The Basics of Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Made Easy
By Patrick Engebretson SYNGRESS
Copyright © 2011 Elsevier Inc.
All right reserved. ISBN: 978-1-59749-656-8
Chapter One
What Is penetration Testing?
Information in This Chapter:
* Introduction to Backtrack Linux: Tools. Lots of Tools
* Working with Backtrack: Starting the Engine
* The Use and Creation of a Hacking Lab
* Phases of a Penetration Test
INTRODUCTION
Penetration testing can be defined as a legal and authorized attempt to locate and successfully exploit computer systems for the purpose of making those systems more secure. The process includes probing for vulnerabilities as well as providing proof of concept (POC) attacks to demonstrate the vulnerabilities are real. Proper penetration testing always ends with specific recommendations for addressing and fixing the issues that were discovered during the test. On the whole, this process is used to help secure computers and networks against future attacks.
Penetration testing is also known as
* Pen testing
* Pt
* Hacking
* ethical Hacking
* white Hat Hacking
It is important to spend a few moments discussing the difference between penetration testing and vulnerability assessment. Many people (and vendors) in the security community incorrectly use these terms interchangeably. A vulnerability assessment is the process of reviewing services and systems for potential security issues, whereas a penetration test actually performs exploitation and POC attacks to prove that a security issue exists. Penetration tests go a step beyond vulnerability assessments by simulating hacker activity and delivering live payloads. In this book, we will cover the process of vulnerability assessment as one of the steps utilized to complete a penetration test.
Setting the Stage
Understanding all the various players and positions in the world of hacking and penetration testing is central to comprehending the big picture. Let us start by painting the picture with broad brush strokes. Please understand that the following is a gross oversimplification; however, it should help you see the differences between the various groups of people involved.
It may help to consider the Star Wars universe where there are two sides of the "force": Jedis and Siths. Good vs. Evil. Both sides have access to an incredible power. One side uses its power to protect and serve, whereas the other side uses it for personal gain and exploitation.
Learning to hack is much like learning to use the force (or so I imagine!). The more you learn, the more power you have. Eventually, you will have to decide whether you will use your power for good or bad. There is a classic poster from the Star Wars episode I movie that depicts Anakin as a young boy. If you look closely at Anakin's shadow in the poster, you will see it is the outline of Darth Vader. Try searching the internet for "Anakin darth Vader shadow" to see it. Understanding why this poster has appeal is critical. As a boy, Anakin had no aspirations of becoming Darth Vader, but it happened nonetheless.
It is probably safe to assume that very few people get into hacking to become a super villain. The problem is that journey to the darkside is a slippery slope. However, if you want to be great, have the respect of your peers, and be gainfully employed in the security workforce, you need to commit yourself to using your powers to protect and serve. Having a felony on your record is a one-way ticket to another profession. It is true that there is currently a shortage of qualified security experts, but even so, not many employers today are willing to take a chance, especially if those crimes involve computers.
In the pen testing world, it is not uncommon to hear the terms "white hat" and "black hat" to describe the Jedis and Siths. Throughout this book, the terms "white hat," "ethical hacker," or "penetration tester" will be used interchangeably to describe the Jedis. The Siths will be referred to as "black hats," "crackers," or "malicious attackers."
It is important to note that ethical hackers complete many of the same activities with many of the same tools as malicious attackers. In nearly every situation, an ethical hacker should strive to act and think like a real black hat hacker. The closer the penetration test simulates a real-world attack, the more value it provides to the customer paying for the PT.
Please note how the previous paragraph says "in nearly every situation." even though white hats complete many of the same tasks with many of the same tools, there is a world of difference between the two sides. At its core, these differences can be boiled down to three key points: authorization, motivation, and intent. It should be stressed that these points are not all inclusive, but they can be useful in determining if an activity is ethical or not.
The first and simplest way to differentiate between white hats and black hats is authorization. Authorization is the process of obtaining approval before conducting any tests or attacks. Once authorization is obtained, both the penetration tester and the company being audited need to agree upon the scope of the test. The scope includes specific information about the resources and systems to be included in the test. The scope explicitly defines the authorized targets for the penetration tester. It is important that both sides fully understand the authorization and scope of the PT. white hats must always respect the authorization and remain within the scope of the test. Black hats will have no such constraints on the target list.
The second way to differentiate between an ethical hacker and a malicious hacker is through examination of the attacker's motivation. If the attacker is motivated or driven by personal gain, including profit through extortion or other devious methods of collecting money from the victim, revenge, fame, or the like, he or she should be considered a black hat. However, if the attacker is preauthorized and his or her motivation is to help the organization and improve their security, he or she can be considered a white hat.
Finally, if the intent is to provide the organization a realistic attack simulation so that the company can improve its security through early discovery and mitigation of vulnerabilities, the attacker should be considered a white hat. it is also important to comprehend the critical nature of keeping PT findings confidential. Ethical hackers will never share sensitive information discovered during the process of a penetration testing with anyone other than the client. However, if the intent is to leverage information for personal profit or gain, the attacker should be considered a black hat.
INTRODUCTION TO BACKTRACK LINUX: TOOLS. LOTS Of TOOLS
A few years back, the open discussion or teaching of hacking techniques was considered a bit taboo. Fortunately, times have changed and people are beginning to understand the value of offensive security. Offensive security is now being embraced by organizations regardless of size or industries. Governments are also getting serious about offensive security. Many governments have gone on record stating they are actively building and developing offensive security capabilities.
Ultimately, penetration testing should play an important role in the overall security of your organization. Just as policies, risk assessments, business continuity planning, and disaster recovery have become integral components in keeping your organization safe and secure, penetration testing needs to be included in your overall security plan as well. Penetration testing allows you to view your organization through the eyes of the enemy. This process can lead to many surprising discoveries and give you the time needed to patch your systems before a real attacker can strike.
One of the great things about learning how to hack today is the plethora and availability of good tools to perform your craft. Not only are the tools readily available, but many of them are stable with several years of development behind them. Maybe even more important to many of you is the fact that most of these tools are available free of charge. For the purpose of this book, every tool covered will be free.
It is one thing to know a tool is free, it is another to find, compile, and install each of the tools required to complete even a basic penetration test. Although this process is quite simple on today's modern Linux OS's, it can still be a bit daunting for newcomers. Most people who start are usually more interested in learning how to use the tools than they are in searching the vast corners of the internet locating and installing tools.
To be fair, you really should learn how to manually compile and install software on a Linux machine; or at the very least, you should become familiar with apt-get (or the like).
A basic understanding of Linux will be beneficial and will pay you mountains of dividends in the long run. For the purpose of this book, there will be no assumption that you have prior Linux experience, but do yourself a favor and commit yourself to becoming a Linux guru someday. Take a class, read a book, or just explore on your own. Trust me, you will thank me later. If you are interested in penetration testing or hacking, there is no way of getting around the need to know Linux.
Fortunately, the security community is a very active and very giving group. there are several organizations that have worked tirelessly to create various security-specific Linux distributions. A distribution, or "distro" for short, is basically a flavor, type, or brand of Linux.
Among the most well known of these penetration testing distributions is one called "Backtrack." Backtrack Linux is your one-stop shop for learning hacking and performing penetration testing. Backtrack Linux reminds me of that scene in the first Matrix movie where Tank asks Neo "What do you need besides a miracle?" Neo responds with "guns. Lots of guns." At this point in the movie, rows and rows of guns slide into view. Every gun imaginable is available for neo and trinity: handguns, rifles, shotguns, semiautomatic, automatic, big and small from pistols to explosives, an endless supply of different weapons from which to choose. That is a similar experience most newcomers have when they first boot up Backtrack. "tools. Lots of tools."
Backtrack Linux is a hacker's dream come true. The entire distribution is built from the ground up for penetration testers. The distribution comes preloaded with hundreds of security tools that are installed, configured, and ready to be used. Best of all, Backtrack is free! You can get your copy at http://www. Backtrack-Linux.org/downloads/.
Navigating to the Backtrack link will allow you to choose from either an .iso or a VMware image. If you choose to download the .iso, you will need to burn the .iso to a DVD. If you are unsure of how to complete this process, please google "burning an iso." once you have completed the burning process, you will have a bootable DVD. In most cases, starting Backtrack from a bootable DVD is as simple as putting the DVD into the drive and restarting the machine. In some instances, you may have to change the boot order in the BIOS so that the optical drive has the highest boot priority.
If you choose to download the VMware image, you will also need software capable of opening and deploying or running the image. Luckily enough, there are several good tools for accomplishing this task. Depending on your preference, you can use VMware's VMware Player, Sun Microsystem's VirtualBox, or microsoft's Virtual Pc. In reality, if you do not like any of those options, there are many other software options capable of running a VM image. You simply need to choose one that you are comfortable with.
Each of the three virtualization options listed above are available free of charge and will provide you with the ability to run VM images. You will need to decide which version is best for you. This book will rely heavily on the use of a Backtrack VMware image and VMware Player. At the time of writing, Vmware Player was available at: http://www.vmware.com/products/player/. You will need to register for an account to download the software, but the registration process is simple and free.
If you are unsure of which option to choose, it is suggested that you go the VMware route. Not only is this another good technology to learn, but using VMs will allow you to set up an entire penetration testing lab on a single machine. If that machine is a laptop, you essentially have a "traveling" PT lab so you can practice your skills anytime, anywhere.
(Continues...)
Excerpted from The Basics of Hacking and Penetration Testing by Patrick Engebretson Copyright © 2011 by Elsevier Inc.. Excerpted by permission of SYNGRESS. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Loading...