Are your planning to carry out a network penetration test?
Do you feel overwhelmed with all the nuts and bolts of network penetration testing and don’t even know where to start?
A few years ago when I was new into network penetration testing I often got frustrated trying to find the right network pentesting checklist to use. I really needed a step by step network penetration testing checklist that I could follow to ensure I covered all the areas.
So in this post today, we are going to look at a 5 step network pentesting checklist to use to ensure your pentesting efforts deliver results.
Before we get into the details, let’s start by outlining 3 reasons why you should perform a network pentest in the first place…
Right.
I’m assuming that you are a pentester already, but if you are completely new to this field, here are the best penetration testing courses online to get you started.
Now I’m sure you know that performing a network security test is mandatory if you want to avoid losses in revenue and reputation when a hacker finds this out.
So let’s get into the network pentesting checklist… The step by step network pentesting checklist that you have to follow when running a network security test on a client system or on your own target organization.
While there are many other types of penetration testing that I will talk about in a future posts… we’ll limit ourselves to network penetration testing in this article.
Along this network pentesting checklist I’ll mention a number of network pentesting tools that will help you perform each task.
While there are thousands of tools for pentesting your network out there, I limit myself to these penetration testing tools because I find them easy to use.
Trying to use every tool I bump into on the internet just adds to the noise in my head and makes me lose my mind 🙂
Let’s get right into step 1.
The goal of the first step in this network pentesting checklist is to gather as much information about your target network as possible.
It should be information that can potentially be used to exploit vulnerabilities. Since you’ll mostly just have an IP address or a URL initially, this is the point where you will use a tool like Nmap to enumerate the IP DNS records.
Nmap is an information gathering tool that will get you DNS records of an IP address like A, MX, NS, SRV, PTR, SOA, CNAME records. This article on Cloudwards explains into details what there DNS records are and what you can use them for.
It will also enable you detect all the hosts on the network, what services they are providing and the server software & versions they are running.
Because certain server software versions have known vulnerabilities, we’ll need this information in step 2 of this network penetration testing checklist.
Another very important piece of information you’ll need before you can formulate an attack model are the open ports availability. Again using Nmap, you’ll be able to discover and enlist all open ports in the entire network. Open ports are the key way for malicious hackers to gain unauthorized or backdoor access into a network and install malicious scripts.
After collecting all the information you can about your target network, it’s time to use this information for something dicey.
Step 2 of this network penetration testing checklist involves using this information to run tests on the target system, scouting for obvious vulnerabilities. At this point your are simply trying to enlist all the vulnerabilities available on the network, without necessarily moving forward to attack them and see if they are really exploitable.
We’ll see about that in a later step in this network pentesting checklist.
Note also that while you can use automated tests to scan for network system vulnerabilities, you’ll also need to run some manual tests as well.
It is at this point that you use a network pentest tool like Metasploit framework to gain any critical information about security vulnerabilities on a target system. Metasploit will enable you find all the loopholes and security flaws on your target with a very low percentage of false positives.
The less false positives you get the better, because you’ll spend less time to manually verify them.
Another vulnerability scanner tool like Nessus is also great for finding software bugs and possible ways to violate the software security. With the information on operating systems and versions, you can use Nmap to then find known vulnerabilities for potential exploits on the target.
Now…
With information on all the vulnerabilities on your target, let’s move to step 3 of this network pentesting methodology.
With all the information about the system vulnerabilities…
I know you are excited to fire Metasploit and take the damn network down!
But wait a minute… Not all vulnerabilities are worth trying to exploit. All the vulnerability assessment tools that you used in step 2 of this network pentest checklist exported some reports. It’s now time to look into these reports and categorise the security flaws with their level of severity…
Based on this report you’ll be able to formulate an attack plan to exploit them.
The aim of the vulnerability analysis step is to identify suitable targets for an exploit so that you don’t waste your time doing unnecessary tasks. It is at this point that you can draw a network diagram to help you understand the logical network connection path.
You’ll also want to prepare proxies that you’ll use in step 4 to keep yourself anonymous so that these attacks cannot be traced back to you.
Or you’ll get yourself in some really trouble boy 🙁
Having noted the attractive targets for exploitation at this point, it is time to determine the most appropriate attack vectors for the vulnerabilities identified. This is where you develop your plan of attack in this network pentesting checklist.
It is after actual attacks that you’ll know if these noted vulnerabilities are actually exploitable.
A plain is more or less the target hosts, the flaws to attack and the tools to use. With a plain in place let’s now get our hands dirty in step 4.
Now go ahead and exploit the vulnerabilities.
No really. It’s time.
Exploitation means carrying out the vulnerabilities’ actual exploit in a bid to ascertain whether the vulnerability is actually exploitable. This is very important because it’ll help in step 5 of this penetration testing checklist when proving your client with the vulnerabilities that they need to fix immediately.
The tools that I often use at this point for exploitation include Metasploit, Burp Suite and Wireshark.
I’ll also use password cracking tools like Aircrack or Cain & Abel, to give a run on the password strength of the network passphrase. With these wireless password cracking tools, you’ll achieve greater success because they have very smart algorithms.
They can break network password using various methods like brute force attack and dictionary attacks.
This network pentest stage might also involve other heavy manual testing tasks that are often very time intensive. So vulnerability exploitation may involve SQL injection, password cracking, buffer overflow, OS commands among others.
Like I said, remember to stay anonymous on a proxy like Proxifier or use a network pentest tool like Inundador to hide your identity.
You might also resort to social engineering at this stage. This is where you interact with your target’s staff with a view to fish out critical information like login credentials from them. Yeah, there is not much to write is this step of the network pentest checklist… Because it’s filled with more action and less talk.
The delivery and reporting phase on network penetration testing is very important.
While reporting you should take time to ensure you communicate the value of your service and findings satisfactorily.
A good network pentest report should give an overview of the entire penetration testing process. This should be followed by the most critical network vulnerabilities that need to be addressed with utmost urgency possible.
Follow this with the vulnerabilities that, even though exploitable, are less critical to the network’s operation. Include download links to the appropriate download sites if software updates or patch installations are mentioned in your recommendations.
Don’t forget to include a summary of the vulnerability statistics together with screenshots of your exploit attempts.
A well written pentesting report will help in formulating a plan to counter the flaws. Which is the ultimate point of network penetration testing… To assess your network, identify and seal loopholes before a malicious hacker finds them to avoid loss in revenue and reputation…
When say there is a sensitive user data theft or a malicious hacker takes your network down.
Those are the important points that I think are key in a network pentest report. You can even go ahead and pretty things up by creating a powerpoint version of your report for presentation before a team.
That’s it.
My 5 step ultimate network penetration testing checklist that guarantees results.
Related:
Hacking vs Ethical Hacking
Whether you are running a network pentest on a client network or just want to break into a target organization network…
It is always important to follow a proper network penetration testing methodology. With this network pentest checklist you’ll be able to carry out a properly formulated large scale attack on a network without leaving any intricate details out.
However, there is no one-size-fits all checklist for performing network penetration testing.
But after performing penetration testing multiple times, I find this 5 step pentesting checklist to always get the job done. It will help you stay on track with your pen testing efforts. Feel free to modify it as you see fit for your organization or target system needs.
One thing to remember is to always use the best network pentest tools for the job…
With the right tools you’ll be able to save yourself some time and brain bandwidth from having to run manual tests to identify false positives. Use a tool that uses proof-based technology to weed out false positives.
Lastly, even though I have mentioned free tools a lot in this penetration testing checklist, commercial tools always deliver better, if not the best results. If you have the right budget, go for the paid alternative of these tools because they are always frequently updated, well tested and offer vendor support.
Did you find this network pentesting checklist useful for running your pentest? Have you used any of the tools that I mentioned in this network pen testing checklist before? Please share your experience in the comments below.