The lab has been set up, connections verified; it is time to put the information gained throughout the book to work. Challenge yourself to perform a full penetration test from start to finish on this environment. The penetration test will consist of an external test: a connection into the perimeter switch of the site, in this case VMnet2. Following this, we want to conduct an internal penetration test; this will require the connection of the attacking machines into each one of the segments of the site. The intent of the internal test is to check and verify the potential attack vectors that exist from within the different segments; furthermore, this will provide the site with valuable information on the potential risk if malware infected one of the segments. Additionally, our testing includes the following items:
- Determine the scope (the administrator only allows you to have 4 hours on his VPN).
- Understand the reason why the client wants a penetration test. This is critical to being able to truly meet the user's needs. For some professions, this is easy; but for penetration testers, this is not always the case. Determine if your customer wants a penetration test or something more closely aligned with a general vulnerability analysis.
- Rules of Engagement documentation:
- Use the provided information to create a practical Rules of Engagement document.
- Determine and document the scope within the Rules of Engagement.
- Solidify any assumptions about the test within the Rules of Engagement.
- A clearly defined goal. What do you need to do to prove success? The days of simply showing a screenshot with
whoami = rootis not going to be sufficient for most audiences.
- Decide if you will be using Dradis, Magic Tree, or another data management tool to manage your results.
- Lay out your initial test plans. It is important to know your initial steps in advance when testing.
- Perform your reconnaissance.
- Start the enumeration and decide on a plan of attack. Change your test plan accordingly. Depending on the scope, you may be able to throw a vulnerability scan or an application scan against the resources. This will be loud and, when a firewall is between you and the target, not very effective in most cases.
- During enumeration, you should gather information about possible firewalls, IDS, or load balancing.
- Execute your attack plan. Due to the nature of penetration testing, this will vary from test to test and will sometimes even need to be changed on-the-fly. If something does not work as expected, be ready with a backup plan.
- When successfully gaining access to systems, perform post-exploitation. If required, set up a pivot point to dig deeper into the network architecture.
- Achieve the goal of the penetration test.
- Clean up.
- Generate your reports.
- Set up meetings to review the results with your customers.
Although the "exploitation" phase of penetration testing is the best, the other steps are just as important to a successful penetration test; furthermore, the ability to reflect the findings in a report for the client is the key element in giving the client the value they are expecting with the test. Be sure to practice and prepare for each step in the process. Understanding the tools and techniques in a penetration test is very important, but these will change constantly—the process itself remains fairly stable and thus any effort to automate or improve these steps will be most beneficial in the long run.
Best of luck to you! Be sure to carefully document your steps and any suggested changes that should be made to make the network more secure.