PENETRATION

TESTING

What is Penetration Testing !?!

A method to evaluate computer and network

security by simulating an attack on a

computer system or a network from external
and internal threats .
It involves active analysis of the system for
any potential vulnerabilities (weakness) that
could result from poor/improper system
configuration , both known and unknown
hardware or software flaws , etc,.

 This can be carried out from the position of

potential attacker , involving active

exploitation of security vulnerabilities (Eg.
scanning IP addresses).
And moreover management usually want to
address the vulnerabilities that are present in
the system found through a penetration test .

Two major reasons

Penetration is mainly done for

1) Intrusion Detection
2) Increasing Security

Tools used
Metasploit Framework :
1. It is one of the most commonly used tools for

penetration testing .
2. It provides information about security
vulnerabilities and also develop and execute
exploit code against a machine .

Tools used
Veracode :
1. It determines whether sufficient Encryption

is employed and also whether a piece of

software contains any application doors .
. Nmap :
1. It stands for Network mmapping .
2. It scans for host, services and port
information .

Tools used
Wire Shark (packet sniffer) :
1. Report and capture any traffic within a

network .
2. Great tool to access network bag-downs ,
protocol analysis , suspicious traffic ,etc ,.

Tools used
Cain and Abel :
1. Password recovery tool for windows .
2. It uses dictionary attacks , brute force and

cryptanalysis as well as methods to decode

encrypted passwords .

Tools used
John The Riper :
1. It is a password cracker runs on LINUX /
UNIX , MAC OSX and Windows .
2. It can be run against various encrypted
passwords including several crypt password
hash types that runs on various platforms of
UNIX .

Tools used
Snort :
1. NIPS AND NIDS .
2. It uses signature , protocol and anomaly

based inspection methods to detect

suspicious traffic trying to enter a network .
3. Also used as packet sniffer and packet
logger .

Tools used
Kismet :
1. Powerful packet sniffer and intrusion

detection system for 802.11 wireless LAN .

2. Kismet can work with any wireless card
which supports raw monitoring mode .
3. Also supports plugins which allows sniffing
other media such as DECT , etc ,.

Tools used
Hping 3 :
1. It has built in trace route mode .
2. Particularly used when trying to trace route

hosts behind a firewall that blocks attempts

using standard utilities .

Schematic Diagram

Vulnerability Assessment
VS
Penetration Testing
Vulnerability

Assessment :
1. It detects
vulnerabilities of a
system and also
provides an overview of
the flaws exists in a
system .

Penetration testing :

1. It gains
unauthorized access
to the network or
system and identifies
possible impacts of
system flaws .

Common types of penetration

testing
Black box (zero knowledge) test :

It is a method of software testing

that examines the functionality of an
application without peering into its internal
structures .
White box (Clear box, Glass box) test :
It is a method of software testing
that examines the functionality of an
application by peering through its internal
structures .

Methods for penetration testing

1)
2)
3)
4)
5)
6)

Planning and Preparation

Gathering information and analysis
Vulnerability detection
Penetration attempt
Reporting
Cleaning up

1) Planning and
Preparation
The prime objective of penetration test is to

demonstrate the exploitable vulnerabilities in

the Organization's network infrastructure .
A penetration tester involves in breaking the
law by intruding legally/illegally into the system
or a network.
The important thing is , even if it is carried by
staff members on their system or network , they
should obtain the relevant legal documents
protecting them against legal actions .

This serves as a protection to penetration

testers should anything go wrong during the

tests .
Avoid loading the network during penetration
testing as it allows the system to crash .
The potential attacker should obtain
necessary information as well as time
allotment from the management .
And also the information obtained during the
penetration test will be kept confidential .

2)Gathering information &

Analysis
There are many ways to gather information .
Theres a wealth of tools and online resources

available for getting necessary information .

Netcraft engineers have developed a service
that made our information gathering simpler .
An important method is done by Nmap ,
which is a penetration tool .

Vulnerability Detection
Weakness of a system or a network can be

done found in two ways

1. Manually :
The penetration tracker will search for the
vulnerabilities in the system .
Ex: Microsoft have discovered a
vulnerability called dot-bug in their
personal web server and its still existing in
Windows 95 .

2. Automatically :

This can be done with the help of

penetration tool called Nessus , a security
scanner which takes steps for addressing the
vulnerabilities .
Ex : With the help of NESSUS tool , the
attacker can find the open as well as closed
ports , networks , etc,.
This helps them in penetrate through the
network .

Penetration Attempt
The prime importance thing of penetration
attempt are the time estimation and the
target .
2. Naming the machines (like sourcecode_pc ,
int_surfing) will reduce time as well as to
attack the target .
3. One can also do Dumpster Diving to
penetrate a system or network .
1.

4. There are some penetration tools available

to penetrate a target .
Ex : Password cracking is normal in practice .
Cracking a password involves
i. Dictionary attack : Uses a word list or
dictionary file.
ii. Hybrid crack : Test for passwords that are
variations for words in the dictionary file .
iii. Brute force : Tests for all combination of
passwords .
Also penetrating tool called Brutus employed
in automatic password cracking for telnet
and ftp .

 Also an important method in hacking system is

Social Engineering :

It is nothing but the art of manipulating

people into performing actions or obtaining
confidential information from them .
It is usually carried out by

Phishing (Internet or Phone)

Baiting

Tailgating

Reporting
Overall analysis .
Summary of any successful penetration

attempt .
Detailed description of all the vulnerabilities
found .
Highlights on High and Low threatening
vulnerabilities .
Suggestions to resolve the vulnerabilities
found .

Cleaning up
To clean up any mess (unwanted

information)as a result of penetration testing .

Removes all executable , scripts and
temporary file from the system .
If possible use secure method to delete files
and folders so that the important documents
cannot be removed .
It should be done securely , so that it does not
affect systems normal operations .
A good example is the Removal of user
accounts .

Limitations
It can cause Congestion and System crashing

.
It does not provide any information about the

new vulnerabilities after the test has been

carried out .
Also it is not a best way , if it is not reviewed
periodically , since it is a time estimated one .
It alone provides no information in security of
a computer or a network .
If pentesters cannot be able to break into the
system , it does not mean that the hacker

Conclusion
Penetration testing involves a real world attack

of the system .
It is not a best way , as it does not able to find all
the vulnerabilities exists in a system .
It should be performed after careful consideration
, notification and planning since it has a high
factor of risk than vulnerability scanning .
It provides the address of vulnerabilities present
in the system which helps the management to fix
it and also it helps the management to make
decisions .