Table of Contents for
Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition by Gerard Johansen Published by Packt Publishing, 2016
  1. Cover
  2. Table of Contents
  3. Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
  4. Kali Linux 2 – Assuring Security by Penetration Testing Third Edition
  5. Credits
  6. Disclaimer
  7. About the Authors
  8. About the Reviewer
  9. www.PacktPub.com
  10. Preface
  11. What you need for this book
  12. Who this book is for
  13. Conventions
  14. Reader feedback
  15. Customer support
  16. 1. Beginning with Kali Linux
  17. Kali Linux tool categories
  18. Downloading Kali Linux
  19. Using Kali Linux
  20. Configuring the virtual machine
  21. Updating Kali Linux
  22. Network services in Kali Linux
  23. Installing a vulnerable server
  24. Installing additional weapons
  25. Summary
  26. 2. Penetration Testing Methodology
  27. Vulnerability assessment versus penetration testing
  28. Security testing methodologies
  29. General penetration testing framework
  30. Information gathering
  31. The ethics
  32. Summary
  33. 3. Target Scoping
  34. Preparing the test plan
  35. Profiling test boundaries
  36. Defining business objectives
  37. Project management and scheduling
  38. Summary
  39. 4. Information Gathering
  40. Using public resources
  41. Querying the domain registration information
  42. Analyzing the DNS records
  43. Getting network routing information
  44. Utilizing the search engine
  45. Metagoofil
  46. Accessing leaked information
  47. Summary
  48. 5. Target Discovery
  49. Identifying the target machine
  50. OS fingerprinting
  51. Summary
  52. 6. Enumerating Target
  53. Understanding the TCP/IP protocol
  54. Understanding the TCP and UDP message format
  55. The network scanner
  56. Unicornscan
  57. Zenmap
  58. Amap
  59. SMB enumeration
  60. SNMP enumeration
  61. VPN enumeration
  62. Summary
  63. 7. Vulnerability Mapping
  64. Vulnerability taxonomy
  65. Automated vulnerability scanning
  66. Network vulnerability scanning
  67. Web application analysis
  68. Fuzz analysis
  69. Database assessment tools
  70. Summary
  71. 8. Social Engineering
  72. Attack process
  73. Attack methods
  74. Social Engineering Toolkit
  75. Summary
  76. 9. Target Exploitation
  77. Vulnerability and exploit repositories
  78. Advanced exploitation toolkit
  79. MSFConsole
  80. MSFCLI
  81. Ninja 101 drills
  82. Writing exploit modules
  83. Summary
  84. 10. Privilege Escalation
  85. Password attack tools
  86. Network spoofing tools
  87. Network sniffers
  88. Summary
  89. 11. Maintaining Access
  90. Working with tunneling tools
  91. Creating web backdoors
  92. Summary
  93. 12. Wireless Penetration Testing
  94. Wireless network recon
  95. Wireless testing tools
  96. Post cracking
  97. Sniffing wireless traffic
  98. Summary
  99. 13. Kali Nethunter
  100. Installing Kali Nethunter
  101. Nethunter icons
  102. Nethunter tools
  103. Third-party applications
  104. Wireless attacks
  105. HID attacks
  106. Summary
  107. 14. Documentation and Reporting
  108. Types of reports
  109. The executive report
  110. The management report
  111. The technical report
  112. Network penetration testing report (sample contents)
  113. Preparing your presentation
  114. Post-testing procedures
  115. Summary
  116. A. Supplementary Tools
  117. Web application tools
  118. Network tool
  119. Summary
  120. B. Key Resources
  121. Paid incentive programs
  122. Reverse engineering resources
  123. Penetration testing learning resources
  124. Exploit development learning resources
  125. Penetration testing on a vulnerable environment
  126. Online web application challenges
  127. Virtual machines and ISO images
  128. Network ports
  129. Index

Chapter 3. Target Scoping

Prior to conducting any type of penetration test, the pentester needs to engage the client to ensure that all the appropriate information is obtained. During the target scoping phase, the penetration tester will gather information from the client that will be used to generate target assessment requirements, define the parameters for testing, and the client's business objectives and time schedule. This process plays an important role in defining clear objectives toward any kind of security assessment. By determining these key objectives, one can easily draw a practical road map of what will be tested, how it will be tested, what resources will be allocated, what limitations will be applied, what business objectives will be achieved, and how the test project will be planned and scheduled. All of this information is finally captured in a test plan that expressly states what the scoping of the test will be.

We can combine all of these elements and present them in a formalized scope process to achieve the required goal. The following are the key concepts that will be discussed in this chapter:

  • Gathering client requirements: This deals with accumulating information about the target environment through verbal or written communication.
  • Preparing the test plan: This depends on different sets of variables. These variables may include shaping the actual requirements into a structured testing process, legal agreements, cost analysis, and resource allocation.
  • Profiling test boundaries: This determines the limitations associated with the penetration testing assignment. These can be a limitation of technology, knowledge, or a formal restriction on the client's IT environment.
  • Defining business objectives: This is a process of aligning business views with the technical objectives of the penetration testing program.
  • Project management and scheduling: This directs every other step of the penetration testing process with a proper timeline for test execution. This can be achieved using a number of advanced project management tools.

It is highly recommended that you follow the scoping process in order to ensure test consistency and a greater probability of success. Additionally, this process can also be adjusted according to the given situation and test factors. Without any such process there will be a greater chance of failure, as the requirements gathered will have no proper definitions and procedures to follow. This can lead the entire penetration testing project into danger and may result in an unexpected business interruption. At this stage, paying special attention to the penetration testing process would make an excellent contribution toward the rest of the test phases and clear the perspectives of both technical and management areas. The key is to acquire as much information as possible from the client beforehand to formulate a strategic path that reflects the multiple aspects of penetration testing. These may include negotiable legal terms, contractual agreement, resource allocation, test limitations, core competencies, infrastructure information, timescales, and rules of engagement. As a part of best practices, the scope process addresses each of the attributes that are necessary to initiate our penetration testing project in a professional manner.

Each step constitutes unique information that is aligned in a logical order to pursue the test execution successfully. This also governs any legal matters to be resolved at an early stage. Hence, we will explain each of these steps in more detail in the following section. Keep in mind that it will be easier for both the client and penetration testing consultant to further understand the process of testing if all the information gathered is managed in an organized manner.

Gathering client requirements

This step provides a generic guideline that can be drawn in the form of a questionnaire to devise all the information about the target infrastructure from a client. A client can be any subject who is legally and commercially bound to the target organization. Thus, for the success of the penetration testing project, it is critical to identify all internal and external stakeholders at an early stage of a project and analyze their levels of interest, expectations, importance, and influence. A strategy can then be developed to approach each stakeholder with their requirements and involvement in the penetration testing project, in order to maximize positive influences and mitigate potential negative impacts.

Note

It is solely the duty of the penetration tester to verify the identity of the contracting party before taking any further steps.

The basic purpose of gathering client requirements is to open a true and authentic channel by which the pentester can obtain any information that may be necessary for the testing process. Once the test requirements have been identified, the client should validate them in order to remove any misleading information. This will ensure that the future test plan is consistent and complete.

Creating the customer requirements form

We have listed some of the commonly asked questions and considerations that may be used as a basis to create a conventional customer requirements form. It is important to note that this list can be extended or shortened according to the goal of a client:

  • Collect basic information such as company name, address, website, contact person(s) details, e-mail address, and telephone number(s).
  • Determine the key objectives behind the penetration testing project.
  • Determine the penetration test type (with or without specific criteria):
    • Black box testing
    • White box testing
    • External testing
    • Internal testing
    • Social engineering included
    • Social engineering excluded
    • Investigate employee background information
    • Adopt employee's fake identity (legal counsel may be required)
    • Denial of service included
    • Denial of service excluded
    • Penetrate business partner systems
  • How many servers, workstations, and network devices need to be tested?
  • Which operating system technologies are supported by your infrastructure?
  • Which network devices need to be tested? Firewalls, routers, switches, load balancers, IDS, IPS, or any other appliances?
  • Are disaster recovery plans in place? If yes, whom should we contact?
  • Are there any administrators currently managing your network?
  • Is there any specific requirement to comply with industry standards? If yes, list them.
  • Who will be the point of contact for this project?
    • What is the timeline allocated for this project?
    • What is your budget for this project?
    • List any miscellaneous requirements, if necessary.

The deliverables assessment form

The following is an example of the type of items expected from a deliverables assessment form. This list is not holistic and items should be added or removed based on customer expectations and needs:

  • What types of reports are expected?
    • Executive reports
    • Technical assessment reports
    • Developer reports
  • In which format do you prefer the report to be delivered? PDF, HTML, or DOC?
  • How should the report be submitted? Encrypted e-mail or printed?
  • Who is responsible for receiving these reports?
    • Employee
    • Shareholder
    • Stakeholder
    • Third-Party Assessor
    • Government Regulators

By using such a concise and comprehensive inquiry form, you can easily extract the customer requirements and fulfill the test plan accordingly.