1

ENG202C

Penetration Testing: Process and Procedures

Ryan Nguyen
 2

Contents

Penetration Testing: Process and Procedures.................................1

Contents.................................................................................................................. 2
Preface.................................................................................................................... 3
Phase I: Recon............................................................................... 3
User Setup............................................................................................................... 3
Pre-engagement Interactions.................................................................................. 4
Phase II: Scanning.........................................................................4
Vulnerability Analysis.............................................................................................. 4
Phase III: Exploitation....................................................................4
Exploitation............................................................................................................. 5
Privilege Escalation................................................................................................. 5
Phase IV: Post Exploitation............................................................5
Reporting................................................................................................................. 5
 3

Preface
A Penetration Tester conducts vulnerability analysis on a customers network that
imitates an attacker trying to gain unauthorized access. The main goal of a
Penetration tester is to gain the highest privilege on the network to be able to make
permanent changes. Penetration Testing is a dynamic process that will change with
every network that is being exploited. No two networks or machines are the same
and the toolsets and techniques used will vary. What will stay the same are the
methodologies that can be described in the following phases:

Phase I: Reconnaissance
User Setup
Pre-engagement Interactions

Phase II: Scanning

Vulnerability Analysis

Phase III: Exploitation

Privilege Escalation

Phase IV: Post Exploitation

Reporting

Phase I: Recon

User Setup
To get started, at least one computer with various software installed is needed to
conduct Penetration operations. A Penetration Tester must be familiar utilizing
various operating systems, virtual machines, and software on those machines.
Being able to have Windows, Mac, and Linux operating systems ready on-site will
result in a successful exploitation of a network and associated system.
What is required:
Hardware
- Laptop (at least 8GB RAM)
- 500 GB hard drive
- Intel Quad Core i7 Processor
Operating Systems
- Windows
- Linux (Kali, Ubuntu)
 4

- Mac
Virtual Machines
- VMware or Virtual Box
Software
Software and programs used is entirely up to the Penetration Tester. Just as a
carpenter brings a toolbox to a jobsite, they may only need a handful of tools
for the given job. Although there are hundreds of tools available, a
Penetration Tester has preferred methods and tools they are well versed with.

Pre-engagement Interactions
A Penetration Tester will be able to strategize and understand the target
without the target knowing queries about their network are being conducted.
Passive information gathering is the process of collecting information about your
target using publicly available information. Publicly available information
gathering methods include using services like Google.
Any act of gathering information about the target without communicating
with them directly can be considered passive. A Penetration Tester will attempt
to passively gain information such as the emails of employees of the targets
network. Email addresses can help Penetration Testers map out the users in the
network. The conventions of organizational emails can also be a hint as to how
users choose usernames to their systems.

Phase II: Scanning

Vulnerability Analysis
Scanning a targets network is considered Active Information Gathering
direct communication is being done to the targets network. Scanning a targets
network serves two purposes; (1) Scanning will allow a Penetration Tester to
discover the machines that make up the targets network and (2) scanning the
newly discovered device will identify vulnerabilities. If the targets network has
several devices within, this increases a Penetration Testers chances of finding
vulnerabilities with scanning.
The main goal for a Penetration tester during this phase is to find devices that
provide information that will allow direct access to the targets network. For
example, if a Penetration Tester finds the targets Domain Name Server (DNS) as
a result of scanning, a variety of exploitable information such as IP addresses and
server names can be discovered.

Phase III: Exploitation

 5

Exploitation
Once vulnerable devices provide exploitable information from scanning,
actionable exploits can now be used to gain access to the targets network.
During this phase a Penetration Tester may use several tools and methods to gain
access. Often a Penetration tester can cross-reference the vulnerable machines
they found and search for pre-made exploitable scripts online. The exploitable
scripts may need to be configured to include the targets information, this
information would be found during the previous scanning phase.

Privilege Escalation
After exploitation techniques are successful and access into the targets
network is achieved a Penetration Testers next priority is to gain the highest
permissions possible. Permissions on a network dictate the activities the user is
allowed to perform. Privileges can be categorized into three actions:

Read
Allows the user to view documents, files, and other information.
Write
Allows the user to create documents, files, and other information.
Execute
Allows the user to make permanent changes to the network and
configurations.
Privileges are often combined and assigned to many groups called Roles.
Roles allow network administrators to group the users in an organization and give
each role permissions as they see fit. For example, a Network Administrator can
give Read and Write permissions to the finance department of the network,
excluding Execute permissions so they cant make permanent changes. As a
Penetration Tester, the goal is to use methods to undermine the roles assigned to
gain Read, Write, and Executable privileges also known as root privilege.
Obtaining root privilege will allow the Penetration Tester do perform and
action on the network. Some examples include; removing users from accessing the
network and accessing personal and sensitive information.

Phase IV: Post Exploitation

 6

Reporting
This final phase will allow the Penetration Tester to summarize the actions in
which they took to gain access to the customers network. With root privilege, a
Penetration Tester can provide the customer with a report of the vulnerabilities and
the harm that can be done within the customers network. Reports are written with
the audience in mind. For example, executive summaries do not include much
technical detail only the results and their impact on the clients security posture.
After the report is completed the Penetration Testers job is complete, the customer
is responsible for fixing the vulnerabilities that the Penetration Tester has revealed.