Skip to content

Instantly share code, notes, and snippets.

@luckysitara

luckysitara/Pentest_methodology.md

Created December 2, 2024 20:06
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save luckysitara/03a6971033cc90eb088c437b66814a19 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save luckysitara/03a6971033cc90eb088c437b66814a19 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Pentest_methodology.md

Blackbox Penetration Testing Methodology

This document provides a comprehensive guide to conducting a blackbox penetration test. Blackbox testing simulates an external attack with no prior knowledge of the target's internal systems.

1. Planning and Preparation

  • Define the Scope:
    • Identify systems, applications, and networks to be tested.
    • Exclude out-of-scope assets explicitly.
  • Obtain Authorization:
    • Secure legal permission to perform the test.
    • Document agreements in a formal contract.
  • Set Objectives:
    • Define testing goals (e.g., uncover critical vulnerabilities, assess incident response).
  • Form a Team:
    • Assign roles and responsibilities within the penetration testing team.

2. Reconnaissance (Information Gathering)

Passive Reconnaissance

  • Public Data Mining:
    • Search for sensitive information via Google, LinkedIn, GitHub, and social media.
  • WHOIS Lookup:
    • Gather domain registration details.
    • Use tools like whois or online services (e.g., whois.domaintools.com).
  • DNS Enumeration:
    • Discover subdomains and other records with tools like dig, dnsenum, or Amass.
  • OSINT Tools:
  • Shodan and Censys:
    • Locate exposed systems and services on the internet.

Active Reconnaissance

  • Ping Sweeps:
    • Use tools like fping or Nmap to identify live hosts.
  • Network Mapping:
    • Map out network topologies using traceroute tools.

3. Scanning and Enumeration

Network Scanning

  • Port Scanning:
    • Use Nmap to identify open ports and services.
    • Command: nmap -sS -p- -T4 <target>
  • Service Detection:
    • Perform banner grabbing to identify software and version numbers.
    • Command: nmap -sV -p <port> <target>

Vulnerability Scanning

  • Automated Tools:
    • Tools like Nessus and OpenVAS for network vulnerabilities.
    • Nikto for web server vulnerabilities.

Enumeration

  • User Enumeration:
    • Use Enum4linux for SMB-related data.
  • Directory/Service Enumeration:
    • Tools like Gobuster or Dirbuster for directory brute-forcing.
    • Command: gobuster dir -u http://<target> -w wordlist.txt
  • Network Enumeration:
    • Identify shared resources, user accounts, and network configurations.

4. Exploitation

  • Prioritize Vulnerabilities:
    • Use CVSS scores or business impact for prioritization.
  • Exploit Frameworks:
    • Use Metasploit for automated exploit delivery.
    • Command: msfconsole
  • Manual Exploitation:
    • Test manually for:
      • SQL Injection: Use SQLmap or manual payloads.
      • Cross-Site Scripting (XSS): Inject payloads like <script>alert(1)</script>.
      • File Upload Exploits: Test for unrestricted file uploads.
  • Privilege Escalation:
    • Use tools like LinPEAS or WinPEAS to identify misconfigurations.

5. Post-Exploitation

  • Impact Assessment:
    • Identify the value of the compromised system (e.g., sensitive data, critical services).
  • Pivoting:
    • Use the compromised system to explore deeper parts of the network.
  • Data Exfiltration:
    • Simulate extraction of sensitive data to test response capabilities.
  • Persistence:
    • Test persistence techniques like creating scheduled tasks or registry modifications (with authorization).

6. Reporting

  • Document Findings:
    • Detailed descriptions of vulnerabilities and exploitation methods.
    • Include screenshots or logs as evidence.
  • Provide Recommendations:
    • Offer clear remediation steps for identified vulnerabilities.
  • Executive Summary:
    • Summarize key findings and risks for non-technical stakeholders.
  • Technical Report:
    • Include technical details and proof-of-concept for system administrators.

7. Cleanup

  • Remove Artifacts:
    • Delete any files, tools, or accounts used during the test.
  • Verify System Integrity:
    • Confirm that systems are restored to their original state.
  • Document Cleanup:
    • Record all cleanup actions in the report.

8. Follow-Up

  • Validation Testing:
    • Confirm that vulnerabilities have been remediated by the organization.
  • Retrospective Analysis:
    • Assess the testing process to identify areas for improvement.

Commonly Used Tools

Reconnaissance

Scanning

Exploitation

Post-Exploitation

References

  • OWASP Testing Guide: OWASP
  • MITRE ATT&CK Framework: MITRE

This methodology ensures a systematic approach to blackbox penetration testing, covering all critical stages for an effective assessment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment