Most actual hacks are carried out after after the information gathering phase. Because this means gathering information available in the public domain, it's step often missed out in pen-testing.
Pen-testing often begins with the process of scanning and enumeration to identify weaknesses. Scanning with tools identifies the services and open ports running on the target computer. Scanning builds up in stages, stopping when sufficient information is gathered. It begins with stealthy hard to detect scans and slowly steps up to noisy easily detectable scans involving pinging.
Enumeration involves arranging these weaknesses in order according to their chances of success. Knowing the possibility of success requires some knowledge of the possible exploits that could be used to take advantage of the identified vulnerability.
Matching weaknesses to likely exploits is a vital part of the planning process. The planning process also requires fall-back alternatives to try in case the initial attempt fails.
Some practical exercises in scanning and identifying weaknesses have already been completed. In earlier exercises NMAP, Zenmap, Uniscan and Sparta have been used for 'foot-printing networks'. Maltego, specially the full version of Maltego Pro is also very good at foot-printing networks.
More about Foot-printing ...
Foot-printing is all about discovering as much about the computing system used by the target. It includes:-
- The size of their related network of computers and related devices if possible (laptops, phones etc) also includes routers, WiFi access points and wireless devices like printers or network storage systems (NAS)
- The types of devices together with their manufacturers and the versions of their operating systems.
- Their IP addresses, services and ports.
- Internet, social media and web applications used by the target.
Essentially foot-printing is all about discovering and identifying possible entry points for hackers and for ethical hackers then testing them for possible vulnerabilities.
Even though many computers have built in wireless network cards (though the ones at school don't), these are often unsuitable for ethical hacking because:-
- Many wireless cards don't allow network monitoring or packet sniffing. - only certain chipsets have this function.
- Vitual Machines working as a 'guest' within VirtualBox and other VMWare can't access the host network card directly.
Watch the video below to see how to setup wireless networking with the wireless dongle provided. Even though the model is slightely different (Alfa AWUS036NHA) and it uses a different chipset (Atheros AR9271) the principles of setting it up are exactly the same.
In school, the browser will not connect to the outside world over the wireless network set up in the previous exercise. This is because:-
- The browser is configured to access the internet through a proxy server using the eth0 (ethernet card) interface.
- The test router is not connected to an external WAN network.
However, to attack other computers on the network via a browser attack or similar, the connection settings can be changed. Go to network settings, choose No Proxy. Make sure to change it back again to go use the internet from within the browser.
Important: You can't join Wireless networks, if the wirless dongle is in monitor mode.