![]() ![]() Burp allows us to intercept all traffic coming to/from a web server and modify the data, allowing us to check for vulnerabilities such as parameter tampering, injection attacks, etc. Burp Suite Professional is an extremely popular tool used by penetration testers for this purpose. Whenever we are evaluating the security of a web application, we use Burp Suite Professional. With that being said, Metasploit is much easier to use, maintains a list of connections and captured loot, and allows us to pivot from one machine to another, making it extremely useful. In some cases, a penetration tester needs to write their own exploits to take advantage of a known weakness. There are other tools available for exploiting known vulnerabilities, such as Powershell Empire. This is typically used throughout the assessment for a variety of different tasks, primarily due to its ease of use and ability to speed up some complex penetration testing tasks. By using Metasploit with a known vulnerability, Triaxiom can potentially gain remote code execution on the underlying host and implant a backdoor that can call back to our machine, among other things. Metasploit is a database of exploits that all fit inside a defined framework. ![]() Metasploit is another free, widely available tool used by penetration testers. Triaxiom Security uses Nessus Professional, but there are several different vulnerability scanners to choose from. Using that information, Triaxiom will then perform manual inspection of any identified vulnerabilities, verify they exist, and attempt to exploit them. A vulnerability scanner checks every service against a database of known vulnerabilities to see if there are any matches, and if so, reports them. However, we feel it is important to enumerate as many vulnerabilities as possible within the time we have allotted for a test in order to better assist you in protecting your network. In an actual attack, it is unlikely a vulnerability scan will be used, simply because it causes a lot of network traffic and is likely to be detected. This distinction separates a penetration test from an actual attack. At Triaxiom Security, we are not just trying to find a way to break into your network or application, but rather to enumerate all of the vulnerabilities that may allow an attacker to do so in the future. Vulnerability ScannerĪ penetration test, by default, includes a vulnerability scan. For example, if nmap finds an FTP service listening, it can check whether that FTP server allows anonymous logins. Finally, nmap can do some light vulnerability checking. Additionally, nmap has some built in capabilities to enumerate what versions of software are listening on these ports. Once a list of discovered hosts are identified, nmap can be used to scan all 65 thousand TCP ports as well as the common UDP ports. Using nmap, our engineer will run custom scans designed to identify what hosts are listening on the network. Typically nmap would be used early in an assessment to scan the range of IP addresses and determine what ports are open, and some light enumeration of services. As such it is one of the most popular tools used by penetration testers. Nmap is a free, publicly available, network scanner. Each of these tools is designed to give us more insight into what services and versions of software are running or allow us to interact with the network or applications in ways that a typical user wouldn’t. These are the same tools an attacker might use when trying to hack into your organization, and that’s the primary reason we use them. ![]() So while some of these tools cost money, all are readily available on the Internet. A penetration test is designed to emulate an attacker trying to breach your network or gain access to sensitive data. In this blog, we will explore some of the most common tools used by penetration testers when performing an assessment. ![]()
0 Comments
Leave a Reply. |