When conducting a penetration test, most testers will develop some type of process, and repeat that same process on every engagement. As I think through the basics of penetration testing, I believe that process can be broken up into six steps. They are:
- Information Gathering
- Attack and Penetration
- Local Information Gathering
- Escalate Privileges
- Clean Up
- Generate reports
Now, I’m not saying every tester follows every step or performs these steps in this exact order, however, this is a pretty good process to follow. Let’s take a closer look at each step.
This is the step where most testers will spend a majority of their time. Any good pen-test involves some type of recon. The goal is to find out as much information as possible about your target. This could include gathering information about end-users or even gathering information about the network itself. The more information we have about the target, the more precise we can be when launching attacks.
Attack and Penetration
Now, this is where the fun begins! After we’ve found out all we can about the target, we can begin attacking the target. With tools like Core Impact, you can launch specific, targeted attacks, or even launch attacks you think that will be the most likely to succeed.
Local Information Gathering
After successfully compromising a target, you should have more permissions than at the start. This allows us to find additional information such as usernames and passwords, or perhaps a list of services or applications running on the target. Once we have this information, we can proceed to the next step.
It’s possible when we compromised the target, we only gained user access. Now that we have some additional info from the Local Information gathering step, we can use that information to elevate our privileges to that of an administrator or a privileged user. If we’re able to gain additional access, we could then go back and perform information gathering again. With more privileges, we can probably get more data.
Once we’ve gathered all the data we can, the next step is to clean up. Core Impact makes this very simple by clicking on the cleanup step. Core Impact will then go out and remove any agents that were deployed while the workspace was up and running.
Finally, the part that no one likes. But you can relax, we make it super simple. Here we will click on step number six, select the template we want to use, and click finish! And voila. Your report is created. You can now take this information and pass it on to the appropriate parties.