1
00:00:00,660 --> 00:00:03,030
-: It is time we slowly start getting

2
00:00:03,030 --> 00:00:05,790
into penetration testing process.

3
00:00:05,790 --> 00:00:08,790
For now, we didn't yet perform any hacking,

4
00:00:08,790 --> 00:00:10,590
but we are getting there.

5
00:00:10,590 --> 00:00:13,290
It is important we get the basics first

6
00:00:13,290 --> 00:00:15,840
and that we know why we do everything.

7
00:00:15,840 --> 00:00:18,000
And trust me, later in the course,

8
00:00:18,000 --> 00:00:19,800
we'll be doing some serious stuff

9
00:00:19,800 --> 00:00:21,720
and everything will make sense

10
00:00:21,720 --> 00:00:24,120
because we covered all the basics first

11
00:00:24,120 --> 00:00:26,130
and we didn't just jump into something

12
00:00:26,130 --> 00:00:27,843
without any preparation.

13
00:00:28,890 --> 00:00:31,590
So in this video we will be briefly talking about

14
00:00:31,590 --> 00:00:33,810
stages of penetration test.

15
00:00:33,810 --> 00:00:37,290
How does it go, in which order do we perform the steps,

16
00:00:37,290 --> 00:00:40,770
and which steps are crucial. For now on,

17
00:00:40,770 --> 00:00:43,533
we got our virtual lab set up.

18
00:00:44,550 --> 00:00:45,960
We installed Kali Linux

19
00:00:45,960 --> 00:00:49,140
and all the tools that hackers use are now available

20
00:00:49,140 --> 00:00:51,090
for us in our machine.

21
00:00:51,090 --> 00:00:52,890
We also performed some configuration

22
00:00:52,890 --> 00:00:54,927
to it to get it full screen, as well

23
00:00:54,927 --> 00:00:58,530
as performed setup for internet connection.

24
00:00:58,530 --> 00:01:01,256
From now, the basic steps that we are going to do

25
00:01:01,256 --> 00:01:04,830
is we use our Kali Linux machine to scan and

26
00:01:04,830 --> 00:01:09,830
attack different machines, networks, websites and accounts.

27
00:01:10,140 --> 00:01:12,840
But how are we going to do that?

28
00:01:12,840 --> 00:01:14,760
Do we just magically attack it,

29
00:01:14,760 --> 00:01:18,510
and do we just install virus on their machines somehow?

30
00:01:18,510 --> 00:01:20,970
And if so, how do we do that?

31
00:01:20,970 --> 00:01:24,450
What about Trojans, password cracking, or phishing?

32
00:01:24,450 --> 00:01:26,370
Is that what we do?

33
00:01:26,370 --> 00:01:30,003
Well, that is just a small portion of a penetration test.

34
00:01:31,110 --> 00:01:33,690
First thing, and most important thing

35
00:01:33,690 --> 00:01:35,670
before we even start a penetration test

36
00:01:35,670 --> 00:01:38,160
on a target, is to figure out

37
00:01:38,160 --> 00:01:41,730
do we have permission to attack this target?

38
00:01:41,730 --> 00:01:44,370
This is very important since you don't want to

39
00:01:44,370 --> 00:01:46,800
be attacking machines or target networks

40
00:01:46,800 --> 00:01:49,320
that you do not have permission to attack.

41
00:01:49,320 --> 00:01:52,950
It could be that client told me to only test one machine

42
00:01:52,950 --> 00:01:55,770
on the network and not the entire network.

43
00:01:55,770 --> 00:01:59,820
Therefore, I'm only allowed to test that one machine.

44
00:01:59,820 --> 00:02:04,290
Or it could be that our client has multiple networks

45
00:02:04,290 --> 00:02:07,560
and they only allowed us to test one of them.

46
00:02:07,560 --> 00:02:10,440
That means you should not go around and try to

47
00:02:10,440 --> 00:02:13,710
hack different machines on a different network.

48
00:02:13,710 --> 00:02:15,930
Now, these are only some of the examples

49
00:02:15,930 --> 00:02:19,620
but, what's important to get out of this, is that always

50
00:02:19,620 --> 00:02:23,610
have permission to perform a penetration test.

51
00:02:23,610 --> 00:02:26,430
Trying to hack or hacking something that you are not

52
00:02:26,430 --> 00:02:29,010
allowed to hack could potentially get you

53
00:02:29,010 --> 00:02:32,010
into some serious trouble if you get caught.

54
00:02:32,010 --> 00:02:35,280
Now that we got that out of the way, let us finally talk

55
00:02:35,280 --> 00:02:38,700
about different stages of penetration testing.

56
00:02:38,700 --> 00:02:40,680
We already know that there are five of them

57
00:02:40,680 --> 00:02:43,530
and the first one is Reconnaissance or

58
00:02:43,530 --> 00:02:45,303
or Information Gathering.

59
00:02:46,307 --> 00:02:50,760
Now Reconnaissance is the act of gathering information

60
00:02:50,760 --> 00:02:54,750
about your target to better plan out your attack.

61
00:02:54,750 --> 00:02:58,710
And this type of penetration testing is the only one

62
00:02:58,710 --> 00:03:01,950
that you can perform on any website or target that you want,

63
00:03:01,950 --> 00:03:05,730
since gathering information about something is not illegal.

64
00:03:05,730 --> 00:03:08,650
there are two ways that we can go about doing

65
00:03:08,650 --> 00:03:09,483
Information Gathering;

66
00:03:09,483 --> 00:03:13,440
actively, by directly interacting with our target,

67
00:03:13,440 --> 00:03:15,510
or it can be done passively,

68
00:03:15,510 --> 00:03:18,360
without interacting with the target.

69
00:03:18,360 --> 00:03:20,460
A simple example of this would be,

70
00:03:20,460 --> 00:03:23,160
let's say you want to gather information for Facebook

71
00:03:23,160 --> 00:03:26,640
and you would do it actively by visiting Facebook page

72
00:03:26,640 --> 00:03:28,860
and getting all the information that you can

73
00:03:28,860 --> 00:03:30,990
from the Facebook page itself.

74
00:03:30,990 --> 00:03:33,540
While passively, it would be if you went

75
00:03:33,540 --> 00:03:35,490
on some other website that talks

76
00:03:35,490 --> 00:03:37,530
about Facebook and you get information

77
00:03:37,530 --> 00:03:40,590
about Facebook from that other website.

78
00:03:40,590 --> 00:03:42,960
This would mean you never interacted with Facebook,

79
00:03:42,960 --> 00:03:46,293
therefore you performed a passive Information Gathering.

80
00:03:47,310 --> 00:03:50,266
After this step comes Scanning.

81
00:03:50,266 --> 00:03:53,460
Here is where you can start getting in trouble,

82
00:03:53,460 --> 00:03:55,263
if you do it without permission.

83
00:03:56,220 --> 00:03:59,220
Scanning is a deeper form of Information Gathering

84
00:03:59,220 --> 00:04:02,340
using technical tools to find openings in the target

85
00:04:02,340 --> 00:04:04,950
and in the systems that you're attacking.

86
00:04:04,950 --> 00:04:08,130
These openings can be gateways, open ports,

87
00:04:08,130 --> 00:04:12,210
operating systems that target runs, and so on and so on.

88
00:04:12,210 --> 00:04:15,150
In this step, we also perform vulnerability scanning,

89
00:04:15,150 --> 00:04:17,190
which is just searching for vulnerable software

90
00:04:17,190 --> 00:04:19,110
in the target system or network

91
00:04:19,110 --> 00:04:21,153
that could possibly be exploited.

92
00:04:22,050 --> 00:04:26,220
After Information Gathering and Scanning comes third step,

93
00:04:26,220 --> 00:04:31,110
which is Gaining Access or so called Exploitation.

94
00:04:31,110 --> 00:04:35,340
And, this is the step where we actually hack the target.

95
00:04:35,340 --> 00:04:38,100
We use information that we gathered in phase one

96
00:04:38,100 --> 00:04:42,300
and phase two, take control of any number of target devices.

97
00:04:42,300 --> 00:04:45,660
Gaining access of target devices allows us to steal data

98
00:04:45,660 --> 00:04:48,660
from their system or to use those devices to

99
00:04:48,660 --> 00:04:52,500
attack other devices on the same network.

100
00:04:52,500 --> 00:04:56,070
Usually after this step you can consider penetration

101
00:04:56,070 --> 00:04:57,780
tests to be successful,

102
00:04:57,780 --> 00:05:01,050
since you manage to gain access to a target system.

103
00:05:01,050 --> 00:05:05,280
However, this is not the last step of a penetration test.

104
00:05:05,280 --> 00:05:09,063
After Exploitation comes Maintaining Access.

105
00:05:09,900 --> 00:05:13,683
This step with the fifth step is sometimes optional.

106
00:05:14,790 --> 00:05:17,280
You might not need to always perform last steps

107
00:05:17,280 --> 00:05:20,370
since client might only care whether their system

108
00:05:20,370 --> 00:05:23,730
is penetrable, therefore you prove them it is,

109
00:05:23,730 --> 00:05:26,790
after the third step, if there was a vulnerability

110
00:05:26,790 --> 00:05:30,270
of course. However, maintaining access is also

111
00:05:30,270 --> 00:05:33,690
important step and it is commonly done by installing

112
00:05:33,690 --> 00:05:36,720
back doors and planting root kits.

113
00:05:36,720 --> 00:05:39,750
But a back door and root kits are are simply programs

114
00:05:39,750 --> 00:05:43,050
that will allow us to gain access to that target whenever

115
00:05:43,050 --> 00:05:46,203
we want without the need to exploit it again.

116
00:05:47,070 --> 00:05:49,590
We just connect to the back door that we planted

117
00:05:49,590 --> 00:05:52,260
in the target system and there it is.

118
00:05:52,260 --> 00:05:54,690
We are again on their machine.

119
00:05:54,690 --> 00:05:59,690
And last step of penetration test is Covering Tracks.

120
00:05:59,910 --> 00:06:03,540
Covering Tracks is simply removing all evidence

121
00:06:03,540 --> 00:06:06,210
that an attack ever took place.

122
00:06:06,210 --> 00:06:10,530
This can involve deleting or hiding files, editing logs,

123
00:06:10,530 --> 00:06:13,200
or basically reverting any changes that you did

124
00:06:13,200 --> 00:06:16,920
to the system while the attack took place.

125
00:06:16,920 --> 00:06:20,700
Okay so, these five steps are entire process

126
00:06:20,700 --> 00:06:24,240
of a penetration test and we're going to cover them

127
00:06:24,240 --> 00:06:27,720
in great detail throughout our course.

128
00:06:27,720 --> 00:06:31,021
Keep in mind that these steps should be performed in order.

129
00:06:31,021 --> 00:06:35,010
And one more important thing is in case you're a beginner,

130
00:06:35,010 --> 00:06:36,990
you might think that third step

131
00:06:36,990 --> 00:06:39,240
which is Exploitation or Gaining Access

132
00:06:39,240 --> 00:06:42,060
is the most important step of the process.

133
00:06:42,060 --> 00:06:45,150
Even though it is very important and crucial,

134
00:06:45,150 --> 00:06:48,510
the most important steps are actually Information Gathering

135
00:06:48,510 --> 00:06:50,310
and Scanning.

136
00:06:50,310 --> 00:06:53,220
It is in these two steps that we gather information

137
00:06:53,220 --> 00:06:56,820
about the target and discover vulnerabilities.

138
00:06:56,820 --> 00:06:59,580
So if you're not that good in gathering information,

139
00:06:59,580 --> 00:07:03,480
you might miss some things that could be used to gain access

140
00:07:03,480 --> 00:07:05,820
to the machine, therefore preventing you

141
00:07:05,820 --> 00:07:08,490
to find an actual vulnerability.

142
00:07:08,490 --> 00:07:11,310
So just keep that in mind that Information Gathering

143
00:07:11,310 --> 00:07:13,353
is 70% of work.

144
00:07:14,280 --> 00:07:17,250
Okay good, so, we talked a little about these phases

145
00:07:17,250 --> 00:07:21,270
but before we get to perform each one of these steps

146
00:07:21,270 --> 00:07:23,820
we must first get a little familiar with our

147
00:07:23,820 --> 00:07:25,740
Kali Linux machine.

148
00:07:25,740 --> 00:07:28,110
So in the next few lectures we're going to get

149
00:07:28,110 --> 00:07:30,780
into details about terminal and some

150
00:07:30,780 --> 00:07:34,200
of the commands we can run and execute with it.

151
00:07:34,200 --> 00:07:35,033
See you there.