Offensive Security: Study on Penetration Testing Attacks, Methods, and their Types

Abstract

In the era of increasing growth of digitalization all information has become easily available through mobile and computer devices. This improvement has brought many useful and efficient technologies and services to peoples’ lives which are Web Application, Cloud Computing, Online Communication platforms, E-Commerce, and far more. While some users access this information with only good intentions, some use it to identify ways to destroy or steal valuable data, documents of a website, or in a physical building. As it is well known the term penetration testing is also named ethical hacking. Penetration testing is a set of procedures that emulates the actions of potential hackers but instead of taking advantage of the breaches found, penetration testers document them and present practical advice on how to fix identified weaknesses in the system. This study aims to discuss the types, the strategies of penetration testing, the code of conduct of penetration testers, the advantages, and the methodology in performing penetration testing. The method of penetration testing includes six stages that will be further discussed in detail. This paper illustrates a practical exercise in the example of the Five86-1 machine in a CTF format and that is built with the purpose of learning and gaining experience in conducting ethical hacking. All the attacks demonstrated in the paper are done in Kali Linux operating system. Further, the impact and critical analysis of the attacks is covered in the paper.