We gathered our data, reviewed the information, and chose a few possible targets for the next stage in our penetration test. Now, it is time to go the extra mile and prove that the vulnerabilities found have a potential to impact the bottom line. After all, this is what your clients need to know and understand about their environment.
In this chapter, we will quickly review the basics of exploitation and then move on to the more interesting techniques and methods that will let us understand the true security posture of the network environment we are testing.
Items of interest discussed in this chapter include the following:
- Adding a vulnerable machine to our sandboxed virtual network enables you to follow along with the examples presented in the book
- Compiling and/or rewriting proof-of-concept exploit code found on the Internet
- Manually exploiting a remote vulnerability using publically available exploit code
- Transferring files to and from the victim machine
- Password cracking with John the Ripper
- Metasploit – learn it and love it
There is a good possibility that your potential clients will not understand the benefits of performing a full penetration test. Simply enumerating the known vulnerabilities in a network environment is not sufficient to truly understand the effectiveness of the corporation's combined security controls; be prepared.
Here is a quick listing of common benefits that full exploitation provides:
- Takes the guess work and doubt out of the equation: By providing proof that critical infrastructure devices were compromised, and thus confidential data could have been leaked, altered, or made unavailable, the problem becomes "real" and the management team will have the necessary details needed to take steps towards remediation.
- Validates that mitigating controls actually...mitigate: Rather than blindly accepting that a theoretical mitigating control actually works a full exploitation penetration test enables management to prove the security measures are working as intended.
- Finds easily overlooked holes in the security architecture: Administrators of secured environments may falsely assume that the confidentiality, integrity, and availability of their confidential data is being protected by various layers of security they have in place. Unfortunately, all of these security measures have the inherent risk of making things more complicated, and thus introducing new possibilities for attackers to take advantage of vulnerabilities. Full exploitation penetration testing validates that there are no unknown security flaws that have been introduced into the network.
There are many other reasons why a quick health check of the network via a full penetration test can be useful to a business (besides the fact that a checkbox can be checked). When meeting with business owners or managers, try to understand what is important to their bottom line and try to determine how your skills and services fit in.