Penetration Testing — Approach and Methodology

Profiling

Profiling involves gathering as much as information as possible about the target network for discovering the possible ways to
enter into the target organization. This involves determining the target operation systems, web server versions, DNS information,
platforms running, existence of vulnerabilities & exploits for launching the attacks. The information can be gathered using
various techniques such as Whois lookup, enquiring the DNS entries, google searches (using GHDB), social networking sites,
emails, websites, etc.

Discovery involves using the automated tools and manual techniques to identify the live hosts present in the network, determining
the target system’s operating system through banner grabbing, presence of open ports, services running, & versions
of the services, technology information, protocols and its version.
Enumerating an internal network allows the penetration tester to identify the network resources, & shares, users & groupsusers,
groups, routing tables, audit & serviceaudit, service settings, machine names, applications & bannersapplications,
banners and protocols & with its details. The identified information would allow the Penetration tTester to identify system
attack points and perform password…