while carrying out penetration testing using Kali Linux we expect to follow the flow of a Penetration Testing service engagement.regardless of the starting point being White, Black, or Gray box testing, these are the set of steps that should be followed carrying out Penetration Testing on a target with Kali or other tools.
1.Reconnaissance
Reconnaissance is the starting point of a Penetration Testing service engagement whether you are verifying known information or seeking new intelligence on a target.the initial step with reconnaissance is to begin by the target environment basing on the objective of the work.After identifying the target a study is done to gather all information on communications, where it is located, the service being offered to client and other services.these data will help us develop a well planned action to be used in obtaining the desired results,the expected output should be a list of all assets being targeted,service used and the asset owners.Kali Linux is the best tool for penetration testing as it offers category labeled information gathering that serves as reconnaissance resource;these are research network center,wireless,and host systems.
Reconnaissance goals:
- look for target(s)
- Define applications and business use
- understand the system types
- look for the available ports
- check for running services
- do Passive social engineer information
- Do a search on documents
2.Target evaluation
Penetration Tester should know enough about a target,they should be able to analyse for possible vulnerabilities or weaknesses.when they use the well captured details from reconnaissance it will improve on the accuracy of targeting possible vulnerabilities,will shorten time to perform evaluation and help avoid the current security.Kali Linux offer a wide range of tools that are grouped as a category labeled Vulnerability Analysis. Tools range from assessing network devices to databases.
Target Evaluation goals in a system:
- Analyse the targets for weakness in the system.
- Identify and prioritize vulnerable systems to carry out test on.
- Link vulnerable systems to asset owners.
- Find the documents.
3.Exploitation
Exploitation is mainly done for specific vulnerabilities and can cause undesired results if execution is incorrect.the best practice is identifying a vulnerability and develop an attack strategy based on the highly vulnerable,and we can carry this manually or automate.
Kali Linux provide a dedicated catalog of tools for exploiting,it ranges from exploiting specific services as well as social engineering packages.
These is a list of exploitation goals:
- Take advantage of vulnerabilities
- take note of unauthorized data
- Social engineering
- attack other systems or applications
- finding Documents
4. Privilege Escalation
A system considered vulnerable may only give limited access to a target’s data and resources to the user . For an attacker they must escalate privileges granted to gain the access required to capture the flag, which could be sensitive data, critical infrastructure, and so on.
Privilege Escalation include identifying and cracking passwords, user accounts, and unauthorized IT space.
Kali Linux has a number of tools that can help gain Privilege Escalation through the Password Attacks and Exploitation Tools catalog. most of these tools include methods to obtain initial access and Privilege Escalation, hence they are gathered and grouped according to their tool sets.
Privilege Escalation goals in accessing the system:
- seek escalated level access to system(s) and network(s)
- Identify information from other user account
- Access other systems with escalated privileges
- findings Document
5.Maintaining a foothold
these final step aims at establishing other entry points to the target as well as trying to cover the evidence of penetration.it is possible that a defensive mechanism may be triggered that will eventually secure how the penetration tester obtained access to the network,we should have alternative methods to access without using the primary path being closed,these alternatives can be backdoor,new administration accounts encrypted channels,and the network access channel.
the other way of maintaining a foothold in a target is removing the penetration evidence to make it harder to detect the attack hence reducing the security defenses,these evidences that need to be removed include user logs,deleting errors.Kali Linux has a catalog titled Maintaining Access focused on keeping a foothold within a target these Tools are used for establishing various forms of backdoor into a target.
Main goals for maintaining a foothold:
- create multiple access methods to target network
- clear all the evidence of authorized access
- Repair systems impacting by exploitation
- Inject false data if needed to the system under attack
- keep the communication methods secret through encryption and other means
- findings Document
