Scribd Logo
Upload

Welcome to Scribd!

  • Pen Test

    Uploaded by

    Austin Azenga
    9 views3 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    9 views3 pages

    Pen Test

    Uploaded by

    Austin Azenga

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 3

    SUMMARY

    PenTest Expert was contacted by Top Motors to do a penetration test in order to find

    out its vulnerabilities from a potential attack. All of the tests were being done to

    simulate an attacker who was involved in the attack against Top Motors. Determined

    attempts used general security access levels that common users have over the

    network. The main goal was to identify and exploit vulnerabilities, that a possible

    remote attacker can use to obtain illegal access to the company’s information.

    STAGES

    PLAN AND RECONNAISSANCE

    In this stage, PenTest Expert took time and gathered information that related to Top

    Motors such as domain name, servers, IP address. Information available on the

    public space was also considered.

    VULNERABILITY SCANS

    In this step PenTest Expert engages with Top Motors in order to find possible

    vulnerabilities, by probing the network and web applications and identify poor

    configurations, open ports, and current services that are available.

    ACCESS

    In this stage exploitable vulnerabilities that have been identified are used to access

    Top Motors’ network and applications.

    PERSISTENCE
    This step guarantees that access obtained, is then preserved whenever the system

    is shut down or changed.

    EXPLOITATION

    A control environment is used here and backups are created to reduce damage on

    the network. PenTest Expert will throw a series of attacks on the systems by trying to

    obtain sensitive information using escalated privileges from previous steps or

    unveiling a denial of service attack.

    REPORTING

    When the penetration test simulation is over, the evidence of vulnerability within the

    organization is reported to decision makers.

    TOOLS AND METHODS

    Tools that were used to identify known vulnerabilities are listed below. Most of them

    are able to present reports used to engage other procedures and compliment

    subsequent stages.

    Nessus

    Nessus was selected for scanning the network and web application vulnerability. It

    features different natures of scans meant to identify vulnerabilities. So that PenTest

    Experts will then determine further exploitations.

    Metasploit

    This is an exploitation framework that is able to create payloads to access, and

    escalate privileges.
    Dirbuster

    This tool searches for the availability of directories that can be found within the

    network or web application using a given library.

    You might also like