What is Penetration Testing !?!

A method to evaluate computer and network security

by simulating an attack on a computer system or a network from external and internal threats . It involves active analysis of the system for any potential vulnerabilities (weakness) that could result from poor/improper system configuration , both known and unknown hardware or software flaws , etc,.

 This can be carried out from the position of potential

attacker , involving active exploitation of security vulnerabilities (Eg. scanning IP addresses). And moreover management usually want to address the vulnerabilities that are present in the system found through a penetration test .

Two major reasons

Penetration is mainly done for

1) Intrusion Detection

2) Increasing Security

Tools used
Metasploit Framework :

It is one of the most commonly used tools for penetration testing . 2. It provides information about security vulnerabilities and also develop and execute exploit code against a machine .
1.

Tools used
Veracode :

It determines whether sufficient Encryption is employed and also whether a piece of software contains any application doors . Nmap : 1. It stands for Network mmapping . 2. It scans for host, services and port information .
1.

Tools used
Wire Shark (packet sniffer) :

Report and capture any traffic within a network . 2. Great tool to access network bag-downs , protocol analysis , suspicious traffic ,etc ,.
1.

Tools used
Cain and Abel :

Password recovery tool for windows . 2. It uses dictionary attacks , brute force and cryptanalysis as well as methods to decode encrypted passwords .
1.

Tools used

John The Riper : 1. It is a password cracker runs on LINUX / UNIX , MAC OSX and Windows . 2. It can be run against various encrypted passwords including several crypt password hash types that runs on various platforms of UNIX .

Tools used
Snort :

NIPS AND NIDS . 2. It uses signature , protocol and anomaly based inspection methods to detect suspicious traffic trying to enter a network . 3. Also used as packet sniffer and packet logger .
1.

Tools used
Kismet :

Powerful packet sniffer and intrusion detection system for 802.11 wireless LAN . 2. Kismet can work with any wireless card which supports raw monitoring mode . 3. Also supports plugins which allows sniffing other media such as DECT , etc ,.
1.

Tools used
Hping 3 :

It has built in trace route mode . 2. Particularly used when trying to trace route hosts behind a firewall that blocks attempts using standard utilities .
1.

Schematic Diagram

Vulnerability Assessment VS Penetration Testing

Vulnerability Assessment : 1. It detects Penetration testing :

vulnerabilities of a system and also provides an overview of the flaws exists in a system .

1. It gains unauthorized access to the network or system and identifies possible impacts of system flaws .

Common types of penetration testing

Black box (zero knowledge) test :

It is a method of software testing that examines the functionality of an application without peering into its internal structures . White box (Clear box, Glass box) test : It is a method of software testing that examines the functionality of an application by peering through its internal structures .

Methods for penetration testing

1)
2) 3)

4)
5) 6)

Planning and Preparation Gathering information and analysis Vulnerability detection Penetration attempt Reporting Cleaning up

1) Planning and Preparation

The prime objective of penetration test is to

demonstrate the exploitable vulnerabilities in the Organization's network infrastructure . A penetration tester involves in breaking the law by intruding legally/illegally into the system or a network. The important thing is , even if it is carried by staff members on their system or network , they should obtain the relevant legal documents protecting them against legal actions .

 This serves as a protection to penetration testers

should anything go wrong during the tests . Avoid loading the network during penetration testing as it allows the system to crash . The potential attacker should obtain necessary information as well as time allotment from the management . And also the information obtained during the penetration test will be kept confidential .

2)Gathering information & Analysis

There are many ways to gather information . Theres a wealth of tools and online resources available

for getting necessary information . Netcraft engineers have developed a service that made our information gathering simpler . An important method is done by Nmap , which is a penetration tool .

Vulnerability Detection
Weakness of a system or a network can be done found

in two ways 1. Manually : The penetration tracker will search for the vulnerabilities in the system . Ex: Microsoft have discovered a vulnerability called dot-bug in their personal web server and its still existing in Windows 95 .

2. Automatically :

This can be done with the help of penetration tool called Nessus , a security scanner which takes steps for addressing the vulnerabilities . Ex : With the help of NESSUS tool , the attacker can find the open as well as closed ports , networks , etc,. This helps them in penetrate through the network .

Penetration Attempt
The prime importance thing of penetration attempt are the time estimation and the target . 2. Naming the machines (like sourcecode_pc , int_surfing) will reduce time as well as to attack the target . 3. One can also do Dumpster Diving to penetrate a system or network .
1.

4. There are some penetration tools available to

penetrate a target . Ex : Password cracking is normal in practice . Cracking a password involves i. Dictionary attack : Uses a word list or dictionary file. ii. Hybrid crack : Test for passwords that are variations for words in the dictionary file . iii. Brute force : Tests for all combination of passwords . Also penetrating tool called Brutus employed in automatic password cracking for telnet and ftp .

 Also an important method in hacking system is

Social Engineering : It is nothing but the art of manipulating people into performing actions or obtaining confidential information from them . It is usually carried out by Phishing (Internet or Phone) Baiting Tailgating

Reporting
Overall analysis .
Summary of any successful penetration attempt . Detailed description of all the vulnerabilities found .

Highlights on High and Low threatening

vulnerabilities . Suggestions to resolve the vulnerabilities found .

Cleaning up
To clean up any mess (unwanted information)as a

result of penetration testing . Removes all executable , scripts and temporary file from the system . If possible use secure method to delete files and folders so that the important documents cannot be removed . It should be done securely , so that it does not affect systems normal operations . A good example is the Removal of user accounts .

Limitations
It can cause Congestion and System crashing .
It does not provide any information about the new

vulnerabilities after the test has been carried out . Also it is not a best way , if it is not reviewed periodically , since it is a time estimated one . It alone provides no information in security of a computer or a network . If pentesters cannot be able to break into the system , it does not mean that the hacker would not .

Conclusion
Penetration testing involves a real world attack of the

system . It is not a best way , as it does not able to find all the vulnerabilities exists in a system . It should be performed after careful consideration , notification and planning since it has a high factor of risk than vulnerability scanning . It provides the address of vulnerabilities present in the system which helps the management to fix it and also it helps the management to make decisions .