lessons from a Red Team ExerciseLessons from a Red Team Exercise
Lessons from a Red Team ExercisePeter Wood
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 PresentationAmy McMullin
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 PresentationAmy McMullin
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingVi Tính Hoàng Nam
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 

Was ist angesagt? (20)

chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
Lessons from a Red Team Exercise
Lessons from a Red Team ExerciseLessons from a Red Team Exercise
Lessons from a Red Team Exercise
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 Presentation
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
 
Metaploit
MetaploitMetaploit
Metaploit
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find Them
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 

Andere mochten auch

Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51martinvoelk
 
App Penetration Test
App Penetration TestApp Penetration Test
App Penetration TestAung Khant
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5limsh
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDSMichael Boman
 
Explain Kerberos like I'm 5
Explain Kerberos like I'm 5Explain Kerberos like I'm 5
Explain Kerberos like I'm 5Lynn Root
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and securityMichael Earls
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
Cone Penetration Test
Cone Penetration TestCone Penetration Test
Cone Penetration TestMuftah Aljoat
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Reportbtpsec
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureSam Bowne
 

Andere mochten auch (20)

Standard Penetration Test
Standard Penetration TestStandard Penetration Test
Standard Penetration Test
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51
 
App Penetration Test
App Penetration TestApp Penetration Test
App Penetration Test
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDS
 
Explain Kerberos like I'm 5
Explain Kerberos like I'm 5Explain Kerberos like I'm 5
Explain Kerberos like I'm 5
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life Cycle
 
Secure Software Development Adoption Strategy
Secure Software Development Adoption StrategySecure Software Development Adoption Strategy
Secure Software Development Adoption Strategy
 
Cone Penetration Test
Cone Penetration TestCone Penetration Test
Cone Penetration Test
 
Pgp
PgpPgp
Pgp
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail security
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
CNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and ArchitectureCNIT 40: 2: DNS Protocol and Architecture
CNIT 40: 2: DNS Protocol and Architecture
 

Ähnlich wie Phases of penetration testing

cyber sequirety Terms.pptx
cyber sequirety Terms.pptxcyber sequirety Terms.pptx
cyber sequirety Terms.pptxAritMistri1
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Security concepts
Security conceptsSecurity concepts
Security conceptsartisriva
 
Ids 009 network attacks
Ids 009 network attacksIds 009 network attacks
Ids 009 network attacksjyoti_lakhani
 
Talk28oct14
Talk28oct14Talk28oct14
Talk28oct14mjos
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network SecurityUC San Diego
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
Protection from hacking attacks
Protection from hacking attacksProtection from hacking attacks
Protection from hacking attacksSugirtha Jasmine M
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentationisc2-hellenic
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 

Ähnlich wie Phases of penetration testing (20)

Session Slide
Session SlideSession Slide
Session Slide
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
cyber sequirety Terms.pptx
cyber sequirety Terms.pptxcyber sequirety Terms.pptx
cyber sequirety Terms.pptx
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Security concepts
Security conceptsSecurity concepts
Security concepts
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ids 009 network attacks
Ids 009 network attacksIds 009 network attacks
Ids 009 network attacks
 
Talk28oct14
Talk28oct14Talk28oct14
Talk28oct14
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network Security
 
Metasploit
MetasploitMetasploit
Metasploit
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
Protection from hacking attacks
Protection from hacking attacksProtection from hacking attacks
Protection from hacking attacks
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentation
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
Ready set hack
Ready set hackReady set hack
Ready set hack
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 

Kürzlich hochgeladen

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Kürzlich hochgeladen (20)

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Phases of penetration testing

  • 1. Phases of Penetration Test Abdul Rehman IOC Bahauddin Zakariya University Multan
  • 2. What is Penetration Test? • A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. • A penetration test target may be a ”white box” or ”black box” . • A penetration test can help determine whether a system is vulnerable to attack, if the defenses were sufficient and which defenses were defeated in the penetration test.
  • 3. Phases of Penetration Test • Reconnaissance • Scanning • Exploitation • Maintaining Access
  • 4. Reconnaissance • Reconnaissance refer as information gathering before attack. It is the work of gathering information before planning attack. • The more information we gather, our chances of success in later phases of penetration Testing are greater. • Abraham Lincoln Quote “if I had six hours to chop down a tree, I'd spend the first four of them sharpening my axe.” • Reconnaissance conducted by white hat and black hat as well as.
  • 5. Main Goals and Types of Reconnaissance Two main Goals of Reconnaissance listed below • Gather information as much as possible • Create a list of attachable IP addresses Two main Types of Reconnaissance listed below • Active Reconnaissance • Passive Reconnaissance
  • 6. Famous Tools use for Reconnaissance(I) • HTTrack • Google • Harvester • Whois • Netcraft
  • 7. Famous Tools use for Reconnaissance(II) • Host • Extracting information from DNS  NS Lookup  Dig • Extracting information from Emails • Metagoofill • Social Engineering
  • 8. Famous Tools use for Reconnaissance(III) • HTTrack(Win ,B.T)  Tool for make identical copy of the target site.  Copy consist of Pages, Pics, links etc. • Google  Properly use of Google=Vital skill for penetration tester.  Directives (Keywords, enable accurate information from Google)site, inurl, cache Use of directive 1)name 2)colon 3)term e.g. site:bzu.edu filetype ppt
  • 9. Famous Tools use for Reconnaissance(IV) • Harvester(Win, B.T) Use for catalog emails and subdomains that are belong to our target. • Whois(Online, B.T) Whois service allow us to access specific information about our target including IP addresses ,host names ,contact info ,phone no. ,Address etc. • Netcraft(Win, B.T) It give us information about site report ,IP address ,OS of the web server.
  • 10. Famous Tools use for Reconnaissance(V) • Host Use for Translate host name to IP address. • Social Engineering Is exploiting the “human” weakness that inherit in every organization.
  • 11. Scanning • Scanning is the process of finding the system is alive, ports and vulnerability of the target. • Ethical hacker use scanning tools to determine open ports and services presence of known weaknesses on target systems.
  • 12. Types of Scanning • Types of scanning are listed below 1. System Scanning 2. Port Scanning 3. Vulnerability Scanning
  • 13. System Scanning • In system scanning we determine if the system alive and it can interact with other machine or not. • It is important to conduct this step and make note of any machines that respond as alive. • If the system is alive then the penetration test will more fruitful.
  • 14. Port Scanning(I) • Port scanning is to finding the open port. It is a process of finding the channel from where the attack can be launched. • The basic idea is to analysis the network port and keep information about them so that it can be used In future. • In port scanning we find open port and services such as FTP, Printing or e- mail that are available. • There are total 65536 ports on every computer may be UDP or TCP.
  • 15. Port Scanning(II) Port Number Description 1 TCP Port Service Multiplexer (TCPMUX) 20 FTP Data 21 FTP Control 53 Domain Name System (DNS) 69 Trivial File Transfer Protocol (TFTP) 115 Simple File Transfer Protocol (SFTP) 156 SQL Server 190 Gateway Access Control Protocol (GACP) 443 HTTPS
  • 16. Vulnerability Scanning • Vulnerability scanning is performed in which the weakness of target are find out for attack. • Usually the vulnerability scanners find operating system and version number that is installed on target. • Then find weakness in O.S, get information and use this information for exploit it in future.
  • 17. Tools Used for Scanning • For System Scanning 1. Ping and ping sweeps • For Port Scanning 1. NMap • For Vulnerability Scanning 1. Nessus
  • 18. Ping and Ping Sweep • Special type of network packet called an ICMP packet. • Work by sending specific types of network traffic, called ICMP echo request packets, to the target. • Telling us that a host is alive and accepting traffic, pings provide other valuable information including the total time it took for the packet to travel to the target and return. • Ping Sweep is work with Fping, in this Ping sent to the series of IP addresses.
  • 19. Ping and Ping Sweep(II) Results of ping
  • 20. NMap • Using Nmap to perform a TCP Connect Scan
  • 21. NMap • Using Nmap to perform UDP Scans
  • 22. Nessus • Nessus is a GUI bases Vulnerability Scanning tool. • Available for free. • One of the key components of Nessus is the plug-ins. • A plug-in is a small block of code that is sent to the target machine to check for a known vulnerability. Nessus has literally thousands of plug-ins.
  • 25. Exploitation • Exploitation is the process of gaining control over a system. • Exploitation is the attempt to turn the target machine into a puppet that will execute your commands and do your bidding.
  • 26. Password Cracker • Using online password crackers, the potential for success can be greatly increased if you combine this attack with information gathered. • Remote access systems employ a password throttling technique that can limit the number of unsuccessful log-ins you are allowed. • Medusa and Hydra are famous password cracker for exploitation. • JOHN THE RIPPER: KING OF THE PASSWORD CRACKERS
  • 27. Medusa • Medusa is described as a parallel log-in brute forcer that attempts to gain access to remote authentication services. • Medusa is capable of authenticating with a large number of remote services including AFP, FTP, HTTP, IMAP, MS-SQl , MYSQl , NetWare NCP, NNTP etc. • You need several pieces of information for medusa Target IP Address A username or username list A password or dictionary file containing multiple passwords
  • 29. METASPLOIT HACKING, HUGH JACKMAN STYLE! • Metasploit is a powerful, flexible and free tool. • Truly open source exploit framework. • Open Source meant that for the first time everyone could access, collaborate, develop and share exploits for free. • It allows you to select the target and choose from a wide variety of payloads. • A payload is the “additional functionality” or change in behavior that you want to accomplish on the target machine.
  • 30. MSFCONSOLE • We focus on Menu-driven Non-GUI text-based system called msfconsole. • msfconsole is fast, friendly and easy to use.
  • 32. SNIFFING NETWORK TRAFFIC • Sniffing is the process of capturing and viewing traffic as it is passed along the network. • Popular technique that can be used to gain access to systems is network sniffing. • Sniffing clear text network traffic is a trivial but effective means of gaining access to systems. • Macof Tool is used for Sniffing
  • 33. Maintaining Access • In maintaining access, create backdoors in the Target system for future use. • Backdoor is a piece of software that resides on the target computer and allows the attacker to return to the machine at any time. • In some cases, the backdoor is a hidden process that runs on the target machine • There are many tools now-a-days for creating backdoor e.g. netcat ,netcat cryptic cousin ,Netbus , rootkits.
  • 34. NETCAT THE SWISS ARMY KNIFE • A tool for communication and control network traffic flow. • Excellent choice for a backdoor. • Can be used to transfer files between machines. • Conduct port scans. • Serve as a simple instant messenger. • even function as a simple web server.
  • 35. NETCAT THE SWISS ARMY KNIFE • Supports sending and receiving both TCP and UDP traffic. • Netcat can connect from any port on your local machine to any port on the target machine.
  • 36. NETBUS: A CLASSIC • Backdoor and remote control software.
  • 37. Hacker Defender It Is Not What You Think • Hacker defender is a Rootkit. • Easy to understand and configure. • There are three main files o hxdef100.exe o hxdef100.ini o bdcli100.exe
  • 39. DETECTING AND DEFENDING AGAINST ROOTKITS • Closely monitor the information you put onto the internet. • Properly configure your firewall and other access control lists. • Patch your systems. • Install and use antivirus software. • Make use of an intrusion detection system. • Tools like rootkit revealer, Vice, and F-secure’s ,Backlight are some great free options for revealing the presence of hidden files and rootkits.