Dear readers, if are new to the concept of penetration testing, I would suggest that you go through my penetration testing part 1 and part 2 of my articles. I’ve already gone over the most important elements that are involved in penetration testing. In this article, I will discuss the techniques and tools hackers and pen testers typically employ to target targets. SOC
ATTACK
This is the most important part of the penetration testing process as I’ve said earlier that during penetration testing, about Cyber Security 70 percent of the time we were focusing on gathering information, and 30 percent of our time focused at securing the targets. We have discussed the process of port scanning and enumerate, let’s begin with vulnerability scanning. There are a variety of tools available on the web that pen testers and hackers generally employ to conduct vulnerability checks for the targeted target. some of them are available for free and others are available for purchase.
Nessus is the most powerful vulnerability scanner for free by Tenable. Nessus is a great tool for any kind of penetration testing. I’m talking about Black Box Test, white Box testing or even gray boxing. Nessus could be utilized to look for weaknesses within Microsoft Windows, Linux Machines, Macintosh or Cisco which is all you require for the free version! It can scan just one host or subnets. The report will be generated with XML, NBE or PDF format.
The target is now set for pen test, I’ve conducted information gathering using websites and port scanning using Nmap and vulnerability scanning using Nessus What is your next steps? Let’s get started, using the report from Nessus I will look for security vulnerabilities Nessus discovered within the target. Let’s suppose that my Nessus report states that there is an advanced vulnerability within the server that is running on the target’s IP address. Nessus report could reveal the version and hole of the server, based on the server type running. I discovered that the Web server has IIS operating on port 80. The version running IIS is 5, and boom! there were numerous issues with IIS 5.0 I haven’t mention them in this article.