The recent years have emphasised the importance of cyber security in a data-driven world where everyone, regardless of their size or mission, is cultivating their online presence to reap the numerous benefits. Attacks have become more commonplace, and the misuse of stolen data has also become the standard, requiring individuals and businesses that use data to implement stringent management and protection procedures. Through this post, we hope to shed some light on the significance of network penetration testing and help readers better understand how to safeguard networks and avoid data breaches.
A computer network is a setup that joins two or more computers together to share and transport data. Mobile phones and servers are both examples of computing devices. These gadgets can be connected wirelessly or by physical connections like fiber optic cables.
Let’s understand some objectives behind deploying a computer network.
Users can use shared resources as if they were on their computers when accessing them successfully. Files, data, multimedia, and hardware resources like printers, fax machines, and scanners are the most frequently utilised shared network environment elements.
Resources are available from numerous points and are not kept in inaccessible silos, thanks to a network. To be available in case of events like hardware failures and important resources must be backed up across numerous machines.
As a business expands, its workload only gets bigger. The system’s overall performance is enhanced, and this expansion is accommodated when one or more processors are added to the network. Data storage in well-designed databases can significantly reduce lookup and retrieve times.
It makes more sense to add processors at key locations within the system rather than purchasing large mainframe computers, which are an expensive investment. This boosts efficiency while simultaneously reducing costs. Networks reduce operational time and expenses by allowing staff to access information quickly. Less money needs to be invested in IT support, thanks to centralised network administration.
Employees that deal with large amounts of data benefit greatly from network-attached storage devices. For instance, no individual member needs their own data repository due to the enormous volume of records the data science team analyses. Using centralised repositories increases productivity even further. The ability to increase storage capacity is essential in the modern world because organisations are receiving unprecedented amounts of client data into their systems.
Networks significantly affect how a firm runs on a daily basis. File sharing, peer review, calendar synchronisation, and idea-sharing among staff members are all possible. Internal chat platforms like Slack are used by every modern business to provide unrestricted communication and information flow. Emails remain the official communication channel with customers, partners, and suppliers.
There are mainly three types of networks.
LAN (Local Area Network):- The most used type of network is LAN. A local area network, or LAN, is a type of computer network that links computers together through a common communication connection. Two or more computers connected via a server make up a LAN. Ethernet and Wi-fi are the two key technologies used in this network.
MAN (Metropolitan Area Network):– This kind of computer network utilises a shared communication path across a city, town, or metropolitan area to link computers that are separated by distance.
WAN (Wide Area Network):- A WAN is a kind of computer network that utilises a common communication path to connect machines separated by a great distance. It spans numerous locations rather than being limited to only one. A collection of local area networks that communicate with one another can also be referred to as WAN.
Now we have a good understanding of what a network is, the main purpose of the pen test is to improve network security and provide protection for the entire network and connected devices against future attacks. Conducting Penetration testing helps to identify vulnerabilities within a network.
Some Key Points
An Insider Perspective: A pen-test lets you experience real-world situations where you might encounter an attacker. Testing the security controls you have in place should be done without alerting the staff so that you can determine if they are effective.
Identifying and Prioritizing Risk: Risk-prioritizing is an important part of pen-testing. The data provided by scanners can be extremely helpful in identifying network vulnerabilities. If your team does not prioritise the vulnerabilities, how will it determine which to patch first? Penetrating your network will allow you to identify which vulnerabilities will affect your network the most and then prioritise your efforts accordingly.
Identify Vulnerabilities: Pen-testing can provide insight into where vulnerabilities exist in your network. Pen testing consists of attacking your network as a hacker would do and doing whatever it takes to gain access. To keep your network secure, you would be wise to let a third party conduct a penetration test, even once or twice a year, to examine it from a different perspective.
Evaluate the feasibility of each Attack Vector: Examine attack vectors to determine their feasibility. However, based on the results of a penetration test, you are able to know for certain how attackers could gain access to our system or if spending resources on a riskier attack vector is appropriate. Post-Incident Analysis.
Analyse Post-Incident: Having had your system hacked, your organisation needs to figure out how the attackers got in. Combining penetration testing with forensics analysis can help you implement new security measures to prevent a repeat attack.
The test you conduct may involve finding hosts within the company’s internal network or locating assets on the Internet, or we can say on the external network. So let’s get into the Host Discovery.
This is an early stage of network reconnaissance. A host’s presence at an IP address is typically checked using a variety of techniques by the unauthorised user, who typically starts with finding a Range of IP addresses from the target network. Using a sonar analogy, host finding is commonly referred to as “Ping” scanning. Basically, the objective is to send a packet to the IP address and wait for it to respond.
A DNS footprint is used to collect information on DNS zone data, which includes elements such as domain names, machine names, IP addresses, and more.
The nslookup and dig are the most commonly used tools for DNS footprinting. These tools are pre-installed in Kali Linux for other OS the installation guide can be found here.
nslookup <domainname> nslookup google.com
Here we can see in the output the server address and the Ip range of google.
By using -type=any different types of records can be extracted,
Here is some example
Extracting SOA (Start of Record) records
nslookup -type=soa google.com
Extracting mail exchange server record
nslookup -type=mx google.com
dig is mainly used for querying the DNS nameserver. This tool locates IP address records, logs the query path when a reliable nameserver responds, and detects other DNS issues.
Here is one examples,
The HEADER section displays the information it received from the server.
The OPT PSEUDOSECTION section displays advanced information.
Under the QUESTION section, the following information is displayed:
The STATISTICS section contains information about the query:
The more detailed use of dig can be found here.
Port scanning is a common tactic malicious users use in order to find weak points or open doors in a network. Port and Service scanning is done by sending traffic to particular ports.
List of common ports in the network.
|20||File Transfer Protocol (FTP) Data Transfer|
|22||Secure Shell (SSH)|
|23||Telnet – Remote login service, unencrypted text messages|
|25||Simple Mail Transfer Protocol (SMTP) E-mail Routing|
|53||Domain Name System (DNS) service|
|80||Hypertext Transfer Protocol (HTTP) used in the World Wide Web|
|110||Post Office Protocol (POP3) used by e-mail clients to retrieve e-mail from a server|
|119||Network News Transfer Protocol (NNTP)|
|123||Network Time Protocol (NTP)|
|143||Internet Message Access Protocol (IMAP) Management of Digital Mail|
|161||Simple Network Management Protocol (SNMP)|
|194||Internet Relay Chat (IRC)|
|443||HTTP Secure (HTTPS) HTTP over TLS/SSL|
There is no doubt that Nmap is the most popular scanning tool used by security researchers. It is an open-source command-line tool, and there is also a GUI version available called Zenmap. Some key features of Nmap, it allows Network Administrators to find out what devices are connected to their networks, discover open ports and services, and identify vulnerabilities.
It provides the different types of scans.
Single Host Scan
It scans 1000 ports on one host. There are several popular services that uses these ports, such as SQL, Apache and others.
SYN scan is the most popular and default scan option. Thousands of ports can be checked per second on a network without intrusive firewalls, allowing this process to be performed quickly. It never completes TCP connections, which makes SYN scan relatively unobtrusive.
nmap -sS scanme.nmap.org
As many services share the same ports, the version of the service is likely to be vulnerable to past exploits. Thus, detecting the software running behind the port will serve as an important tool for discriminating between services.
nmap -sV scanme.nmap.org
Nmap Scripting Engine (NSE) is an important feature that enables us to automate various networking tasks by writing and sharing scripts. The scripts provided by the Nmap are very powerful and accurate in results. The scripts are written in the Lua programming language. Parallel execution of those scripts meets Nmap’s high speed and efficiency standards. You can find more information about NSE here.
The below image shows the list of some available scripts.
Running Nmap scripts
namp –-script <script_name> <Host>
nmap –-script vulners scanme.org
“–script” flag is used to load the Nmap scripts
“vulners” is the script name
In addition to testing security vulnerabilities, enumerating networks, and executing attacks, the Metasploit Framework provides a number of tools for evading detection. The Metasploit framework is pre-installed in Kali Linux. Alternatively, a GUI version is available called Armitage; more information can be found here.
Using the msfconsole command, launch the Metasploit, and search for the port scanning module by using the search (search portscan) command.
We have got the number of modules as a result. You can explore all this on your own, but for example, we will choose auxiliary/scanner/portscan/tcp to run a TCP scan.
use command is used to select the particular module.
A detailed description and the module’s requirements can be found using the info command.
The target should be specified as RHOST, and the range of ports to be scanned should be specified to PORTS by using the set command.
By using the run command, initiate the scan.
To exploit the flaws in the network, Metasploit plays a pivotal role. It came up with thousands of exploits and hundreds of payloads. In addition to providing a development platform, Metasploit also allows users to write their own security tools or exploits.
Pen testers use the data gathered during the discovery phase, such as potential vulnerabilities and entry points, in the exploitation phase, when they begin to test the exploits on network devices or in the systems. The goal of the exploitation phase is to get access to the network environment while avoiding detection and by locating entry points, utilizing a variety of pen testing tools that are already available on the internet in order to quickly determine their true risk in the actual world.
Vulnerability Assessments are not complete without Reporting, and it plays a very important role in the whole VAPT (Vulnerability Assessment and Penetration Testing) process. The purpose of reporting is to provide the client with a comprehensive explanation of the issues found in the network. Some important key points for writing an excellent report.
We recognise that maintaining the security of your network is a crucial component of your organisation’s core risk management strategy. A comprehensive way of discovering possible vulnerabilities in the network is Network penetration testing. When it comes to your network, we will thoroughly test all known exploits as well as explore further afield to find any new flaws. Securityboat is dedicated to guaranteeing the highest level of network security, from information collection to spotting possible vulnerabilities and providing remedies. Find more about us here.