Network Penetration Testing detects network vulnerabilities by identifying open ports, troubleshooting live networks, infrastructure and application banners.
Testing enables the administrator to close unused ports, additional services, hide and/or customize banners, troubleshooting services and to calibrate the rules on the firewall.
Let’s see how we conduct network penetration tests step by step using some popular network scanners.
1.HOST DISCOVERY
The first and significant step is footprinting, where one collects information about its target system.
DNS footprinting helps to list data for the target domain such as (A, MX, NS, SRV, PTR, SOA, CNAME).
- A – A record is used to point the domain name such as gbhackers.com to the IP address of it’s hosting server.
- MX – Records responsible for Email exchange.
- NS – NS records are to identify DNS servers responsible for the domain.
- SRV – Records to distinguish the service hosted on specific servers.
- PTR – Reverse DNS lookup, with the help of IP you can get domain’s associated with it.
- SOA – Start of record, it is nothing but the information in the DNS system about DNS Zone and other DNS records.
- CNAME – Cname record maps a domain name to another domain name.
The use of network devices such as Advanced IP Scanner, NMAP, HPING3, NESSUS to identify live hosts in the target network.
Ping&Ping Sweep:
root@kali:~# nmap -sn 192.168.169.128
root@kali:~# nmap -sn 192.168.169.128-20 To ScanRange of IP
root@kali:~# nmap -sn 192.168.169.* Wildcard
root@kali:~# nmap -sn 192.168.169.128/24 Entire Subnet
Who is Information
To obtain Whois information and name server of a webiste
root@kali:~# whois testdomain.com
- http://whois.domaintools.com/
- https://whois.icann.org/en
Traceroute
Network Diagonastic tool that displays route path and transit delay in packets
root@kali:~# traceroute google.com
Online Tools
- http://www.monitis.com/traceroute/
- http://ping.eu/traceroute/
2.PORT SCANNING
Do port scanning with software like Nmap, Hping3, Netscan tools, Network Monitor. Such tools allow us to test a server or host for open ports on the target network.
Open ports are the key to malicious backdoor applications by hackers.
root@kali:~# nmap -p 80 192.168.169.128 Specific Port
root@kali:~# nmap -p 80-200 192.168.169.128 Range of ports
root@kali:~# nmap -p “*” 192.168.169.128 To scan all ports
Online Tools
- http://www.yougetsignal.com/
- https://pentest-tools.com/information-gathering/find-subdomains-of-domain
3.Banner Grabbing/OS Fingerprinting
Banner Recording / OS fingerprinting such as Telnet, IDServe, NMAP assess the target host operating system and operating system.
If you know the version and the operating system of the target, we have to find the vulnerabilities and take advantage of it.
root@kali:~# nmap -A 192.168.169.128
root@kali:~# nmap -v -A 192.168.169.128 with high verbosity level
IDserve another good tool for Banner Grabbing.
Online Tools
- https://www.netcraft.com/
- https://w3dt.net/tools/httprecon
- https://www.shodan.io/
4.Scan for Vulnerabilities
Scan the network using GIFLanguard, Nessus, Ratina CS, SAINT, Vulnerability.
These tools help to identify vulnerabilities in the target system and operating systems. You can find loopholes in the target network system by using these steps.
GFILanguard
It serves as security consultant and offers patch management, vulnerability analysis and audit services for networks.
Nessus
Nessus is a vulnerability scanner tool that checks software bug and finds a specific way to compromise software security.
- Data collection.
- Identification of the host.
- Scan port.
- Selection of plug-in.
- Data recording.
5.Draw Network Diagrams
Draw a organization network diagram that helps you understand the logical path to the network host.
LANmanager, LANstate, Friendly Pinger, Network View will draw the network diagram.
6.Prepare Proxies
Proxies intermediate two networking phones. A proxy can protect the local network against external access.
We can anonymize web browsing with proxy servers and filter undesirable contents like ads and many others.
To cover yourself, proxies include Proxifier, SSL Proxy, Proxy Finder, etc.
6.Document all Findings
The final and very important step is to report all the Penetration Test Findings.
This document will help you identify potential network vulnerabilities. Once the vulnerabilities have been determined, you can prepare counteractions accordingly.
You can access rules and scope worksheets here — regulations and scope sheets Moreover, penetration testing helps to assess the network before it is in real trouble that can lead to serious valuable and financial loss.
Important Network Pentesting Tools
Frameworks
Reconnaisance
Discovery
Port Scanning
Nmap, Megaping, Hping3, Netscan tools pro, Advanced port scannerService Fingerprinting Xprobe, nmap, zenmap
Enumeration
Superscan, Netbios enumerator, Snmpcheck, onesixtyone, Jxplorer, Hyena,DumpSec, WinFingerprint, Ps Tools, NsAuditor, Enum4Linux, nslookup, Netscan
Scanning
Password Cracking
Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow Crack
Sniffing
MiTM Attacks
Exploitation
Metasploit, Core Impact