Introduction to Pentesting

Introduction To Pentesting

This is the start of a new series in the TryHackMe write-up. We’ll start with the Jr Penetration Tester learning route. Introduction to Pentesting would be the first chapter on this route. This will assist you in comprehending what a penetration test entails, as well as the testing methods and procedures that every pentester should be familiar with.

 

It’s first room, Pentesting Fundamentals. Which room will assist you in learning the critical ethics and procedures that underpin every pentest. In This room we will learn lot’s of basic information about Pentesting.

 

What is Penetration Testing?

 

Cybersecurity is important to everyone in the current world, whether it’s a strong password policy to safeguard your emails or corporations and other organisations that need to protect both their equipment and their data from harm.

 

A penetration test, also known as a pentest, is an ethical effort to test and analyse the security defences in place to safeguard these assets and bits of data. A penetration test is comparable to an audit in that it uses the same tools, methods, and processes that someone with malicious intent would employ.

 

In this answer box we don’t need to answer.

 

 

Penetration Testing Ethics

While an activity may be lawful, it may go against an individual’s belief system of right and wrong. During a penetration test, penetration testers are often confronted with ethically dubious choices.  They may get access to a database and be provided with potentially sensitive information, for example.  Perhaps they’re testing an organization’s human security by phishing an employee.  If the activity was agreed upon at the early phases, it is lawful if morally dubious.

Answer the questions below

**Please first try yourself to get the answer, if you can’t find then follow our answers.**

 

You are given permission to perform a security audit on an organisation; what type of hacker would you be?

Answer: White Hat

You attack an organisation and steal their data, what type of hacker would you be?

Answer: Black Hat

What document defines how a penetration testing engagement should be carried out?
Answer: Rules of Engagement

 
 

Penetration Testing Methodologies

Within the scope of penetration testing, there may be a broad range of goals and targets. As a result, no two penetration tests are same, and there is no one-size-fits-all method to penetration testing. The methodology refers to the actions taken by a penetration tester during an engagement. A smart technique is one in which the actions done are appropriate to the current circumstance. Having a technique for testing the security of a web application, for example, is not realistic for testing the security of a network.

Answer the questions below

**Please first try yourself to get the answer, if you can’t find then follow our answers.**

What stage of penetration testing involves using publicly available information?
Answer: Information Gathering

If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We’re looking for the acronym here and not the full name.
Answer: OSSTMM

What framework focuses on the testing of web applications?
Answer: OWASP

 
 

Black box, White box, Grey box Penetration Testing

 

When testing an application or service, there are three main scopes to consider. They are: Black Box, White Box and Grey Box.

 

Answer the questions below
**Please first try yourself to get the answer, if you can’t find then follow our answers.**

 

You are asked to test an application but are not given access to its source code – what testing process is this?
Answer: Black Box

You are asked to test a website, and you are given access to the source code – what testing process is this?
Answer: White Box

 

Practical: ACME Penetration Test

In this room, They will give you site view option. Click over their and read everything by clicking next. Then you will get the answer.

ACME has approached you for an assignment. They want you to carry out the stages of a penetration test on their infrastructure. View the site (by clicking the green button on this task) and follow the guided instructions to complete this exercise.

 

Answer the questions below
**Please first try yourself to get the answer, if you can’t find then follow our answers.**

Complete the penetration test engagement against ACME’s infrastructure.
Answer: THM{PENTEST_COMPLETE}

Congratulations! Well done. You completed first room ‘Pentesting Fundamentals‘. Please follow our website for more write-up

Leave a Comment