Penetration Testing penetration Test

Source: Internet
Author: User
Tags md5
Penetration testing penetration testAuthor:zwell
Last updated:2007.12.16

0. Preface
First, Introduction
II. development of implementation programmes
Third, the specific operation process
Iv. generation of reports
V. Risks and avoidance in the testing process
Resources
FAQ Set



0. Preface
Penetration testing is illegal under certain regional laws before it is authorized by the Test party. All of the penetration testing methods we provide here are (assuming) a legitimate assessment service, which is commonly referred to as Ethical hacking (ethical hacking), so all our readers here should be ethical Hackers, if you are not, Then I hope you'll be one of them after you've been here.
Here, I would like to say something to you: penetration testing is a matter of practice, you need a never-say-die heart and a brain with active thinking. Not that you copy this document to your Web site or save it to your local computer, you will, even if you print it out with some chili sauce to eat, you must follow the document step-by-step practice. And the test is the brain, do not take one or two of the tools mentioned in this article a mess, I am sure: the security of the Internet is not because of this and more secure. Good luck to you ...

First, Introduction
What is called penetration test.
The simplest and most straightforward explanation for penetration testing is that the security testing process for the target system is completely in the attacker's perspective.
The purpose of the penetration test.
Understand the security of the current system, and understand the avenues that attackers might exploit. It enables managers to have a very intuitive understanding of the problems facing the current system. Why is it called intuitive? As Mitnick in the book, Security Management (where we change and change to security assessment) needs to be comprehensive and successful, and a hacker (penetration test) can be a success if it is compromised by a bit of access to the system.
Whether penetration testing is equivalent to risk assessment.
No, you can temporarily understand that penetration testing is part of the risk assessment. In fact, the risk assessment is far more complex than the penetration test, in addition to the penetration test plus asset identification, risk analysis, in addition to the manual review and the latter part of the optimization (optional).
A security review has been conducted and a penetration test is required.
If I say to you: Hey, China's existing space theory technology has been able to prove that China is fully capable of achieving astronaut space walk by computer calculus, no need to launch God 8 again. Can you accept it.
Whether the penetration test is a black-box test.
No, many technicians have this wrong understanding of this problem. Penetration testing is not just about simulating the intrusion of external hackers, but it is also necessary to prevent intentional (unconscious) attacks by internal personnel. At this point, the security tester can be accused of including some information about the system in the code snippet. At this point, it meets the gray box and even white box test.
What is involved in penetration testing?
The technical aspect mainly includes the network equipment, the host, the database, the application system. In addition can be considered to join the social engineering (the art of the invasion/the arts of intrusion).
What are the drawbacks of penetration testing?
The main is high investment, high risk. and must be a professional ethical hackers to believe the output of the final results.
You say so well, why penetration testing work in China is not very hot.
I can only say: will, will certainly. The key to penetration testing is the inability to prove that your test results are perfect. Users do not know how to spend money to prove that the system has problems after their own security level to a what program. But obviously, the user is believed to be a professional and experienced security team, this in China problem is more serious. As I approached some of the penetration tests carried out by some large security companies, the tester's level was the price I was sorry to open, and it was not responsible for the test process and the results report. I estimate that in three years, this situation will be improved, on the one hand, the technical strength of security personnel will be greatly improved, on the other hand, the company has a more in-depth understanding of penetration testing, but also as an IT audit as a way to join the development process. The specialization and commercialization of penetration testing will become more and more mature.
II. development of implementation programmes
The implementation plan shall be communicated and negotiated between the testing party and the customer. At the beginning, the test party provides a simple questionnaire to understand the customer's basic acceptance of the test. Content includes but is not limited to the following:

Objective System Introduction, key protection objects and characteristics.
Whether to allow data destruction.
Whether the business is allowed to block the normal operation.
Whether the relevant department interface person should be informed before testing.
Access mode. External network and Intranet.
The test is to find out if the problem is successful, or to find as many problems as possible.
Whether the infiltration process needs to consider social engineering.
。。。
After receiving feedback from the customer, the test party writes the first draft of the implementation plan and submits it to the customer for review by the customer. Upon completion of the review, the customer shall authorize the Test party in writing. Here, the two parts of the document should contain the following:

Part of the implementation programme:
...
Written delegation of authority part:
...
Third, the specific operation process
1. Information collection Process

Network Information collection:
In this one will not directly scan the target, you should first search for some relevant information from the network, including Google Hacking, whois query, DNS and other information (if you are considering social engineering, here can also be appropriate from the mailing list/ The newsgroup gets some edge information in the target system, such as the internal employee account number, the identification method, the mailing address and so on.

1. DNS server using WHOIS to query the target domain name
2.nslookup
>set Type=all
><domain>
>server <ns server>
>set Q=all
>ls-d <domain>

The tools involved include: google,demon,webhosting.info,apollo,athena,ghdb.xml,netcraft,seologs In addition, I would like to specifically remind you to use googlebot/2.1 to circumvent the access restrictions for some files.

Some of the syntax descriptions commonly used in Google hacking
1. Search for the specified site keyword. You can search for specific sites such as site:http://127.0.0.1/;index.jsp
Http://www.example.com:8080/examples/servlets/servlet/CookieExample?cook ...
http://victim/C:%5C/
Http://victim/resin-doc/viewfile/?contextpath=/otherwebapp&servletpath=&file=WEB-INF/web.xml
Http://victim/[path]/[device]. [Extension]
Http://victim/%20
www.nosec.org FTP


At present, there is a kind of resources in the network is widely used, that is rainbow table technology, plainly is a hash corresponding table, there are some Web sites to provide this kind of service, the external claims that storage space is greater than how much G, like Rainbowcrack is more foreign claims its data volume has been greater than 1.3T.
To provide online services for this type of external service are:

Web Site Description
Rainbowcrack contains a variety of cryptographic algorithms hash.
http://www.milw0rm.com/cracker/info.php
http://bokehman.com/cracker/
http://md5.neeao.com/domestic personnel to provide online MD5 inspection platform, is said to have integrated some of the other Web site hash results.
http://www.routerpasswords.com/and Http://www.phenoelit.de/dpl/dpl.html
Http://www.eccouncil.org/Course-Outline/Ethical%20Hacking%20and%20Countermeasures%20Course.htm
Http://www.red-database-security.com
Http://www.microsoft.com/technet/itshowcase/content/attackandpenetest.mspx

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.