Ethical Hacking

10. Performing a Penetration Test

Penetration Testing

The Hack is On - Unit Assessment

This is where 'rubber meets the road' or in our case fingers hit the keyboard. The preceding exercise concerned the preparation of a plan and it's time to put that plan into practice.

Your teacher will provide a suitable wireless dongle. You have to break in to the target. Get to the Documents folder and 'capture the flag' all without being detected. The 'flag' may or may not be hidden, though when you see it, it will be obvious.

As this is an ethical hack, remember to record each step as the plan progresses and the result of each stage so that others can:-

  • Replicate each step to confirm the results to make sure that it is a genuine lapse in security.
  • Demonstrate that the loophole has been secured after changes.

All stages of Pen-testing explained

Tasks

Download the report proforma for recording the results of each stage of the attack plan. Remember that:-

  • The section on Stage of Attack refers to the overall intention of the stage e.g.: Discover available Wifi networks, Obtain access credentials to the target machine.
  • State the aim of the phase e.g.:
    • Discover IP addresses.
    • Obtain access to the router
    • Capture log in credentials
    • Deliver a payload/exploit
    • etc
  • List the tools used for the stage e.g.. Aircrack-ng, Cain & Able, Zenmap, Metasploit, Armitage, Burp etc
  • List any additional resources used. For example if a scan is conducted, give the name of the scan method used (quick, ping, intense etc). If payloads or exploits are used, provide their names. If Brute force or Dictionary attacks are used, provide the names of the dictionaries and word-lists.
  • Record the results of the action. For example
    • Record the IP addresses discovered together with the operating systems if available.
    • Record any log in credentials discovered (user-names and passwords)
    • Success or Fail result with any exploit attempt.
    • etc

Don't forget, the aim is to provide a complete trail, allowing someone else to follow the plan and be able to achieve the same results.

Implementing Ethical Hack Proforma

To start this assessment, complete the section on Reconnaissance only. At least two tools and methods should be used to:-

  1. Perform a reconnaissance to 'footprint' the target network.
  2. Perform a scan on the target.
  3. Identify vulnerabilities in ports, services, operating systems on the target.

The other sections will be completed on the subsequent exercises.

You should be able to:-
  • Successfully implement an ethical pen-test plan.
  • Record the results at each stage of the attack.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee