Security Assurance Basics: Offensive Security Assurance “Penetration Testing 101” (mRr3b00t’s Notebook draft edition 0.3) Author: Daniel Card Penetration Testing Contents Copyright ............................................................................................................................................... 10 Document Control................................................................................................................................. 10 Version .............................................................................................................................................. 10 A glimpse at mRr3b00t’s world ............................................................................................................. 11 Introduction .......................................................................................................................................... 12 Disclaimer.............................................................................................................................................. 12 Realities of System Security Assurance Activities ................................................................................. 13 Sales ...................................................................................................................................................... 14 Scoping .................................................................................................................................................. 14 Test Focus ......................................................................................................................................... 14 Test Types ......................................................................................................................................... 14 Test Scope Definition ........................................................................................................................ 14 Planning ................................................................................................................................................ 15 The Penetration Testing Project ........................................................................................................... 15 Reporting, Findings and Recommendations ......................................................................................... 15 Debriefing.............................................................................................................................................. 15 Penetration Testing Tools – The basics ................................................................................................. 16 Open Source Intelligence Gathering Tools ........................................................................................... 16 Network and Vulnerability Scanning Tools ........................................................................................... 16 Credential Testing Tools ........................................................................................................................ 16 Debugging Tools .................................................................................................................................... 16 Software Assurance Tools ..................................................................................................................... 17 Wireless Testing .................................................................................................................................... 17 Web Proxy Tools ................................................................................................................................... 17 Social Engineering Tools ....................................................................................................................... 17 Remote Access Tools ............................................................................................................................ 17 Network Tools ....................................................................................................................................... 17 Mobile Tools ......................................................................................................................................... 17 Misc Tools ............................................................................................................................................. 17 Dependencies........................................................................................................................................ 18 Guest Operating Systems ...................................................................................................................... 18 Vulnerable Pre-Made Targets ........................................................................................................... 18 Extras For learning ............................................................................................................................ 18 Types of Penetration Test ..................................................................................................................... 19 PUBLIC – Version 0.3 Copyright Xservus Limited Page 2 Penetration Testing Frameworks .......................................................................................................................................... 19 Resources .............................................................................................................................................. 19 Project ................................................................................................................................................... 20 Scoping, Project Setup, Legal & Regulatory, Scheduling, Rules of Engagement .............................. 20 Penetration Testing Phases ................................................................................................................... 20 Post Exploitation ................................................................................................................................... 20 Report Creation and Delivery ............................................................................................................... 20 Key Stakeholder and Team Playback .................................................................................................... 20 Tool bag ............................................................................................................................................. 21 Recon Types and Focuses ..................................................................................................................... 21 Passive Recon ........................................................................................................................................ 22 Search Engines ...................................................................................................................................... 22 Example – Google Dorking ................................................................................................................ 22 Types ............................................................................................................................................. 22 Operators ...................................................................................................................................... 22 Example ............................................................................................................................................. 22 DNS ........................................................................................................................................................ 22 Maltego ................................................................................................................................................. 22 Spiderfoot ............................................................................................................................................. 23 Shodan .................................................................................................................................................. 23 Recon-NG .............................................................................................................................................. 23 The Harvester ........................................................................................................................................ 23 Documenting Findings .......................................................................................................................... 23 Network Scanning ................................................................................................................................. 24 Nmap (Network Mapper).................................................................................................................. 24 Common scan types .......................................................................................................................... 24 Scanning ranges ............................................................................................................................ 24 OS Identification Through TTL........................................................................................................... 24 Packet Crafting .....................................................................................................................................