1
00:00:00,630 --> 00:00:06,360
It is time we slowly start getting into penetration testing process for now.

2
00:00:06,700 --> 00:00:10,140
We didn't yet perform any hacking, but we are getting there.

3
00:00:10,590 --> 00:00:15,600
It is important we get the basics first and that we know why we do everything.

4
00:00:15,780 --> 00:00:21,330
And trust me, later in the course, we will be doing some serious stuff and everything will make sense

5
00:00:21,690 --> 00:00:27,750
because we covered all the basics first and we didn't just jump into something without any preparation.

6
00:00:28,880 --> 00:00:34,670
So in this video, what will be briefly talking about stages of penetration test, how does it go?

7
00:00:34,910 --> 00:00:40,280
In which order do we perform the steps and which steps are crucial for now?

8
00:00:40,760 --> 00:00:43,430
We've got our virtual lab setup.

9
00:00:44,550 --> 00:00:50,610
We installed clinics and all the tools that hackers use are now available for us in our machine.

10
00:00:51,060 --> 00:00:57,420
We also performed some configuration to it to get it full screen as well as performed set up for Internet

11
00:00:57,420 --> 00:00:57,870
connection.

12
00:00:58,530 --> 00:01:05,340
From now, the basic steps that we are going to do is we will use our clinics machine to scan and attack

13
00:01:05,730 --> 00:01:09,630
different machines, networks, websites and accounts.

14
00:01:10,120 --> 00:01:12,190
But how are we going to do that?

15
00:01:12,840 --> 00:01:14,550
Do we just magically attack it?

16
00:01:14,700 --> 00:01:18,280
And do we just install virus on their machines somehow?

17
00:01:18,450 --> 00:01:20,470
And if so, how do we do that?

18
00:01:20,940 --> 00:01:23,920
What about Trojans password cracking or phishing?

19
00:01:24,480 --> 00:01:25,410
Is that what we do?

20
00:01:26,340 --> 00:01:29,880
Well, that is just a small portion of a penetration test.

21
00:01:31,100 --> 00:01:37,400
First thing and most important thing before we even start the penetration test on target is to figure

22
00:01:37,400 --> 00:01:41,180
out do we have permission to attack this target?

23
00:01:41,780 --> 00:01:47,270
This is very important, since you don't want to be attacking machines or target networks that you do

24
00:01:47,270 --> 00:01:48,710
not have permission to attack.

25
00:01:49,310 --> 00:01:55,300
It could be that client told me to only test one machine on the network and not the entire network.

26
00:01:55,760 --> 00:01:59,420
Therefore, I'm only allowed to test that one machine.

27
00:01:59,780 --> 00:02:06,920
Or it could be that our client has multiple networks and they only allowed us to test one of them.

28
00:02:07,550 --> 00:02:12,860
That means you should not go around and try to hack different machines on a different network.

29
00:02:13,670 --> 00:02:15,950
Now, these are only some of the examples.

30
00:02:15,950 --> 00:02:22,730
But what's important to get out of this is that all of us have permission to perform a penetration test.

31
00:02:23,600 --> 00:02:29,330
Trying to hack or hacking something that you are not allowed to hack could potentially get you into

32
00:02:29,330 --> 00:02:31,340
some serious trouble if you get caught.

33
00:02:32,010 --> 00:02:38,270
Now that we got that out of the way, let us finally talk about different stages of penetration testing.

34
00:02:38,690 --> 00:02:45,230
We already know that there are five of them, and the first one is reconnaissance or information gathering.

35
00:02:46,630 --> 00:02:53,980
Now, reconnaissance is the act of gathering information about your target to better plan out your attack,

36
00:02:54,700 --> 00:03:01,210
and this type of penetration testing is the only one that you can perform on any website or target that

37
00:03:01,210 --> 00:03:01,720
you want.

38
00:03:01,960 --> 00:03:07,600
Since gathering information about something is not illegal, there are two ways that we can go about

39
00:03:07,600 --> 00:03:15,160
doing information gathering actively by directly interacting with our target, or it can be done passively

40
00:03:15,520 --> 00:03:17,680
without interacting with the target.

41
00:03:18,370 --> 00:03:24,190
A simple example of this would be, let's say you want to gather information for Facebook and you would

42
00:03:24,190 --> 00:03:29,560
do it actively by visiting Facebook page and getting all the information that you can from the Facebook

43
00:03:29,560 --> 00:03:30,310
page itself.

44
00:03:30,970 --> 00:03:37,030
While passively it would be if you went to some other website that talks about Facebook and you get

45
00:03:37,030 --> 00:03:39,800
information about Facebook from that other website.

46
00:03:40,600 --> 00:03:42,940
This would mean you never interact with Facebook.

47
00:03:42,940 --> 00:03:46,240
Therefore, you performed a passive information gathering.

48
00:03:47,250 --> 00:03:49,530
After the step comes scanning.

49
00:03:50,560 --> 00:03:55,140
Here is where you can start getting in trouble if you do it without permission.

50
00:03:56,220 --> 00:04:02,340
Scanning is a deeper form of information gathering, using technical tools to find openings in the target

51
00:04:02,340 --> 00:04:09,210
and in the systems that you're attacking, these openings can be gateways, open ports, operating systems

52
00:04:09,210 --> 00:04:11,810
that target runs and so on and so on.

53
00:04:12,180 --> 00:04:17,190
In this step, we also perform vulnerability scanning, which is just searching for vulnerable software

54
00:04:17,190 --> 00:04:21,060
in the target system or network that could possibly be exploited.

55
00:04:21,980 --> 00:04:30,280
After information gathering and scanning comes third step, which is gaining access or so-called exploitation,

56
00:04:31,070 --> 00:04:37,820
and this is the step where we actually hack the target, we use information that we gathered in phase

57
00:04:37,820 --> 00:04:41,570
one and phase to take control of any number of target devices.

58
00:04:42,290 --> 00:04:48,680
Gaining access of target devices allows us to steal data from their system or to use those devices to

59
00:04:48,680 --> 00:04:51,860
attack other devices on the same network.

60
00:04:52,530 --> 00:04:59,000
Usually after this step, you can consider penetration tests to be successful since you managed to gain

61
00:04:59,000 --> 00:05:00,350
access to a target system.

62
00:05:01,010 --> 00:05:08,930
However, this is not the last step of a penetration test after exploitation comes maintaining access.

63
00:05:09,900 --> 00:05:13,560
This step with the fifth step is sometimes option.

64
00:05:14,770 --> 00:05:20,350
You might not need to always perform last steps, since client might only care whether their system

65
00:05:20,350 --> 00:05:23,260
is penetrable, therefore you prove them.

66
00:05:23,260 --> 00:05:27,280
It is after the third step if there was a vulnerability, of course.

67
00:05:27,970 --> 00:05:34,480
However, maintaining access is also important step, and it is commonly done by installing back doors

68
00:05:34,480 --> 00:05:35,890
and planting fruit kits.

69
00:05:36,670 --> 00:05:43,090
But a back door and road kits are simply programs that will allow us to gain access to that target whenever

70
00:05:43,090 --> 00:05:46,080
we want without the need to exploit it again.

71
00:05:47,050 --> 00:05:50,710
We just connect to the back door that we planted in the target system.

72
00:05:50,710 --> 00:05:51,970
And there it is.

73
00:05:52,240 --> 00:05:54,130
We are again on their machine.

74
00:05:54,640 --> 00:05:58,990
And last step of penetration test is covering tracks.

75
00:05:59,890 --> 00:06:05,630
Covering tracks is simply removing all evidence that an attack ever took place.

76
00:06:06,220 --> 00:06:13,060
This can involve deleting or hiding files, editing logs, or basically reverting any changes that you

77
00:06:13,060 --> 00:06:15,970
did to the system while the attack took place.

78
00:06:16,890 --> 00:06:24,820
OK, so these five steps are entire process of a penetration test and we're going to cover them in great

79
00:06:24,820 --> 00:06:26,940
detail throughout our course.

80
00:06:27,700 --> 00:06:30,700
Keep in mind that these steps should be performed in order.

81
00:06:31,390 --> 00:06:37,210
And one more important thing is, in case you're a beginner, you might think that third step, which

82
00:06:37,210 --> 00:06:43,270
is exploitation or gaining access, is the most important step of the process, even though it is very

83
00:06:43,270 --> 00:06:44,620
important and crucial.

84
00:06:45,160 --> 00:06:49,570
The most important steps are actually information gathering and scanning.

85
00:06:50,290 --> 00:06:56,210
It is in these two steps that we gather information about the target and discover vulnerabilities.

86
00:06:56,800 --> 00:07:02,650
So if you're not that good in gathering information, you might miss some things that could be used

87
00:07:02,650 --> 00:07:07,640
to gain access to the machine, therefore preventing you to find an actual vulnerability.

88
00:07:08,470 --> 00:07:13,210
So just keep that in mind that information gathering is 70 percent of work.

89
00:07:14,260 --> 00:07:14,890
OK, good.

90
00:07:14,920 --> 00:07:21,430
So we talked a little about these phases, but before we get to perform each one of these steps, we

91
00:07:21,430 --> 00:07:24,780
must first get a little familiar with our Kleenex machine.

92
00:07:25,890 --> 00:07:31,690
In the next few lectures, we're going to get into details about terminal and some of the commands we

93
00:07:31,690 --> 00:07:33,510
can run and execute with it.

94
00:07:34,180 --> 00:07:34,720
See you there.