SHREE LEARNING ACADEMY

Introduction to Penetration Testing

Imagine your computer system is like your home, and you want to make sure no one can break in. Penetration Testing is like inviting a friend over to try and find all the ways someone could sneak in, so you can fix them before a real burglar comes along. The goal is to discover weaknesses by simulating what an actual hacker would do.

Active Reconnaissance: The Direct Approach

Let's say you're trying to find out how strong a fortress is. One way is to walk right up to it and take a good look, maybe even poke it with a stick. This is similar to Active Reconnaissance, where you engage directly with the computer system you're testing.

**Example**: You try out different passwords to see if any of them allow you access to an account on the system.

Port Scanning: Checking All the Doors and Windows

When you’re trying to find a way into a fortress, you'd check all the doors and windows to see which are open or weak, right? This is similar to Port Scanning in a computer system. Ports are like doors into the system, and by scanning them, you find out which are open and what they lead to.

**Example**: A penetration tester might use a tool like Nmap to see which ports are open on a network, and whether any of those might allow unauthorized access.

Passive Reconnaissance: The Stakeout

This is like sitting in your car outside the fortress and watching with binoculars. You aren't directly interacting with it; you're gathering information from a distance. Maybe you see a guard change shifts, or you notice that one door is used more often than others.

**Example**: You might look at the company's LinkedIn page to see if they've hired new IT staff recently, which could mean they're upping their security measures.

Pivot: The Bigger Picture

Suppose you find one small hole in the wall of the fortress. You crawl through it and discover that this small hole leads to a much bigger area with more opportunities for further intrusion. In cybersecurity terms, this is called a "Pivot." Once a single vulnerability is found, it's used as a jumping-off point to find more.

**Example**: After gaining access to a minor sub-system, a tester might use it as a launch pad to get into more secure areas of the network.

Initial Exploitation: The First Break-In

This is when you've found a weak spot in the fortress and successfully exploit it for the first time. You're in! Now you can look around and figure out what to do next.

**Example**: A tester might discover that a particular employee has used a weak password, allowing the tester to gain access to the internal network.

Persistence: The Hidden Room

Once you're inside the fortress, you set up a hidden room where you can hang out without being noticed. In computer terms, this is known as "Persistence"—you've found a way to stay inside the system without being detected.

**Example**: A penetration tester may install a piece of software that allows them to access the system later, demonstrating the need for improved detection measures.

Privilege Escalation: Finding the Master Key

After breaking in, you find a master key that gives you access to the entire fortress. In computer terms, Privilege Escalation means gaining more significant control over the system or network.

**Example**: A tester might start with limited access but discover a way to gain administrator privileges, which would allow them to access almost anything in the system.

Types of Penetration Testing

Black Box Testing: Going in Blind

This is like trying to break into the fortress while wearing a blindfold. You have no information about the fortress (or computer system). You're figuring it out as you go along.

White Box Testing: Full Disclosure

In this case, you've got the complete blueprints of the fortress, knowing every detail. With full knowledge of the system, the tester can perform a much more thorough investigation.

Gray Box Testing: Some Clues

Here, you have some information about the fortress, but not everything. It's a mix of both Black and White Box Testing. Maybe you know where the front door and the treasury are but not much else.

**Example for All Testing Types**: Black Box testers might have to guess what kind of software is being used, while White Box testers would already know this. Gray Box testers might know some of the software but not have details about how it's configured.

Conclusion