Kali Linux penetration Test five steps

Source: Internet
Author: User
Tags kali linux

Kali Linux is designed to penetrate the test. Regardless of whether the penetration tester starts with white-box testing, black-box testing, or grey-box testing, there are a number of steps to follow when conducting penetration testing with Kali or other tools.

First step: reconnaissance phase

Before launching an attack, the penetration tester should be aware of the characteristics of the target environment and the system as much as possible. The more target information a penetration tester finds, the better the opportunity to identify the easiest and quickest way to succeed. Black-Box testing requires more reconnaissance than white-box testing because the testers do not get too much data. Reconnaissance services may include the Internet footprint of the survey target, monitoring resources, monitoring personnel, processes, etc., scanning network information (such as IP address and system type), social engineering public services (such as help desk etc.).

Reconnaissance is a first step in penetration testing, regardless of whether the penetration tester is known to identify the target system or to find known information. When scouting, the target environment must be defined according to the field of work. Once the goal is determined, an investigation is carried out to gather information about the target, such as which ports are used for communication, where the target is hosted, what services it provides to the customer, and so on. This data can make a plan to see what the best way to achieve the desired results. The results of the reconnaissance process include a list of all target assets, what applications are associated with the asset, services used, and possible asset owners.

Kali Linux provides a category labeled "Information gathering (information collection)", which is a reconnaissance resource. Tools include a number of tools for investigating networks, data centers, wireless networks, and host systems.

The following is a list of reconnaissance targets:

Confirm Target

Defining the use of applications and business

Confirm System Type

Confirm Available Ports

Confirm that the service is running

Passive social engineering information

Document Discovery

Step Two: Target evaluation

Once the target has been identified and investigated by reconnaissance, the next step is to assess the target's vulnerability. At this point, penetration testers should be able to understand the goals sufficiently so that they can choose how to analyze potential vulnerabilities or weaknesses. It is so-called that there is no say without investigation. The scope of the test vulnerability might include how the Web application works, what services are available, what communication ports are available, and so on. Vulnerability assessment and security audits often come to a conclusion after this phase of the target evaluation process.

Obtaining information through reconnaissance can improve the accuracy of identifying potential vulnerabilities, shorten the time to assess target services, and help avoid existing security. For example, running a common vulnerability scanner against a Web application server might warn asset owners, generating only general details about systems and applications. Depending on the data obtained during the reconnaissance phase, the specific vulnerability of the scan server may be more difficult for the asset owner to provide an easy-to-exploit vulnerability and take some time to execute.

The vulnerability of the target can be evaluated either manually or through a tool's automatic approach. In Kali Linux, there is a set of tools called vulnerability Analysis (vulnerability analyst). The capabilities of these tools involve many aspects from evaluating network devices to databases.

The following list shows the objectives of the assessment:

Assess the weaknesses of the target system;

Identify the priority of the vulnerable system;

Mapping a vulnerable system to an asset owner;

Record the problems found.

Step three: Exploit vulnerabilities

This step exploits the vulnerabilities found to verify that the vulnerabilities are true and to verify what access or access might be available. Leverage vulnerabilities to split penetration testing services away from passive services such as vulnerability assessment and auditing. Exploit and all subsequent steps can obtain legitimate results without the authorization of the owner of the target system.

The success of this step is largely dependent on previous work. Most exploit programs are developed for specific vulnerabilities, and can cause unpredictable results if executed incorrectly. The best approach is to identify several vulnerabilities and then develop an attack strategy for the most vulnerable exploits.

The process of exploiting the vulnerability of the target system may be manual or automated, based on the ultimate goal. In some cases, SQL injection is run to gain administrator access to the Web application, or social engineering means that the service desk staff can provide the administrator's login credentials. Kali Linux provides a class of vulnerabilities called the "exploitation tools" tool to exploit the target, ranging from exploiting the vulnerabilities of a particular service to social engineering packages.

The following list shows some of the exploits that are targeted:

Exploit vulnerabilities;

access rights;

capturing unauthorized data;

actively implement social engineering;

Attacking other systems or applications;

Records the results of the discovery.

Fourth step: Elevation of privilege

Access targets do not guarantee that infiltration tasks can be completed. In many cases, exploiting a vulnerable system may require access to restricted data and resources. Attackers must elevate their privileges to gain access to critical data (sensitive data, critical infrastructure).

Elevation of privilege may include confirming and cracking passwords, user accounts, unauthorized it space, and so on. For example, an attacker could implement restricted user access, confirm a shadow file that contains administrator login credentials, obtain an administrator's password through password cracking, and access internal application systems through administrator access.

The Kali Linux password attack and exploit tool catalog provides a number of tools to help you gain elevation of privilege. Because most of these tools include methods for obtaining initial access and elevation of privilege, these tools are grouped according to the toolset.

The following list shows the elevation of privilege targets:

Gain higher privileges to access systems and networks;

Revealing other user account information;

Access other systems through elevated privileges;

Record the results that were found.

Fifth step: Maintain a foothold

The final step is to maintain access by establishing other login points to the target and, if possible, to cover penetration evidence. The infiltration process has the potential to trigger a defensive mechanism, which ultimately helps to ensure the security of the penetration testers when they access the network. The best approach is to establish other means of accessing the target as a guarantee after the primary path is closed. Optional access methods can be backdoors, new administrator accounts, encrypted channels, new network access channels, and so on.

Another important aspect of establishing a foothold in a target system is the removal of evidence of infiltration. This can make it more difficult to detect attacks, thus reducing the response to security defenses. Removal of evidence includes deleting user logs, masking existing access channels, and removing traces of corruption, such as error messages caused by infiltration processes.

Kali Linux includes a directory titled "Maintaining Access (maintaining access)", and its goal is to maintain a foothold on the target system. In order to establish various forms of backdoor in the target system, tools are needed.

The goal of establishing a foothold on the target system is listed below:

Establish multiple access points on the target network;

Clear evidence of authorized access;

To fix the system that the exploit affects;

If necessary, inject false data;

Hiding communication methods through encryption and other means;

Records the results of the discovery.

Ding Feng Xiao Hu
qq.2881064155
[Email protected]

Kali Linux penetration Test five steps

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.