Author – Raluca Blidaru
Are penetration testing phases different from the ones of a malicious attack? The answer is no. Both malicious attackers and penetration testers go through the same stages or phases in their attacks/tests:
1. Gathering Information phase. During this stage, as much as possible data on the target is collected (e.g. the target IP address range, domain name registration records, mail server records, etc.), to design the blueprint of the target.
2. Scanning phase. The target is scanned for entry points such as wireless access points, lnternet gateways, available systems, running services, vulnerability lists, and port listening. Other tests would check if default user IDs, passwords, and guest passwords have been disabled or changed and no remote login is allowed.
3. Gaining Access phase. Based on the vulnerabilities which were identified during scanning, attempts are made to access the system. To accomplish this task, one could use automated exploit tools, or legitimate information obtained from social engineering.
4. Maintaining Access phase. Once access has been acquired, attempts are made to escalate the privileges to root/admin and then to upload a piece of code (also named “backdoor”) on the target so that access to the target is maintained independent from the authorized entry points into the system/network. This will allow to connect to the target anytime.
5. Covering Tracks phase. This phase is same important as the previous ones, as leaving a mark can show how elevated access to protected resources can be obtained and this information can be later on maliciously be used by others with access to the system. This phase involves restoring the system to normal pretest configurations, which includes removing files, cleaning logs, registry entries, deleting the uploaded backdoor, etc.