Friday, January 2
A KickStart Guide to Pen-Testing:
What is a penetration test?
What do u mean by penetration testing? Penetration testing, Commonly called "pentesting", "pen testing", or "security testing",is the practice of attacking your own or your clients’ IT systems in the same way a Cracker do to find holes. Holes are the Security holes , they may also be called as Bug. Of course, you do this without actually harming the network. The person carrying out a penetration test is called a penetration tester or pen-tester. the act of such test is called penetration testing.
Let’s make one thing crystal clear: Penetration testing requires that you get permission from the person who owns the system or the one whos system you are trying to Pen-test into...!. Otherwise, you would be termed as hacking the system, which is illegal in most countries – and trust me, you don’t look good in an orange jump suit, or a white Jailsuit.
In other words: The difference between penetration testing and hacking is whether you have the system owner’s permission. If you want to do a penetration test on someone else's system, we highly recommend that you get written permission. In this case, asking first is definitely better than apologizing later!
You can become a penetration tester at home by testing your own server and later make a career out of it.
Security research :
Vulnerabilities are typically found by security researchers, which is a posh term for smart people who like to find flaws in systems and break them.
Like penetration testing, security research can be used for good and evil. Some countries don’t make the distinction and outlaw security research completely, so make sure you check your country’s legislation before you start researching and especially before you publish any research.
A Payload :
A payload is the piece of software that lets you control a computer system after it’s been exploited. The payload is typically attached to and delivered by the exploit. Just imagine an exploit that carries the payload in its backpack when it breaks into the system and then leaves the backpack there. Yes, it’s a corny description, but you get the picture.
Metasploit’s most popular payload is called Meterpreter, which enables you to do all sorts of funky stuff on the target system. For example,
If you’re feeling particularly bad-ass, you can even turn on a laptop’s webcam and be a fly on the wall. you can upload and download files from the system, take screenshots, and collect password hashes. You can even take over the screen, mouse, and keyboard to fully control the computer.
A Vulnerability :
It is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system. A vulnerability can be as simple as weak passwords or as complex as buffer overflows or SQL injection vulnerabilities.
To test if you have any vulnerabilities in your systems, you typically use a vulnerability management solution, also known as a vulnerability scanner or vulnerability assessment solution. If you would like to get your hands on a free vulnerability scanner, try NeXpose Community Edition, one of Metasploit’s sister projects.
Exploit :
To take advantage of a vulnerability, you often need an exploit, a small and highly specialized computer program whose only reason of being is to take advantage of a specific vulnerability and to provide access to a computer system. Exploits often deliver a payload to the target system to grant the attacker access to the system.
The Metasploit Project host the world’s largest public database of quality-assured exploits.
Even the name Metasploit comes from the term “exploit”.Think of it as an abstraction layer (“Meta”) for exploits (abbreviated “sploits”). Get it?
Liked the article? , Like us on Facebook.
Bookmark us.Keep visiting for more of such Posts.
Liked the article? , Like us on Facebook.
Bookmark us.Keep visiting for more of such Posts.
