Penetration Testing: Tools for Attack
May 29, 2013
Both ethical cyber security professionals and malicious hackers, commonly use Linux open source tools when performing vulnerability scans and penetration testing to find security flaws and potential access points within a computer’s operating system, network, browser or banners.
In fact, 90% of hackers use these free tools to infiltrate a system and either uncover flaws that should be fixed or cause serious damage to an organization and its resources.
The prospect of a hacker being able to penetrate a network quickly and at little cost can be frightening, so how can you ensure that your system is truly secure before a hacker breaks in? The answer is actually simple, attack it the same way a hacker would. This is exactly what Certified Ethical Hackers (CEH) do to protect organizations.
The first step to performing any type of penetration test is to download a Linux-based operating system that can effectively use the open-source tools commonly used by ethical and malicious hackers.
The top systems in use today include:
Kali is one of the best open-source operating systems available to pen-testers. Kali essentially takes all of the top pen-testing applications and features that an Ethical Hacker would need to attack and exploit a computing environment. Overall, the Kali system is most closely related to the design of a Fedora environment. Read this blog post on building a virtual lab to hack ethically with Kali Linux and other tools.
PwnPi is the other main operating system used for penetration testing. Similar to Kali, this software is a free Linux-based software available to anyone and can be used anywhere.
After a pen-tester has downloaded their operating system of choice, the Social-Engineering Toolkit is the first package any “would be” hacker should purchase. This toolkit, created by TrustedSec, is essentially a how-to box for simulating social engineering attacks. The free download outlines the various open source software available and how to properly use it for a targeted penetration test.
Such tools include:
Wifi Pineapple is a hardware device used for wireless penetration testing. This small piece of equipment is capable of creating rogue, or “evil twin,” access points and breaking into a network’s real access points. This device, so long as it is within range of the wireless access points, can monitor all data sent and received.
Java Applet Attack
Java Applet Attack is a Linux-based distribution program within the Social-Engineering Toolkit that can easily affect any Windows, Linux or Mac OS X platform. This program works to specifically compromise any Java-based vulnerability and is considered one of the most successful and popular methods among hackers.
Once a cyber security professional or malicious hacker has downloaded or purchased a combination of the tools above in conjunction with TrustedSec’s Social-Engineering Toolkit they will have the tools necessary to penetrate a network and compromise its vulnerabilities.