Course taster

Five techniques for pen testing

In ethical hacking, a pen tester will usually implement one of the five techniques depicted below (select the following titles to show more details):

The pen tester will launch their attack steps using external resources without a physical presence on the network. This is used to test the outside presence of an organisation and what would happen should an external attack be launched against the organisation.

The pen tester will usually launch their attack while on-site. This could be achieved in multiple ways, including connecting to an insecure access point or connecting their computer to an activated unused network port.

The pen tester is not provided with any information about the company, apart from the company name. With blind testing, the reconnaissance step is the longest in the process and can sometimes take months to complete.

In double-blind testing, the pen tester does not usually have any information about the company, and the internal security team are not aware that a pen testing exercise is taking place on their network. This is an ideal situation to simulate a real-life example without financial loss.

In this step, the security team and the pen tester work together to test the organisation’s network, evaluate methods and tools to test the reliance of the network, and share learned lessons upon competition.

Activity: Google hacking

Time commitment: 1 hour

Complete table 1.1 below.

A directory listing is a type of webpage that lists the files and directories located on a webserver, which could be hosted on an organisation's network. Directories can be navigated by using the links located on the page. The issue with directory entries is that once they are accessed, there are no restrictions on which files can be downloaded.

Example 1: A Google search result

results of a Google search using intitle:index.of parent directory

Example 2: A Google search result

Results of a Google search using intitle:index.of name size

Google operators can be used to build queries to do the following:

Create a table like the one below and record your findings.

Table 1.1

Google operator usedServer typeServer version
Google operator used =    
Google operator used =    
Google operator used =     
Google operator used =