Pentester methodology and Target approach.

 

One of the primary things comes up to all beginner level pentester is How to begin pentesting ? What would be the right methodology to follow? How to approach target? And so on .

So here we have tried to cover some of the general concept of pentesting methodology and implementation.

This entire concept is divided based on scope and objectives of requirements.

  • Planning

Planning gives you set of tasks to get initiated and perform under circumstances of targeted objectives. This further sub divided into phases they are as below.

# Information Gathering: Information gathering is the process where pentester collects data about the target .For example  WWW.EXAMPLE.COM here  one has to find IP address , URLs, companies social media accounts, technical information shared by company over public platforms, hosting details, offices around the world, employee details(From linkedIn) etc

Also it is recommended to understand the complete function of websites /application. This gives you little what understanding about how the instructions /commands has been processed by back end.

  • Engagement

This is where the real fun begins. A pentester start aligning scanning tools to reveal important details. During this process he/ she make use of the automated scanners ( viz Nessus, Accunetix etc).These scanners are well equipped with CVE’s  built in engines that scans potential threats application might have.

Till here it seems effortless coz automated scanners gives results in better and quickest way but the actual testing so called manual Testing is the uphill task. This is where your skills and patience is tested .The pentester has to perform wide range of testing listed below to reveal hidden vulnerabilities.

  • Port scanning: scanning all the ports on applications gives idea about port details like which port  is been used to render different services. There are many tools available for this like NMap, Netcat etc.
  • OSINT: Open Source Intelligence, is the excise of gathering published or already available information about the target. OSINT is crucial for pentester coz it gives immense idea about the target. This practise unearth information such as public facing assets, vital information outside company domain, third party services company uses etc. By gathering these information one might collate all discovered data together to understand the type of attack to launch. To achieve this in practice, wide range of open source tools are available with dynamic scopes and requirements. Some of the tools you can consider are Maltego, Shodan,SpiderFoot etc
  • Active Scan: This is intended to reveal some of the easy available vulnerabilities on applications. This type of scans are carried out by using automated scans they are Burp Suit, OpenVas, Accunetix etc.. With reverse input and forking some of Get and Post queries one might able to get low hanging fruits like XSS, Open Redirection, CSRF and information disclosure vulnerabilities etc.

 

  • Manual Scan : This is where your inner detective sense should get activated.

A genuine pentester will try to understand the  scope and functions of application to explore potential threats that could cause severely damages. Lets see below what would be the must do observations and tasks to successfully penetrate the system.

 

# First, Understand the offered features and use it multiple times to see how back end responds to your request.

# Analyse  input and outputs requests. The intension is to get unintended results from applications. Check how random input queries are being handled, see if any additional data resulted than the required one, insufficient results for particular inputs, combination of symbols special characters validation etc..

# Collate all these test results and execute them. Also you can maintain this test results to perform on some other application and observe the differences in behaviour.

 

So this is how fundamental methodology you can follow to successfully execute Pentesting.

In this we have covered planning, engagement with target , some of tools and execution methods . Moving forward we will update more about security practises, latest news more about cyber security. Please write below your comments and let us know what would you like to hear from us.

 

 

CyberYoddha

Pentester , Cyber World Enthusiast

Leave a Reply