WEB PENETRATION TESTING | steps

Posted on

Step by step how to hacking web
Step 1 – Reconnaissance
Reconnaissance is the first step of a Penetration Testing service. Reconnaissance services can include researching a target’s Internet footprint, monitoring resources, people, and processes, scanning for network information such as IP addresses and systems types, social engineering
public services such as help desk and other means.
The following is the list of Reconnaissance goals:
• Identify target(s)
• Define applications and business use
• Identify system types
• Identify available ports
• Identify running services
• Passively social engineer information
• Document findings
Step 2 – Target evaluation
At this point, the Penetration Tester should know enough about a target to select how to analyze for possible vulnerabilities or weakness.
The following is the list of Target Evaluation goals:
• Evaluation targets for weakness
• Identify and prioritize vulnerable systems
• Map vulnerable systems to asset owners
• Document findings
Step 3 – Exploitation
This step exploits vulnerabilities found to verify if the vulnerabilities are real and what
possible information or access can be obtained. The success of this step is heavily dependent on previous efforts. Most exploits are developed for specific vulnerabilities and can cause undesired consequences if executed incorrectly.
Some examples are running SQL Injections to gain admin access to a web application
or social engineering a Helpdesk person into providing admin login credentials.
The following is the list of Exploitation goals:
• Exploit vulnerabilities
• Obtain foothold
• Capture unauthorized data
• Aggressively social engineer
• Attack other systems or applications
• Document findings
Step 4 – Privilege Escalation
Having access to a target does not guarantee accomplishing the goal of a penetration
assignment. In many cases, exploiting a vulnerable system may only give limited
access to a target’s data and resources. The attacker must escalate privileges granted
to gain the access required to capture the flag, which could be sensitive data, critical
infrastructure, and so on.
Privilege Escalation can include identifying and cracking passwords, user accounts,
and unauthorized IT space. An example is achieving limited user access, identifying
a shadow file containing administration login credentials, obtaining an administrator
password through password cracking, and accessing internal application systems
with administrator access rights.
The following is a list of Privilege Escalation goals:
• Obtain escalated level access to system(s) and network(s)
• Uncover other user account information
• Access other systems with escalated privileges
• Document findings
Step 5 – maintaining a foothold
The final step is maintaining access by establishing other entry points into the target. Best practice is establishing other means to access the target as insurance against the primary path being closed. Alternative access methods could be backdoors, new administration accounts, encrypted tunnels,
and new network access channels.
The other important aspect of maintaining a foothold in a target is removing evidence of the penetration
The following is a list of goals for maintaining a foothold:
• Establish multiple access methods to target network
• Remove evidence of authorized access
• Repair systems impacting by exploitation
• Inject false data if needed
• Hide communication methods through encryption and other means
• Document findings