Posted: September 23rd, 2022

Penetration Test Proposal

Penetration Test Proposal
Deliverable 3: Gaining Access Plan

Computer Sciences and Information Technology

Gaining Access
Overview
Gaining Access Phase is among the topmost significant phases of the process in regards to the potential damage that could occur (Gregg, 2006). Notably, attackers do not always need to gain access to a system for them to cause harm. One example is the denial of service attacks where resources are exhausted, or services are hindered from running on the side of the target system. For services to be halted, techniques used could involve reconfiguration and crash the system or killing off processes. The exhaustion of resources locally is done by making the outgoing communication links full (Global Knowledge, 2011).
The Gaining Access Phase entails the attacker breaking into the system/network through distinct methods or tools. The most common tools used in this phase include Cain & Abel, pwdump7, and fgdump (Hansen, 2018). Cain & Abel is used to recover passwords especially in Microsoft Operating Systems through network sniffing, cracking the encryption on passwords through Dictionary, conducting cryptic analysis attacks, decoding of the scrambled passwords, revealing password boxes and even analyzing the routing protocols. For the pwdump7, it represents a series of Windows programs that output LM and NTLM password hashes to local user accounts through the Security Account Manager (SAM) (Hansen, 2018). For it to work, then one needs to be under an Administrative Account or even access one in the system for the hashes to be dumped. This tool is also considered to compromise security since a malicious administrator could use it to access users’ passwords.
After entering into the system, one is required to increase their privilege to reach the administrator level for one to install the application that will modify or hide data. The hacker looks for options that will allow them to elevate their access on the target system. Local exploits are one of the ways to utilize in a vulnerable machine for privilege escalation. Nonetheless, this cannot work every time, especially in a system that is fully updated and patched. To this effect, other options are incorporated, such as insecure file system permissions or misconfigurations, among others.
Vulnerability Resources
There are several authentic resources with documented vulnerabilities, which include databases, vendor advisories, and CIRT lists and bulletins. For databases, they contain various information on vulnerabilities such as security checklist references, software flaws related to security, misconfigurations, among others. Some of its examples include; NVD by NIST, which is a repository under the management of the United States government, and OWASP that manages vulnerabilities through the Project, OWASP Top 10. The vulnerabilities in OWASP have been classified based on attack frequency and are updated when OWASP finds it necessary. For vendor advisories, they involve information on how to deal with security vulnerabilities through the application of patches that will fix the security issues. For instance, Adobe does manage a security advisory list where security issues are discussed together with making suggestions of patches. Finally, the CIRT lists and bulletins that are groups focused on handling events which involve security breaches. For instance, the SANS CIS Critical Security Controls provides security protocols to prevent current prevalent cyber-attacks.
Techniques and Software
The cornerstone of cybersecurity and security management is password cracking which is a technique to be used in entering the system. Any information security personnel needs to understand and deploy this skill whenever necessary. The process typically involves the hacker brute-forcing their way into a system’s admin panel then bombarding the server with multiple variations for system entry. For a valid password cracking process, the process will utilize several tools. They include:
● Rainbow Crack, which is a constituent member of the hash cracker tool used in large scale time-memory trade-off methods used in cracking passwords (Roy, 2018). The time and memory trade-off is a computation process where all the plain text and hash pairs are calculated through a particular hash algorithm. The outcome will be a rainbow table.
❖ The process does consume a lot of time, but immediately the rainbow table is running then the ability to crack passwords becomes faster compared to the brute force attacks.
❖ This tool does not need the making of tablets (rainbow) on its own since its makers have successfully generated the rainbow tables (LM), MD 5 rainbow table, NTM rainbow table, and the sha rainbow table (Roy, 2018).
❖ These tables are free; thus, anyone has access to utilize them in password cracking processes. It can be used in Linux and Windows systems.
● Aircrack: this is a network hacking tool consisting of packet sniffer testers, WPA/WPA-2 PSK cracker, WEP, and 8802.22 wireless LANs analysis tool. The tool works with a wireless network interface controller in conjunction with a driver that supports raw monitoring mode and can sniff traffic in 802.11a, 802.11b 802.22g (Dalziel, 2020).
❖ It focuses on areas related to wifi security, including the monitoring of the capture packets to export the data into text files before third parties process it. Through packet injection, the tool can replay attacks, fake access points, and deauthenticate. Wifi cards and driver capabilities can also be tested through the capture, injection, and cracking of the passwords (Dalziel, 2020).
❖ the tool can also work on various platforms such as Windows, Linux, OpenBSD among others,
❖ This tool is also free, with many tutorials on its utilization found on the internet.
An important penetration tool will;l also be utilized to bypass the security levels will be Metasploit.
● Metasploit is an open cyber-security project that allows professionals to use distinct penetration testing tools in discovering remote software vulnerabilities. Additionally, it plays an essential role in being a development program for exploit modules.
❖ One of the significant projects from Metasploit was the Metasploit Framework. The Framework can develop, test, and carry out the exploits easily (Security trails Team, 2018). Additionally, the set of security tools ingrained in the Framework can evade any detection systems, run scans for any security vulnerabilities, carry out remote attacks, and an enumeration of hosts and networks.
❖ The three different versions of this software are Pro, Community, and Framework. Pro is suitable for penetration testing and the IT security teams. Community is efficient in small organizations and infosec students (Securitytrails Team, 2018). Finally, the Framework is ideal for app developers and security researchers.
Additionally, the use of a botnet will be used in establishing command and control communication channels. A botnet is the short form of a robot network (W3 Schools, 2019). Through its components, the network component, the botnet becomes a command and control communication channel,

References
Dalziel, H. (2020, April 8). Password hacking tools & software. Retrieved from https://www.concise-courses.com/hacking-tools/password-crackers/
Global Knowledge. (2011). The 5 phases of hacking: Gaining access. Retrieved from https://www.globalknowledge.com/ca-en/resources/resource-library/articles/5-phases-of-hacking-gaining-access/
Gregg, M. (2006). The attacker’s process | The technical foundations of hacking | Pearson IT certification. Retrieved from https://www.pearsonitcertification.com/articles/article.aspx?p=462199&seqNum=2
Hansen, A. T. (2018). Ethical hacking – Tools for the 5 phases of hacking | Alex Ø. T. Hansen. Retrieved from https://blog.tofte-it.dk/ethical-hacking-tools-for-the-5-phases-of-hacking/
Obbayi, L. (2020). What is vulnerability identification? Retrieved from https://resources.infosecinstitute.com/category/certifications-training/ethical-hacking/network-recon/what-is-vulnerability-identification/#gref
Roy, D. (2018). Grey campus. Retrieved from https://www.greycampus.com/blog/information-security/what-are-the-best-password-cracking-tools
Securitytrails Team. (2018, October 9). Top 15 ethical hacking tools used by Infosec professionals. Retrieved from https://securitytrails.com/blog/top-15-ethical-hacking-tools-used-by-infosec-professionals
W3 Schools. (2019, April 4). Botnet. Retrieved from https://www.w3schools.in/ethical-hacking/botnet/

Order | Check Discount

Tags: Penetration Test Proposal