Footprinting and Reconniance

Footprinting refers to uncovering and collecting as much information as possible regarding a target network.  Penetration testing is much more than just running exploits against vulnerable systems like we learned about in the previous module. In fact, a penetration test begins before penetration testers have even made contact with the victim's systems. Rather than blindly throwing out exploits and praying that one of them returns a shell, a penetration tester meticulously studies the environment for potential weaknesses and their mitigating factors. By the time a penetration tester runs an exploit, he or she is nearly certain that it will be successful. Since failed exploits can in some cases cause a crash or even damage to a victim system, or at the very least make the victim un-exploitable in the future, penetration testers won't get the best results, or deliver the most thorough report to their clients, if they blindly turn an automated exploit machine on the victim network with no preparation.

Before a penetration test even begins, penetration testers spend time with their clients working out the scope, rules, and goals of this test. The penetration testers may break in using any means necessary, from information found in the dumpster, to web application security holes, to posing as the cable guy.

After pie-engagement activities, penetration testers begin gathering information about their targets. Often all the information learned from a client is the list of IP addresses and/or web domains that are in scope. Penetration testers then learn as much about the client and their systems as possible, from searching for employees on social networking sites to scanning the perimeter for live systems and open ports. Taking all the information garnered into account, penetration testers study the systems to find the best routes of attack. Tins is similar to what an attacker would do or what an invading army would do when trying to breach the perimeter. Then penetration testers move into vulnerability analysis, the first phase where the are actively engaging the target. Some might say some port scanning does complete connections. However, as cyber crime rates rise, large companies, government organizations, and other popular sites are scanned quite frequency. During vulnerability analysis, a penetration tester begins actively probing the victim systems for vulnerabilities and additional information. Only once a penetration tester has a full view of the target does exploitation begin. Tins is where all of the information that liras been meticulously gathered comes into play, allowing you to be nearly 100% sure that an exploit will succeed.

Once a system has been successfully compromised, the  penetration test is over, right? Actually, that's not right at all. Post exploitation is arguably the most important part of a penetration test. Once you have breached the perimeter there is whole new set of information to gather. You may have access to additional systems everyone from the IT department who will be remediating the vulnerabilities to the business executives who will be approving the budget can understand.