All Right all right. now we all know “what is Penetration Testing?”, “Why it is needed?”. Now its time for ‘How it is done?’
There are four basic steps of Penetration Testing…….Well the fifth one is filing the report but you don’t need to know THAt!! SO, 5 steps of awesomeness. These steps area as follows:
- Information Gathering : The more you know about the target, the more easily its going to be for you to influence him. The easier to influence will in turn make you avail to more information, and more influence and more information and on and on and on until you know everything about that target……..OH LOOK!! YOU HAVE A LIFE PARTNER NOW!!
- Scanning : Information is gathered at first, now you gotta find out the information available for that moment. That is accomplished by scanning. it is used to know whether the host is up, which port is open and then finding vulnerability a structural weakness if you will. No system is invincible, there is a kryptonite for every superman. THAT’s what the purpose of scanning is, finding the superman system’s kruptonite.
- Sniffing : Its more like a blood hound activity, finding the weakness and sniff out whatever you can from the cracks or in the system’s case passwords, usernames, secrets normally anything not everyone would want you to see. in kali sniffing techniques include wireshark, ettercap etc. Then the companies will ask you to fix this, and yo ass get paid.
- Exploitation : Now the stage is a set, you know the info, the weaknesses, the passwords. Its now time to whoop them up for action. Expliotation deals with exploiting whatever the attacker has gathered in the last 3 steps and then explioting the system, or the organization. Its the final test that a Pen-Tester use to look down on companies and say”YOU ARE WEAK!!” and then the companies ask them for tips on how to fix it.
“Nothing in the world is impenetrable, Invincibility is an illusion used on the people so they can look the other way and get their ass handed to them”