0x01???? Information gathering
- Human Resource Intelligence
- such as Enterprise General employee information, administrator information, mailbox, name, common user name and password, etc.
- Enterprise Location information Collection
- Real IP can be determined by location and can be used for WiFi penetration
- IP and domain name information collection
- Determine penetration test Range
- Third party Resource Collection
- Cloud service, ISP, web hosting information
- Server Open port Information
- Port-provided services, and version information
- Server/Employee PC operating System Information
- Web Service information provided by the server
- CMS and version information used by Web services
- Development language, language version
- Site path Information
- Is there any information leaking?
- Identification of defense mechanisms
- Penetration test target has exposed the vulnerability information
- Github,google code and other open source platform information collection
- Determination of enterprise Network boundary
0x02???? Vulnerability discovery and exploit
- Automated vulnerability Discovery/Manual Vulnerability Discovery
- Web application vulnerability Discovery and utilization
- SQL injection
- XSS Cross-site scripting
- File Upload
- Weak password
- ... Wait a minute
- Some port software vulnerability discovery and utilization
- Database can be accessed remotely or with weak passwords
- Remote management function Weak password, such as Ssh,pcanywhere, etc.
- Remote overflow such as RPC
- ... Wait a minute
- Whether the network boundary can break through
- Wifi
- Vpn
- ... Wait a minute
0x03???? Privilege elevation Phase
- Local/Remote power-up due to system vulnerability
- Rights of third party software
- Right to raise rights due to improper disposition
0x04???? Permission to maintain
- Agent
- Port forwarding
- Tunnel
- Backdoor/trojan/hidden account
0x05???? Intranet Infiltration
- Intranet Range
- Determination of intranet topology
- Weak password problem in intranet
0x06???? Infiltration Trace Cleanup
- Web App log cleanup
- Cleanup of system logs
- Log cleanup for some services
0x07???? Summary
Information gathering is an extremely important stage in penetration testing, and every stage of penetration testing is accompanied by information gathering, which should pay special attention to the record of sensitive information.
Penetration testing is not performed in the order of the first and the last, but in an iterative process.
Overview of the Penetration testing process