...Attack and Penetration Test Plan Part 1: Table of Contents 2. Scope 3 .Goals and Objectives 4. Tasks 5. Reporting 6. Schedule 7. Unanswered Questions 8. Authorization Letter Part 2: Scope Production e-commerce Web application server and Cisco network. Located on ASA_Instructor, the e-commerce web application server is acting as an external point-of-entry into the network: • Ubuntu Linux 10.04 LTS Server (TargerUbuntu01) • Apache Web Server running the e-commerce Web application server • Credit Card transaction processing occurs The test will be intrusive, meaning specific security points will be passed. Part 3: Goals and Objectives • If security software is up to speed, and penetration is not possible, a positive result will be given. If security software is not what it should be, penetration will be easy and the results will be explained to you in a separate report. Part 4: Tasks • Determine website size • Determine code of the website Part 5: Reporting • Upon completion of the penetration test, all results found will be in a separate report written by the person whom is performing the test. Part 6: Schedule Phase One-Information Collection (2 days) 1. Client authorization letter 2. Further client information 3. Get IT infrastructure Phase Two-Test Plan Development (3 days) 1. Determine scope 2. Use IT infrastructure to gain further knowledge about what is to be penetrated 3. List things to be penetrated and things that are off limits Phase...
Words: 458 - Pages: 2
...Conducting a Penetration Test on an Organization This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test. Copyright SANS Institute Author Retains Full Rights AD Conducting a Penetration Test on an Organization TABLE OF CONTENTS PAGE Abstract 2 Bibliography ut ho Conclusion rr Limitation of Penetration Testing eta ins The Process and Methodology Planning and Preparation Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Information Gathering and Analysis Vulnerability Detection Penetration Attempt Analysis and Reporting Cleaning Up fu ll r igh ts. What is a Penetration Test? 2 3 3 4 6 7 9 9 10 10 11 12 14 Appendix A: Netcraft (www.netcraft.com) results on www.sans.org Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Chan Tuck Wai (twchan001) © SA Full name: Chan Tuck Wai GIAC userID: twchan001 Course: Security Essentials Version: First (Original Submission) Conference Location: Malaysia NS In sti DETAILS tu te 20 Appendix B: Penetration Testing Tools 02 ,A Page 1 © SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights. Conducting a Penetration Test on an Organization ...
Words: 5729 - Pages: 23
...Penertation Test? 4 1. Cleint Penetraion Test Request 5 1.2 Scope 5 1.3 Intrusive or Non-Intrusive 5 1.4 Compromise or Non Compromise 5 2. Goals and Objectives 6 3. Penertation testing Methodology 2.1 Penetration test plans 2.2 NIST penertation testing documentation 2.3 Web application penertation testing 2.4 E-commerece penertation testing 2.5 Network penetration testing 2.6 Common tools and applications for peneration testing 7 2.7 Black box testing, grey box testing, Black/grey box testing 2.8 Social engineering testing 7 3. Test Plan 15 3.1 Task 3.1 Reporting 3.1 Schedule 3.2 Limitation of Liability 3.3 End of Testing 3.1 Unanswered Questions 10 3.4 Signatures 8 3.1 Authorization Letter 8 4. Conclusion 11 5. Bibiography 11 Acronyms 22 Appendix A – Test Case Procedures 23 Abstract This document is a proposal with a series of activities undertaken to identify and exploit security vulnerabilities. It helps confirm the effectiveness or ineffectiveness of the security measures that have been implemented. This proposal provides an understanding of penetration testing. It discusses the benefits, the strategies and the mythology of conducting penetration testing. The mythology of penetration testing includes three phases: test preparation, test and test analysis. Key Words: Security Testing, Vulnerability Assessment, Penetration Testing...
Words: 1995 - Pages: 8
...Megan Patterson IS4560 Monday E1 Class Week 1-Penetration Test Plan June 17, 2013 Attack and Penetration Test Plan Megan Patterson IS4560 Childers June 17, 2013 External Penetration testing tests the security surrounding externally connected systems from the Internet, as well as within a corporate network. Controlled tests are used to gain access to Internet resources and ultimately to the DMZ, which is an internal network; by going through and around firewalls from the Internet. External Penetration Testing involves the finding and exploitation of actual known and unknown vulnerabilities from the perspective of an outside attacker. The External Attack and Penetration testing Process is as follows: * Phase 1-Discovery * Analysis * Footprint * Identify * Phase 2-Services * Ping * Map * Scan * Phase 3-Enumeration * Extract * Collect * Intrusive * Phase 4-Application Layer Testing * Manual * Depth * Blind * Phase 5-Exploit * Attack * Penetrate * Compromise The purpose of the External Attack and Penetration testing plan is to outline on what to do for an external penetration test within a corporate network. The goals for this plan if it is successful, is that to go ahead and deploy whatever the tester is testing after documentation has been written, saved, and reviewed by the IT staff. If the plan is not successful, then the tester needs to go through the steps of retesting the application...
Words: 402 - Pages: 2
...Institute Author Retains Full Rights This paper is from the SANS Penetration Testing site. Reposting is not permited without express written permission. Interested in learning more? Check out the list of upcoming events offering "Hacker Techniques, Exploits & Incident Handling (SEC504)" at https://pen-testing.sans.org/events/ Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 A Management Guide to Penetration Testing David A. Shinberg © SANS Institute 2003, © SA NS In sti tu As part of GIAC practical repository. te 20 03 ,A ut ho rr Version 2.1a eta Practical Assignment ins SANS Hacker Techniques, Exploits, and Incident Handling (GCIH) fu ll r igh ts. Author retains full rights. Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Abstract Penetration tests are an excellent method for determining the strengths and weaknesses of a network consisting of computers and network devices. However, the process of performing a penetration test is complex, and without care can have disastrous effects on the systems being tested. This paper provides guidance, primarily focused around planning and management, on how to conduct a penetration test comprised of five phases – Preparation, Public Information, Planning, Execution and Analysis and Reporting. However, due to the technical and sometimes sensitive nature of penetration testing only a cursory overview how to compromise a system...
Words: 4111 - Pages: 17
...FULL BREACH PENETRATION TEST 1. Reconnaissance. a. Establish active and inactive routes into the property. b. Establish Contractor routines (Cleaners, Builders, Electricians, Technician etc) c. Establish Courier routines d. Establish employee routines, (Social Engineering) e. Obtain ID card/s, (Theft or Falsify) 2. Gain entry to the building. (Pretext, Deceit, Employment) a. Establish Office layout b. Establish Sensitive offices (Including ComCen and IT rooms) c. Establish Evacuation routines 3. Acquisition of Intelligence. a. Obtain Hard & Soft Copy Information b. Obtain Top Managerial Personal Information, (Addresses etc) c. (Optional deployment of Ethical Hacking) 4. Disruption/Sabotage a. Insertion of dummy explosive/incendiary devices (Packages, Letter Bombs etc). b. Abduction plan 5. Report The time frame is variable dependent on current security protocols and staff awareness. Client Network Penetration Testing Proposal Document Reference xxx-xxxx-xx Contents 1 Background 3 2 Scope 4 2.1 Types of Attack 4 2.2 Report 5 2.2.1 Executive Summary 5 2.2.2 Technical Report 5 2.2.3 Recommendations 5 2.2.4 Security Policy 5 3 Phase 1 – Internal 6 3.1 Scope 6 3.2 Deliverable 6 4 Phase 2 – Internet 7 4.1 Scope 7 4...
Words: 2185 - Pages: 9
...In 2006, a small business was created to provide customers with a close to real-time analysis of their stock portfolios. After months of doing business, several IT Administrators began to notice subtle changes in the corporate network. Shortly after that, the CEO began calling high-level meetings, especially with marketing and finance, to determine why the company’s profits for the last five months (July to December) began to take a downward spiral. Though it seemed that all operations and processes remained unchanged it seemed that the number of new customers registering through their customer portal had dropped drastically over the past last five months. The company has noticed anomalous traffic on port 80 of the Web Server on the DMZ. The edge router’s logs showed that the traffic started six months ago and ended five months later. They noticed five months ago that traffic from the Web servers to the internal application servers decreased each day, although the inbound requests on port 80 remained about the same. Over the last four months, Web server logs contained many http “Post” statements followed by the Website address of one the company’s main competitors. All of the post statements seemed to appear in the logs after new users would click “submit” to register. Based on the information that has been provided it seems that a competitor has been able to compromise the company’s network. This has allowed them to reroute network traffic from users that are attempting to register...
Words: 1289 - Pages: 6
...Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Conducting a Penetration Test on an Organization This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test. AD Copyright SANS Institute Author Retains Full Rights Conducting a Penetration Test on an Organization TABLE OF CONTENTS PAGE 2 What is a Penetration Test? 2 fu ll r igh ts. Abstract eta ins The Process and Methodology Planning and Preparation Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Information Gathering and Analysis Vulnerability Detection Penetration Attempt Analysis and Reporting Cleaning Up rr Limitation of Penetration Testing ut ho Conclusion 10 10 Appendix A: Netcraft (www.netcraft.com) results on www.sans.org 12 Appendix B: Penetration Testing Tools 14 tu te 20 ,A 11 02 Bibliography 3 3 4 6 7 9 9 sti DETAILS © SA NS In Full name: Chan Tuck Wai GIAC userID: twchan001 Course: Security Essentials Version: First (Original Submission) Conference Location: Malaysia Key fingerprint...
Words: 5638 - Pages: 23
...Penetration testing Penetration testing A Hands-On Introduction to Hacking by Georgia Weidman San Francisco Penetration testing. Copyright © 2014 by Georgia Weidman. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. Printed in USA First printing 18 17 16 15 14 123456789 ISBN-10: 1-59327-564-1 ISBN-13: 978-1-59327-564-8 Publisher: William Pollock Production Editor: Alison Law Cover Illustration: Mertsaloff/Shutterstock Interior Design: Octopod Studios Developmental Editor: William Pollock Technical Reviewer: Jason Oliver Copyeditor: Pamela Hunt Compositor: Susan Glinert Stevens Proofreader: James Fraleigh Indexer: Nancy Guenther For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com Library of Congress Cataloging-in-Publication Data Weidman, Georgia. Penetration testing : a hands-on introduction to hacking / Georgia Weidman. pages cm Includes index. ISBN 978-1-59327-564-8 (paperback) -- ISBN 1-59327-564-1 (paperback) 1. Penetration testing (Computer security) 2. Kali Linux. 3. Computer hackers. QA76.9.A25W4258 2014 005.8'092--dc23 2014001066...
Words: 117203 - Pages: 469
...Metasploit Vulnerability Scanner Executive Proposal Paul Dubuque Table of Contents Page 3 Executive Summary Page 5 Background Information Page 6 Recommended Product Page 7 Product Capabilities Page 10 Cost and Training Page 11 References Page 13 Product Reviews Executive Summary To: Advanced Research Corporation Mr. J. Smith, CEO; Ms. S. Long, V.P. Mr. W Donaldson, CCO; Mr. A. Gramer, CCO & Mr. B. Schuler, CFO CC. Ms. K. Young, MR. G. Holdsoth From: P. Dubuque, IT Manager Advance Research Corporation (ARC) has grown rapidly during the last five years and has been very successful in developing new and innovative devices and medicines for the health care industry. ARC has expanded to two locations, New York, NY and Reston, VA which has led to an expanded computer network in support of business communications and research. ARC has been the victim of cyber-attacks on its network and web site, as well as false alegations of unethical practices. ARC’s network is growing, with over two thousand devices currently and reaching from VA to NY. ARC needs to ensure better security of communications, intellectual property (IP) and public image, all of which affect ARC’s reputation with the public and investors. ARC has previously limited information technology (IT) expenditures to desktop computers and network infrastructure hardware such as routers, firewalls and servers. It is imperative that ARC considers information security (IS) and begins to invest in products...
Words: 2593 - Pages: 11
...needed to access the target. 6. To avoid detection a good hacker will always cover their tracks. This is done by purging any information in the system that could even minutely show the trace that someone was there. You must be careful when doing this because sometimes it’s not what’s there that gets the hacker busted but what wasn’t. 7. Any good hacker will always leave some sort of a backdoor into the system. This allows for easy access at will. 8. I would use that key and keep testing. Just because you find one vulnerability doesn’t mean there won’t be more. The more you find the better your report will be. 9. NIST SP 800-115 is the document that encompasses security testing and penetration testing. 10. Planning, Discovery, Attack, and Reporting 11. An internal penetration test will show you where your weaknesses are without the risk of compromising your network or data. 12. A time when a contracted pen tester should not compromise or access a system is whenever work productivity will be hindered. A pen tester should not compromise a system during work hours if it will prevent the company from completing...
Words: 451 - Pages: 2
...IT255 Introduction to Information Systems Security Unit 5 Importance of Testing, Auditing, and Monitoring © ITT Educational Services, Inc. All rights reserved. Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy. IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 2 Key Concepts Role of an audit in effective security baselining and gap analysis Importance of monitoring systems throughout the IT infrastructure Penetration testing and ethical hacking to help mitigate gaps Security logs for normal and abnormal traffic patterns and digital signatures Security countermeasures through auditing, testing, and monitoring test results IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 3 EXPLORE: CONCEPTS IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 4 Purpose of an IT Security Assessment Check effectiveness of security measures. Verify access controls. Validate established mechanisms. IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 5 IT Security Audit Terminology Verification Validation Testing Evaluation IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved...
Words: 799 - Pages: 4
...A. Memo of Record: Permission to purchase a network penetration tool 1. Three Possible Network Penetration Testing Tools: Three possible network penetration tools that can be used in this scenario to perform a Vulnerability Assessment (VA) are; Backtrack, Core Impact Pro, and Sword&Shield Enterprise Security solutions. Each product provides a number or penetration techniques such as scanning, enumeration, network mapping, packet sniffing, and password cracking. Each product requires a different level of user and/or contractor knowledge to perform the VA. Backtrack is a LINUX distribution that requires the Information Technology (IT) department to install and perform in house testing. This product is very low cost but requires extensive hours to learn and perform testing using the applications provided in this distribution. Backtrack provides the full range of tests; network, mapping, enumeration, sniffing, and cracking. When used in a Microsoft Windows environment can go undetected by most security appliances internal to the network. Backtrack can be used both as an external penetration tool and an internal (client side) vulnerability scanner. Many Hacker tools are built in to Backtrack and additional plugins make this a powerful tool for penetration testing (PENtest). Core Impact Pro (CIP) provides a software solution that automates the penetration testing process. Core can provide technical assistance and/or perform independent PENtest services. (Core Security Technologies...
Words: 362 - Pages: 2
...driving d. War dialing View Feedback Question 2 1 / 1 point __________ cryptography is the most common method on the Internet for authenticating a message sender or encrypting a message. a. Symmetric b. Hash-based c. Private-key d. Public-key View Feedback Question 3 1 / 1 point __________ is a lightweight Knoppix version cut to 50 MB for a business-card-sized CD. a. Gnoppix b. GeeXboX c. Morphix d. Damn Small Linux View Feedback Question 4 1 / 1 point The __________ utility tests the integrity of an ODBC data source. a. odbcping b. ASPRunner c. FlexTracer d. DbEncrypt View Feedback Question 5 1 / 1 point In the TCP/IP stack, the __________ layer is where applications and protocols, such as HTTP and Telnet, operate. a. Internet b. network c. transport d. application View Feedback Question 6 1 / 1 point Attackers can use a simple test to find out if an application is vulnerable to an OLE DB error. They can fill in the username and password fields with __________. a. a pound sign b. two dashes c. a single quotation mark d. double quotes View Feedback Question 7 1 / 1 point __________ allow attackers to pass malicious code to different systems via a web application. a. SQL injection attacks b. XSS vulnerabilities c. Authentication hijacking attacks d. Command injection flaws View...
Words: 4865 - Pages: 20
...methodologies exist for performing a pen test; however, we will be using the Penetration Test Execution Standard framework (PTES) to execute the assessment. PTES consists of seven guidelines to follow during an evaluation: Pre-Engagement Interactions occurred when management approved conducting a pen test of the network. Additionally, we have defined the scope of the project, including the goals of the assessment, which tools will be used to conduct the evaluation and how long it will take to complete the penetration test. Intelligence Gathering entails collecting as much information about the network as possible to use during the vulnerability analysis and exploitation phases of the assessment. Specifically,...
Words: 449 - Pages: 2
