What is Penetration Testing?
A network penetration test identifies security vulnerabilities in applications and systems by using malicious techniques on purpose to evaluate the network’s security or lack thereof.
A network penetration test, also known as a pen test, is similar to vulnerability assessments in that it seeks to identify vulnerabilities in a network.
On the other hand, a penetration test is an exact simulation of a potential attack to identify vulnerabilities that are harder to find in a network.
What Steps Are Involved In Network Penetration Testing?
Network penetration testing and vulnerability assessments are terms that are frequently used interchangeably.
However, there are some significant differences. For example, most security practitioners consider network penetration testing to be a step after your vulnerability assessment.
Particularly after the vulnerabilities identified in the vulnerability assessment have been addressed, the business owner wishes to further test the network’s security.
List of top Network penetration testing checklist
- Host Discovery
- Port Scanning
- Banner Grabbing/OS Fingerprinting
- Scan for Vulnerabilities
- Draw Network Diagrams
- Prepare Proxies
- Document all Findings
Let’s explain in brief
1. Host Discovery
Footprinting is the first and important phase in which information on your target system is collected.
DNS footprinting helps list DNS records such as (A, MX, NS, SRV, PTR, SOA, CNAME) in the target domain.
- A– A record is used to point the domain name, like cybersguards.com, to its hosting server’s IP address.
- MX– Email exchange records responsible.
- NS– NS records identify the DNS servers in charge of the domain.
- SRV– Distinguish records for the service hosted on specific servers. PTR– Reverse DNS lookup, you can use the IP to associate domain with it.
- SOA– Record start, it’s nothing but information about the DNS Zone and other DNS records in the DNS system.
- CNAME– Cname maps a domain to a different domain name.
Live hosts, accessible hosts in the target network can be detected using network scanning tools like Advanced IP Scanner, NMAP, HPING3, NESSUS.
Ping & Ping Sweep:
root@kali:~# nmap -sn 192.168.169.128
root@kali:~# nmap -sn 192.168.169.128-20 To ScanRange of IP
root@kali:~# nmap -sn 192.168.169.* Wildcard
root@kali:~# nmap -sn 192.168.169.128/24 Entire Subnet
Whois data
To obtain Whois information and name server of a website
root@kali:~# whois testdomain.com
http://whois.domaintools.com/
https://whois.icann.org/en
Traceroute
Network Diagonastic tool that displays route path and transit delay in packets
root@kali:~# traceroute google.com
Online Tools
http://www.monitis.com/traceroute/
http://ping.eu/traceroute/
2. Port Scanning
Conduct port scanning with tools such as Nmap, Hping3, Netscan, Network monitor. These tools help us to test a server or host for open ports on the target network.
The open ports are the gateway for attackers to enter and install malicious backdoor applications.
root@kali:~# nmap –open cybersguards.com To find all open ports
root@kali:~# nmap -p 80 192.168.123.126 Specific Port
root@kali:~# nmap -p 80 192.168.123.126 Range of ports
root@kali:~# nmap -p “*”192.168.123.126 To scan all ports
Online Tools
http://www.yougetsignal.com/
https://pentest-tools.com/information-gathering/find-subdomains-of-domain
3. Banner Grabbing/OS Fingerprinting
Banner Grabbing / OS fingerprinting like Telnet, IDServe, NMAP determines the target host and operating system.
Once you know the target version and operating system, we need to identify and exploit the vulnerabilities. Try to get system control.
root@kali:~# nmap -A 192.168.123.126
root@kali:~# nmap -v -A 192.168.123.126 with high verbosity level
Online Tools
https://www.netcraft.com/
https://w3dt.net/tools/httprecon
https://www.shodan.io/
4. Vulnerabilities scanning
Scan the network using GIFLanguard, Nessus, Ratina CS, SAINT vulnerabilities.
These tools help us to identify vulnerabilities in the target system and operating systems. You can find loopholes in the target network system with these steps.
GFILanguard
It acts as a security consultant and offers patch management, vulnerability evaluation and network auditing services.
Nessus
Nessus is a vulnerability scanner tool that looks for a bug in the software and finds a specific way to violate software security.
- Data collection
- Identification of the host
- Port scan
- Selection of the plug- in
- Data reporting
5. Draw Network Diagrams
Draw an organization network diagram that helps you understand the logical network connection path to the network host. LANmanager, LANstate, Friendly pinger, network view can draw the network diagram.
6. Prepare Proxies
Prepare acts as a link between two networking devices. A proxy can protect the LAN from external access.
We can anonymize web browsing with proxy servers and filter unwanted content like ads and many others.
To hide you from being caught, proxies like Proxifier, SSL Proxy, Proxy Finder etc.
7. Document all results
The last and most important step is to document all Penetration test findings.
This document helps you to identify potential vulnerabilities within your network. Once the vulnerabilities have been determined you can plan counteractions accordingly.
You can download rules and scope of worksheet here– rules and scope sheet. Penetration testing therefore helps to evaluate your network before it gets into real difficulties that can lead to serious losses in value and finance.
Important Tools used for Network Pen-testing
Frameworks
Kali Linux, Backtrack5 R3, Security Onion
Reconnaisance
Smartwhois, MxToolbox, CentralOps, dnsstuff, nslookup, DIG, netcraft
Discovery
Angry IP scanner, Colasoft ping tool, nmap, Maltego, NetResident,LanSurveyor, OpManager
Port Scanning
Nmap, Megaping, Hping3, Netscan tools pro, Advanced port scannerService Fingerprinting Xprobe, nmap, zenmap
Enumeration
Superscan, Netbios enumerator, Snmpcheck, onesixtyone, Jxplorer, Hyena,DumpSec, WinFingerprint, Ps Tools, NsAuditor, Enum4Linux, nslookup, Netscan
Scanning
Nessus, GFI Languard, Retina,SAINT, Nexpose
Password Cracking
Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow Crack
Sniffing
Wireshark, Ettercap, Capsa Network Analyzer
MiTM Attacks
Cain & Abel, Ettercap
Exploitation
Metasploit, Core Impact
These are the most important checklist you should focus on network testing.
Conclusion
Network penetration testing is an essential component of a company’s security strategy. In this article, you learned how to conduct a successful penetration test and report the results to your client.
Network penetration tests are important for improving a company’s cyber security posture, and it’s your job to find their flaws before the real attackers do.
Are you ready to collaborate? Request a no-obligation consultation to discuss your penetration testing requirements.
Leave a Reply