![]()
CHAPTER 1
Start with Penetration Testing and Basic Python
Nowadays, the need for cybersecurity is becoming a dire necessity due to the rise of cyber-attacks not only on an individual level but also on corporate and government levels. Cyber-attacks have become more sophisticated and harder to detect. Ethical hackers may have different skills and may have followed different paths, but they all share one common skill: programming.
In the first part of this chapter, we will learn about the different penetration testing methodologies in use nowadays. We will also learn about wireless and mobile applications penetration testing and red teaming activities. We will familiarize ourselves with different tools that are being used by ethical hackers.
If you are not familiar with the basics of Python programming; in the second part of this chapter, you will learn about the basics of Python programming and how to create your first program. If you already are a penetration tester, you can skip ahead to Chapter 2, Cracking with Python, which will shed light on how to use Python in cracking.
NOTE: The offensive tools and programming scripts you will learn in this book can be used only in your local environment. Using offensive tools in a live environment like companies requires written permission from the entity. Always remember that penetration testing without a permission from clients is illegal. Note: Tools and programming scripts in this book will be tested in a local environment. You need to set up your environment using virtualization as a first step, you can choose between VMWARE (https://www.vmware.com/products/) or Oracle Virtual Box (https://www.virtualbox.org). In the second step, you need to download and install an updated KALI Linux on a virtual machine from (https://www.kali.org/downloads/). Also, you need to install Windows on a virtual machine preferably a Windows 7. Make sure the two virtual machines are on the same IP range using (NAT or Bridged). If any other tools or software are required, they will be indicated when appropriate in the chapters.
Structure
In this chapter, the following topics will be covered:
- Introducing penetration testing
- Different assessment methodologies
- Wireless testing
- Mobile application penetration testing
- Penetration testing tools
- Python variables
- Python statements
- Python operators
- Python functions
- Python classes
Objectives
When you complete the first part of this chapter, you will be able to understand different penetration testing methodologies and red teaming, you will also understand all the penetration testing phases. You will get practical knowledge on the most offensive tools being used these days by the ethical hackers.
When you complete the second part of this chapter, you will be writing your scripts using Python3 in which you get the required programming skills to write advanced scripts in the coming chapters.
Introducing Penetration Testing
Penetration testing, pen testing, or ethical hacking all refer to the process of testing a computer system, network, web application or wireless mobile applications to find security holes or vulnerabilities that may be abused by malicious users or criminals to gain unauthorized access to a system. Malicious users are not only external users, but can also be internal ones, or employees; many reported incidents were from inside organizations. Penetration testers use their skills to prove the existence of security holes in different systems so they can fix those security holes, and consequently, prevent access of attackers who may abuse them.
Penetration testers usually have the knowledge and the expertise that enables them to test different environments to discover security holes. This expertise and knowledge should contain at least one programming language which makes them not fully dependent on existing tools, and of course the deep knowledge of systems, networks, and web protocols.
However, knowing how to use different hacking tools and their limits and how they work in the background is necessary, as most systems that are being tested are in production, so any mistakes will affect the client’s business. In the end, you can write everything.
Penetration testers should have mixed knowledge of how to use existing tools and the ability to write his/her scripts and programs. Depending only on existing tools to discover vulnerabilities is not efficient, as we have recently seen many private and governmental entities being attacked successfully, despite penetration testing and red teaming assessments being carried out.
This is because many companies don't apply manual penetration testing that focuses on discovering vulnerabilities in application functionalities. Instead, they depend solely on vulnerability scanners that lead to inaccurate results and many false positives.
The only systems that are not tested during operation are SCADA which are systems that are being used in countries’ infrastructures. The rationale behind this is that any mistake or wrong packet is sent while testing it will cause a disaster; since SCADA systems control oil and gas operations, water and electricity, nuclear powers, vessels, and so on. Therefore, governments most of the time clone the operating system to allow the penetration testers to try to find potential vulnerabilities. Besides, updating and patching the vulnerabilities as well as the replacement of software or hardware is not easy as they require suspending certain production functions.
There are two types of penetration testing:
- Automated: This is concerned with using different tools to discover existing vulnerabilities.
- Manual: This is concerned with viewing the application manually without using the tools or scanners and trying to abuse the application's functionality. Usually, manual testing is used in web applications and source code review.
Exploits Writing
There is a common misunderstanding that penetration testers should be able to discover the zero-day vulnerability which is a type of vulnerability that has a zero-day patch (that is, the vendor doesn't know about its existence). Usually, this type of vulnerability costs thousands of dollars in the black market. Penetration testers don’t have to know how to discover zero-days simply because it takes a very long time to them on software or hardware. However, the pen tester must know about the basic reverse engineering and exploitation development. In certain companies and governments, exploit writers and reverse engineers are hired to create cyber weapons for the government.
A lot of penetration testers don’t discover zero-day vulnerabilities in client applications or networks simply because this requires lots of time and persistence. Usually, zero-day vulnerabilities are only discovered in governmental entities. They must know, however, how the memory works during a program's execution. They should also be aware of the assembly languages to understand how to read programs from the debuggers and manipulate CPU registers which are small storage systems that store the programs’ data during execution. We are going to talk about this in Chapter 10, Exploit Development with Python.
The Origin of the Term Hacking
There is a huge misunderstanding about the term hacking. Hacking, in today's world, is related to criminal activities like stealing money, fraud, or destroying a company’s system. This is particularly the case in the media. However, if we look at hacking from a cyber-security perspective, we realize that it is related to attacking systems to prove they are being vulnerable or exploitable, which is partly correct, but not totally.
The term hacking came from MIT in 1955. It started with a group calling themselves hackers who edited and modified train models and elaborated miniature buildings. Hacking originally referred to understanding a system so deeply that you can modify it or add functions to it. It’s not only related to computers; a person who modified the mechanics of a car is known as a car hacker, for example. Returning to the cybersecurity domain, if we apply...
