Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,630 --> 00:00:06,360 It is time we slowly start getting into penetration testing process for now. 2 00:00:06,700 --> 00:00:10,140 We didn't yet perform any hacking, but we are getting there. 3 00:00:10,590 --> 00:00:15,600 It is important we get the basics first and that we know why we do everything. 4 00:00:15,780 --> 00:00:21,330 And trust me, later in the course, we will be doing some serious stuff and everything will make sense 5 00:00:21,690 --> 00:00:27,750 because we covered all the basics first and we didn't just jump into something without any preparation. 6 00:00:28,880 --> 00:00:34,670 So in this video, what will be briefly talking about stages of penetration test, how does it go? 7 00:00:34,910 --> 00:00:40,280 In which order do we perform the steps and which steps are crucial for now? 8 00:00:40,760 --> 00:00:43,430 We've got our virtual lab setup. 9 00:00:44,550 --> 00:00:50,610 We installed clinics and all the tools that hackers use are now available for us in our machine. 10 00:00:51,060 --> 00:00:57,420 We also performed some configuration to it to get it full screen as well as performed set up for Internet 11 00:00:57,420 --> 00:00:57,870 connection. 12 00:00:58,530 --> 00:01:05,340 From now, the basic steps that we are going to do is we will use our clinics machine to scan and attack 13 00:01:05,730 --> 00:01:09,630 different machines, networks, websites and accounts. 14 00:01:10,120 --> 00:01:12,190 But how are we going to do that? 15 00:01:12,840 --> 00:01:14,550 Do we just magically attack it? 16 00:01:14,700 --> 00:01:18,280 And do we just install virus on their machines somehow? 17 00:01:18,450 --> 00:01:20,470 And if so, how do we do that? 18 00:01:20,940 --> 00:01:23,920 What about Trojans password cracking or phishing? 19 00:01:24,480 --> 00:01:25,410 Is that what we do? 20 00:01:26,340 --> 00:01:29,880 Well, that is just a small portion of a penetration test. 21 00:01:31,100 --> 00:01:37,400 First thing and most important thing before we even start the penetration test on target is to figure 22 00:01:37,400 --> 00:01:41,180 out do we have permission to attack this target? 23 00:01:41,780 --> 00:01:47,270 This is very important, since you don't want to be attacking machines or target networks that you do 24 00:01:47,270 --> 00:01:48,710 not have permission to attack. 25 00:01:49,310 --> 00:01:55,300 It could be that client told me to only test one machine on the network and not the entire network. 26 00:01:55,760 --> 00:01:59,420 Therefore, I'm only allowed to test that one machine. 27 00:01:59,780 --> 00:02:06,920 Or it could be that our client has multiple networks and they only allowed us to test one of them. 28 00:02:07,550 --> 00:02:12,860 That means you should not go around and try to hack different machines on a different network. 29 00:02:13,670 --> 00:02:15,950 Now, these are only some of the examples. 30 00:02:15,950 --> 00:02:22,730 But what's important to get out of this is that all of us have permission to perform a penetration test. 31 00:02:23,600 --> 00:02:29,330 Trying to hack or hacking something that you are not allowed to hack could potentially get you into 32 00:02:29,330 --> 00:02:31,340 some serious trouble if you get caught. 33 00:02:32,010 --> 00:02:38,270 Now that we got that out of the way, let us finally talk about different stages of penetration testing. 34 00:02:38,690 --> 00:02:45,230 We already know that there are five of them, and the first one is reconnaissance or information gathering. 35 00:02:46,630 --> 00:02:53,980 Now, reconnaissance is the act of gathering information about your target to better plan out your attack, 36 00:02:54,700 --> 00:03:01,210 and this type of penetration testing is the only one that you can perform on any website or target that 37 00:03:01,210 --> 00:03:01,720 you want. 38 00:03:01,960 --> 00:03:07,600 Since gathering information about something is not illegal, there are two ways that we can go about 39 00:03:07,600 --> 00:03:15,160 doing information gathering actively by directly interacting with our target, or it can be done passively 40 00:03:15,520 --> 00:03:17,680 without interacting with the target. 41 00:03:18,370 --> 00:03:24,190 A simple example of this would be, let's say you want to gather information for Facebook and you would 42 00:03:24,190 --> 00:03:29,560 do it actively by visiting Facebook page and getting all the information that you can from the Facebook 43 00:03:29,560 --> 00:03:30,310 page itself. 44 00:03:30,970 --> 00:03:37,030 While passively it would be if you went to some other website that talks about Facebook and you get 45 00:03:37,030 --> 00:03:39,800 information about Facebook from that other website. 46 00:03:40,600 --> 00:03:42,940 This would mean you never interact with Facebook. 47 00:03:42,940 --> 00:03:46,240 Therefore, you performed a passive information gathering. 48 00:03:47,250 --> 00:03:49,530 After the step comes scanning. 49 00:03:50,560 --> 00:03:55,140 Here is where you can start getting in trouble if you do it without permission. 50 00:03:56,220 --> 00:04:02,340 Scanning is a deeper form of information gathering, using technical tools to find openings in the target 51 00:04:02,340 --> 00:04:09,210 and in the systems that you're attacking, these openings can be gateways, open ports, operating systems 52 00:04:09,210 --> 00:04:11,810 that target runs and so on and so on. 53 00:04:12,180 --> 00:04:17,190 In this step, we also perform vulnerability scanning, which is just searching for vulnerable software 54 00:04:17,190 --> 00:04:21,060 in the target system or network that could possibly be exploited. 55 00:04:21,980 --> 00:04:30,280 After information gathering and scanning comes third step, which is gaining access or so-called exploitation, 56 00:04:31,070 --> 00:04:37,820 and this is the step where we actually hack the target, we use information that we gathered in phase 57 00:04:37,820 --> 00:04:41,570 one and phase to take control of any number of target devices. 58 00:04:42,290 --> 00:04:48,680 Gaining access of target devices allows us to steal data from their system or to use those devices to 59 00:04:48,680 --> 00:04:51,860 attack other devices on the same network. 60 00:04:52,530 --> 00:04:59,000 Usually after this step, you can consider penetration tests to be successful since you managed to gain 61 00:04:59,000 --> 00:05:00,350 access to a target system. 62 00:05:01,010 --> 00:05:08,930 However, this is not the last step of a penetration test after exploitation comes maintaining access. 63 00:05:09,900 --> 00:05:13,560 This step with the fifth step is sometimes option. 64 00:05:14,770 --> 00:05:20,350 You might not need to always perform last steps, since client might only care whether their system 65 00:05:20,350 --> 00:05:23,260 is penetrable, therefore you prove them. 66 00:05:23,260 --> 00:05:27,280 It is after the third step if there was a vulnerability, of course. 67 00:05:27,970 --> 00:05:34,480 However, maintaining access is also important step, and it is commonly done by installing back doors 68 00:05:34,480 --> 00:05:35,890 and planting fruit kits. 69 00:05:36,670 --> 00:05:43,090 But a back door and road kits are simply programs that will allow us to gain access to that target whenever 70 00:05:43,090 --> 00:05:46,080 we want without the need to exploit it again. 71 00:05:47,050 --> 00:05:50,710 We just connect to the back door that we planted in the target system. 72 00:05:50,710 --> 00:05:51,970 And there it is. 73 00:05:52,240 --> 00:05:54,130 We are again on their machine. 74 00:05:54,640 --> 00:05:58,990 And last step of penetration test is covering tracks. 75 00:05:59,890 --> 00:06:05,630 Covering tracks is simply removing all evidence that an attack ever took place. 76 00:06:06,220 --> 00:06:13,060 This can involve deleting or hiding files, editing logs, or basically reverting any changes that you 77 00:06:13,060 --> 00:06:15,970 did to the system while the attack took place. 78 00:06:16,890 --> 00:06:24,820 OK, so these five steps are entire process of a penetration test and we're going to cover them in great 79 00:06:24,820 --> 00:06:26,940 detail throughout our course. 80 00:06:27,700 --> 00:06:30,700 Keep in mind that these steps should be performed in order. 81 00:06:31,390 --> 00:06:37,210 And one more important thing is, in case you're a beginner, you might think that third step, which 82 00:06:37,210 --> 00:06:43,270 is exploitation or gaining access, is the most important step of the process, even though it is very 83 00:06:43,270 --> 00:06:44,620 important and crucial. 84 00:06:45,160 --> 00:06:49,570 The most important steps are actually information gathering and scanning. 85 00:06:50,290 --> 00:06:56,210 It is in these two steps that we gather information about the target and discover vulnerabilities. 86 00:06:56,800 --> 00:07:02,650 So if you're not that good in gathering information, you might miss some things that could be used 87 00:07:02,650 --> 00:07:07,640 to gain access to the machine, therefore preventing you to find an actual vulnerability. 88 00:07:08,470 --> 00:07:13,210 So just keep that in mind that information gathering is 70 percent of work. 89 00:07:14,260 --> 00:07:14,890 OK, good. 90 00:07:14,920 --> 00:07:21,430 So we talked a little about these phases, but before we get to perform each one of these steps, we 91 00:07:21,430 --> 00:07:24,780 must first get a little familiar with our Kleenex machine. 92 00:07:25,890 --> 00:07:31,690 In the next few lectures, we're going to get into details about terminal and some of the commands we 93 00:07:31,690 --> 00:07:33,510 can run and execute with it. 94 00:07:34,180 --> 00:07:34,720 See you there. 10196