©2019 Security Unleashed | New Delhi

  • Animesh Gupta

Network Penetration Testing Checklist


Network Penetration Testing determines vulnerabilities in the network posture by discovering Open ports, determining Operating System running ,Troubleshooting live systems, services and grabbing banners.


The pen-testing helps administrator to close unused ports, additional services, Hide or Customize banners, Troubleshooting services and to calibrate firewall rules. The organisations should test in all ways to guarantee there is no security loophole.

Let’s see how we conduct a step by step Network penetration testing by using some famous network scanners.


1. HOST DISCOVERY


Footprinting is the first and important phase were one gather information about their target system.

DNS footprinting helps to enumerate DNS records like (A, MX, NS, SRV, PTR, SOA, CNAME) resolving to the target domain.

  • A A record is used to point the domain name such as cybertechops.com to the IP address of it’s hosting server.

  • MX Records responsible for Email exchange.

  • NS NS records are to identify DNS servers responsible for the domain.

  • SRV – Records to distinguish the service hosted on specific servers.

  • PTR Reverse DNS lookup, with the help of IP you can get domain’s associated with it.

  • SOA Start of record, it is nothing but the information in the DNS system about DNS Zone and other DNS records.

  • CNAME Cname record maps a domain name to another domain name.

We can detect live hosts, accessible hosts in the target network by using network scanning tools such as Advanced IP scanner, NMAP, HPING3, NESSUS.

Ping&Ping Sweep:root@kali:~# nmap -sn 192.168.169.128root@kali:~# nmap -sn 192.168.169.128-20 To ScanRange of IProot@kali:~# nmap -sn 192.168.169.* Wildcardroot@kali:~# nmap -sn 192.168.169.128/24 Entire Subnet

Whois Information 

To obtain Whois information and name server of a webiste

root@kali:~# whois cybertechops.com
  1. http://whois.domaintools.com/

  2. https://whois.icann.org/en

Traceroute


Network Diagonastic tool that displays route path and transit delay in packets


root@kali:~# traceroute google.com


Online Tools

  1. http://www.monitis.com/traceroute/

  2. http://ping.eu/traceroute/


2. PORT SCANNING


Perform port scanning using tools such as Nmap, Hping3, Netscan tools, Network monitor. These tools help us to probe a server or host on the target network for open ports.

Open ports are the gateway for attackers to enter in and to install malicious backdoor applications.


root@kali:~# nmap –open cybertechops.com To find all open ports

root@kali:~# nmap -p 80 192.168.169.128 Specific Port

root@kali:~# nmap -p 80-200 192.168.169.128 Range of ports

root@kali:~# nmap -p “*” 192.168.169.128 To scan all ports


Online Tools

  1. http://www.yougetsignal.com/

  2. https://pentest-tools.com/information-gathering/find-subdomains-of-domain

3. Banner Grabbing/OS Fingerprinting


Perform banner Grabbing/OS fingerprinting such as Telnet, IDServe, NMAP determines the operating system of the target host and the operating system.

Once you know the version and operating system of the target, we need to find the vulnerabilities and exploit.Try to gain control over the system.


root@kali:~# nmap -A 192.168.169.128

root@kali:~# nmap -v -A 192.168.169.128 with high verbosity level


Online Tools

  1. https://www.netcraft.com/

  2. https://w3dt.net/tools/httprecon

  3. https://www.shodan.io/

4. Scan for Vulnerabilities


Scan the network using Vulnerabilities using GIFLanguard, Nessus, Ratina CS, SAINT.

These tools help us in finding vulnerabilities with the target system and operating systems.With this steps, you can find loopholes in the target network system.

GFILanguard

It acts as a security consultant and offers patch Management, Vulnerability assessment, and network auditing services.

Nessus

Nessus a vulnerability scanner tool that searches bug in the software and finds a specific way to violate the security of a software product.

  • Data gathering.

  • Host identification.

  • Port scan.

  • Plug-in selection.

  • Reporting of data.

5. Draw Network Diagrams


Draw a network diagram about the organization that helps you to understand logical connection path to the target host in the network.

The network diagram can be drawn by LANmanager, LANstate, Friendly pinger, Network view.


6. Prepare Proxies


Proxies act as an intermediary between two networking devices. A proxy can protect the local network from outside access.

With proxy servers, we can anonymize web browsing and filter unwanted contents such as ads and many other.

Proxies such as Proxifier, SSL Proxy, Proxy Finder..etc, to hide yourself from being caught.


7. Document all Findings


The last and the very important step is to document all the Findings from Penetration testing.

This document will help you in finding potential vulnerabilities in your network. Once you determine the Vulnerabilities you can plan counteractions accordingly.

You can download rules and scope Worksheet here – Rules and Scope sheet 

Thus, penetration testing helps in assessing your network before it gets into real trouble that may cause severe loss in terms of value and finance.


Important Tools used for Network Penetration Testing

Frameworks


Kali Linux, Backtrack5 R3, Security Onion


Reconnaisance


Smartwhois, MxToolbox, CentralOps, dnsstuff, nslookup, DIG, netcraft


Discovery


Angry IP scanner, Colasoft ping tool, nmap, Maltego, NetResident,LanSurveyor, OpManager


Port Scanning


Nmap, Megaping, Hping3, Netscan tools pro, Advanced port scannerService Fingerprinting Xprobe, nmap, zenmap


Enumeration


Superscan, Netbios enumerator, Snmpcheck, onesixtyone, Jxplorer, Hyena,DumpSec, WinFingerprint, Ps Tools, NsAuditor, Enum4Linux, nslookup, Netscan


Scanning


Nessus, GFI Languard, Retina,SAINT, Nexpose


Password Cracking


Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow

Crack


Sniffing


Wireshark, Ettercap, Capsa Network Analyzer


MiTM Attacks


Cain & Abel, Ettercap


Exploitation


Metasploit, Core Impact


This is the Most important checklist you should concentrate with Network penetration Testing .