Penetration Testing: Legality, SOP, and Penetration Test
Added on 2023-01-18
26 Pages3368 Words66 Views
University
Semester
PENETRATION TESTING
Student ID
Student Name
Submission Date
1
Semester
PENETRATION TESTING
Student ID
Student Name
Submission Date
1
Table of Contents
Introduction...........................................................................................................................................3
Task 1 A Critical Discussion on the Legality of Hacking......................................................................3
1. Computer Crime Definition.......................................................................................................3
2. Criminal Activity Discussion.....................................................................................................4
3. Hacking Definition & Explanation............................................................................................4
4. Critical Discussion.....................................................................................................................5
Task 2 SOP for Pen - Testing................................................................................................................5
1. Pen Test Methodology Discussion.............................................................................................5
2. SOP for Pen Testing..................................................................................................................6
3. Decision Making Tree...............................................................................................................7
Task 3 Penetration Test.........................................................................................................................7
1. Attack Narrative........................................................................................................................8
2. Information Gathering.............................................................................................................13
3. Scanning and Enumeration......................................................................................................17
4. Vulnerability Detail & Mitigation............................................................................................19
4.1 Vulnerability Detail.............................................................................................................19
4.2 Vulnerability Mitigation......................................................................................................20
Conclusion and Reflection...................................................................................................................22
References...........................................................................................................................................23
2
Introduction...........................................................................................................................................3
Task 1 A Critical Discussion on the Legality of Hacking......................................................................3
1. Computer Crime Definition.......................................................................................................3
2. Criminal Activity Discussion.....................................................................................................4
3. Hacking Definition & Explanation............................................................................................4
4. Critical Discussion.....................................................................................................................5
Task 2 SOP for Pen - Testing................................................................................................................5
1. Pen Test Methodology Discussion.............................................................................................5
2. SOP for Pen Testing..................................................................................................................6
3. Decision Making Tree...............................................................................................................7
Task 3 Penetration Test.........................................................................................................................7
1. Attack Narrative........................................................................................................................8
2. Information Gathering.............................................................................................................13
3. Scanning and Enumeration......................................................................................................17
4. Vulnerability Detail & Mitigation............................................................................................19
4.1 Vulnerability Detail.............................................................................................................19
4.2 Vulnerability Mitigation......................................................................................................20
Conclusion and Reflection...................................................................................................................22
References...........................................................................................................................................23
2
Introduction
Main spot of this project is critically analysis and discussing the “Penetration Test”.
This project is divided into three tasks. The first task is used to provide the understanding of
the ethical and legal issues surrounding the hacking. To understand, the ethical and legal
issues of discussing why “Hacking” is not a criminal activity. Therefore, we shall define the
computer crime and a table will be constructed which will correlate the traditional crime to
the computer crime. It is used for providing the logical link for discussing the criminal
activity and also provides the definition and explanation of the hacking. The second task is
used for providing the understanding of the process of penetration testing and to critically
compare the penetration testing methodologies, design and develop a SOP (Standard
Operating Procedure) and also include the decision making tree which are used to describe
the information gathering, vulnerability identification and analysis, and target profiling. The
third task is used to provide the ability for conducting a full scale penetration testing in kali
Linux. These will be discussed and analysed in detail.
Task 1 A Critical Discussion on the Legality of Hacking
In this task, we shall discuss “why hacking is not a criminal activity”. It likely defines
the computer crime and a table is constructed which correlates the traditional crime with the
computer crime. In the discussion of criminal activity, the constructed table is used to provide
a logical link. Further, discussing what constitutes a criminal activity and provide the
definition as well as explain hacking. It is believed to give explanation on the opinion of
threat representative in hacking and it is used to appropriate the classifications of threat agent
and it will make use of opportunity, motivation and capability like the classifying attributes.
At last, the supported opinion related to why hacking is not a criminal activity will be
concluded.
1. Definition of Computer Crime
Computer crime is can be called as cyber-crime as well (Edwards, 2019). It refers to an
action which is completed by a user who is knowledgeable in computer and who is at times
denoted as the hacker. The hackers steal or browse the information of a company, on illegal
terms. Computer crimes comprises of various activities such as,
3
Main spot of this project is critically analysis and discussing the “Penetration Test”.
This project is divided into three tasks. The first task is used to provide the understanding of
the ethical and legal issues surrounding the hacking. To understand, the ethical and legal
issues of discussing why “Hacking” is not a criminal activity. Therefore, we shall define the
computer crime and a table will be constructed which will correlate the traditional crime to
the computer crime. It is used for providing the logical link for discussing the criminal
activity and also provides the definition and explanation of the hacking. The second task is
used for providing the understanding of the process of penetration testing and to critically
compare the penetration testing methodologies, design and develop a SOP (Standard
Operating Procedure) and also include the decision making tree which are used to describe
the information gathering, vulnerability identification and analysis, and target profiling. The
third task is used to provide the ability for conducting a full scale penetration testing in kali
Linux. These will be discussed and analysed in detail.
Task 1 A Critical Discussion on the Legality of Hacking
In this task, we shall discuss “why hacking is not a criminal activity”. It likely defines
the computer crime and a table is constructed which correlates the traditional crime with the
computer crime. In the discussion of criminal activity, the constructed table is used to provide
a logical link. Further, discussing what constitutes a criminal activity and provide the
definition as well as explain hacking. It is believed to give explanation on the opinion of
threat representative in hacking and it is used to appropriate the classifications of threat agent
and it will make use of opportunity, motivation and capability like the classifying attributes.
At last, the supported opinion related to why hacking is not a criminal activity will be
concluded.
1. Definition of Computer Crime
Computer crime is can be called as cyber-crime as well (Edwards, 2019). It refers to an
action which is completed by a user who is knowledgeable in computer and who is at times
denoted as the hacker. The hackers steal or browse the information of a company, on illegal
terms. Computer crimes comprises of various activities such as,
3
1) Cyber - Terrorism
2) Financial fraud crimes
3) Cyber warfare
4) Cyber extortion and more.
2. Criminal Activity Discussion
In general, the impression about hackers is that they are criminals, but is this right? It is
a wrong view which is limited, as it reflects on the black hat hackers, who in global hacking
community are only a minority community (Rayner, 2018). Thus, hacking is not necessarily a
criminal activity, as the computer hacker/ white hat hacker could be the individuals who
have knowledge of how to avoid the device/software’s limitations. The ethical hackers
always take permission prior to breaking into someone’s computer systems, with an intension
to identify the vulnerabilities and to improvise the system security. Thus, hacking can be
regarded as crime only if the individuals access system without the permission of the owner
(Edwards, 2019).
It is a common type of cybercrime and it includes identity theft, online predatory
crimes, unauthorized computer access and online bank information theft. It generally
comprises of a various activities, but these activities can likely be categorised as follows:
The crimes which target the computer devices/networks such crimes contain
DoS (denial of service) attacks along with viruses.
The crime which uses the computer network for advancing the other criminal
activities such crimes contain cyber talking, fraud, identity theft and phishing.
Cyber - Crime versus Traditional Crime
The cybercrime is a separate entity to traditional crime and it is carried out by the same
types of criminal for the same type of reasons. Both traditional and cyber - crimes conduct
the either omission or act which runs breach and fouls the rule of law. The cybercrimes
contain criminal activities which are conventional in nature like, fraud, theft, scam, intrusion,
defamation etc.
Computer crime and traditional crime are used to provide the logical link to the criminal
activity.
4
2) Financial fraud crimes
3) Cyber warfare
4) Cyber extortion and more.
2. Criminal Activity Discussion
In general, the impression about hackers is that they are criminals, but is this right? It is
a wrong view which is limited, as it reflects on the black hat hackers, who in global hacking
community are only a minority community (Rayner, 2018). Thus, hacking is not necessarily a
criminal activity, as the computer hacker/ white hat hacker could be the individuals who
have knowledge of how to avoid the device/software’s limitations. The ethical hackers
always take permission prior to breaking into someone’s computer systems, with an intension
to identify the vulnerabilities and to improvise the system security. Thus, hacking can be
regarded as crime only if the individuals access system without the permission of the owner
(Edwards, 2019).
It is a common type of cybercrime and it includes identity theft, online predatory
crimes, unauthorized computer access and online bank information theft. It generally
comprises of a various activities, but these activities can likely be categorised as follows:
The crimes which target the computer devices/networks such crimes contain
DoS (denial of service) attacks along with viruses.
The crime which uses the computer network for advancing the other criminal
activities such crimes contain cyber talking, fraud, identity theft and phishing.
Cyber - Crime versus Traditional Crime
The cybercrime is a separate entity to traditional crime and it is carried out by the same
types of criminal for the same type of reasons. Both traditional and cyber - crimes conduct
the either omission or act which runs breach and fouls the rule of law. The cybercrimes
contain criminal activities which are conventional in nature like, fraud, theft, scam, intrusion,
defamation etc.
Computer crime and traditional crime are used to provide the logical link to the criminal
activity.
4
3. Hacking Definition & Explanation
Hacking refers to an attempt of exploiting the computer network and devices. It can be
denoted as an unauthorized access for controlling the computer network’s security system for
the purpose of crime. While hacking might not be the way for malicious purpose, now a days,
most of hacking or hackers are used to being characterized as unlawful activity by
cybercriminal and it is motivated by the protest, financial gain, information gathering and to
have fun challenges (Gupta and Anand, 2017).
It is used to correct the characterizing of hacking as an over-arching umbrella term for
activity behind most if not all of the malware and malicious cyber-attacks on the computing
public, businesses, and governments. Besides social engineering and malvertising, common
hacking techniques includes (Malwarebytes, 2019),
DoS (Denial of service) attacks
Botnets
Viruses
Worms
Trojans
Ransom ware
Browser hijacks
Rootkits
4. Critical Discussion
Generally, hacking is referred to be identical to the illegal access of computer. So,
hacking is not any type of criminal activity. Always, the ethical hackers access the computer
systems with the permission for determining the appropriate vulnerabilities along with the
necessary improvement in system security.
The ethical hacking cannot be referred as criminal activity and it is not a crime if
legally accepted to hack. For instance, the intelligence gathering which is the first stage of
hacking is not essential a crime because the information collected in the process could be
used for research purposes rather than for the purposes of malicious activity. However,
hacking was not a crime from beginning when true hacking was linked with studying the
computer system and programming languages with hope of making the new innovations to
solve problems.
5
Hacking refers to an attempt of exploiting the computer network and devices. It can be
denoted as an unauthorized access for controlling the computer network’s security system for
the purpose of crime. While hacking might not be the way for malicious purpose, now a days,
most of hacking or hackers are used to being characterized as unlawful activity by
cybercriminal and it is motivated by the protest, financial gain, information gathering and to
have fun challenges (Gupta and Anand, 2017).
It is used to correct the characterizing of hacking as an over-arching umbrella term for
activity behind most if not all of the malware and malicious cyber-attacks on the computing
public, businesses, and governments. Besides social engineering and malvertising, common
hacking techniques includes (Malwarebytes, 2019),
DoS (Denial of service) attacks
Botnets
Viruses
Worms
Trojans
Ransom ware
Browser hijacks
Rootkits
4. Critical Discussion
Generally, hacking is referred to be identical to the illegal access of computer. So,
hacking is not any type of criminal activity. Always, the ethical hackers access the computer
systems with the permission for determining the appropriate vulnerabilities along with the
necessary improvement in system security.
The ethical hacking cannot be referred as criminal activity and it is not a crime if
legally accepted to hack. For instance, the intelligence gathering which is the first stage of
hacking is not essential a crime because the information collected in the process could be
used for research purposes rather than for the purposes of malicious activity. However,
hacking was not a crime from beginning when true hacking was linked with studying the
computer system and programming languages with hope of making the new innovations to
solve problems.
5
Task 2 SOP for Pen - Testing
In this task, we will critically compare the penetration testing methodologies, design and
develop a SOP(Standard Operating Procedure) and also include the decision making tree
which are used to describe the following phases such as,
Intelligence Gathering
Vulnerability Identification and Analysis
Target Exploitation and Post exploitation
These are discussed in detail.
1. Pen Test Methodology Discussion
The main objective of ethical hacking or manual penetration testing is to test the
infrastructure and application for vulnerabilities and security flaws by using the techniques by
hackers without causing the intentional damage. It can be used to test the desktop, mobile and
web based applications or network for security vulnerabilities (RedTeam Security, 2019).
The penetration testing methodologies and standards are used to cover everything related
to a penetration test. The penetration testing is used for determining the vulnerability and
digging deep for finding how much compromise can be afforded by the target, for legitimate
attack. It contains exploiting servers, firewalls, computers, networks and more for uncovering
the vulnerabilities. It highlights the practical risks that can be caused with the recognized
vulnerabilities. The following phases are present in penetration test:
Intelligence Gathering
Threat Modelling
Vulnerability Analysis
Exploitation
Reporting
2. SOP for Pen Testing
The SOP for Pen testing is used to describe the following phases.
Intelligence gathering
Intelligence gathering is used for gathering data or intelligence to assist in
managing the assessment actions. It is conducted to gather information about the
employee in an organization that can help us to get access, potentially private intelligence
of information that is otherwise related to the target (Infosec Resources, 2019).
6
In this task, we will critically compare the penetration testing methodologies, design and
develop a SOP(Standard Operating Procedure) and also include the decision making tree
which are used to describe the following phases such as,
Intelligence Gathering
Vulnerability Identification and Analysis
Target Exploitation and Post exploitation
These are discussed in detail.
1. Pen Test Methodology Discussion
The main objective of ethical hacking or manual penetration testing is to test the
infrastructure and application for vulnerabilities and security flaws by using the techniques by
hackers without causing the intentional damage. It can be used to test the desktop, mobile and
web based applications or network for security vulnerabilities (RedTeam Security, 2019).
The penetration testing methodologies and standards are used to cover everything related
to a penetration test. The penetration testing is used for determining the vulnerability and
digging deep for finding how much compromise can be afforded by the target, for legitimate
attack. It contains exploiting servers, firewalls, computers, networks and more for uncovering
the vulnerabilities. It highlights the practical risks that can be caused with the recognized
vulnerabilities. The following phases are present in penetration test:
Intelligence Gathering
Threat Modelling
Vulnerability Analysis
Exploitation
Reporting
2. SOP for Pen Testing
The SOP for Pen testing is used to describe the following phases.
Intelligence gathering
Intelligence gathering is used for gathering data or intelligence to assist in
managing the assessment actions. It is conducted to gather information about the
employee in an organization that can help us to get access, potentially private intelligence
of information that is otherwise related to the target (Infosec Resources, 2019).
6
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Penetration Testing: Ethical and Legal Issues, Methodology, and Full Scale Testing in Kali Linuxlg...
|20
|2559
|88
Penetration Testing Methodologieslg...
|18
|3974
|91
SOP for Penetration Testinglg...
|26
|2681
|31
Penetration Testing Report And Managementlg...
|12
|2862
|10
Penetration Testing Assesment Reportlg...
|11
|2643
|13
Penetration testing or pen testinglg...
|13
|2748
|20