I've always been fascinated by the science behind hacking, the art of exploitation, cracking something, thinking about how it all works. Finding a vulnerability and then exploiting it isn't as easy as it looks like in the videos. Trying to write my first ever blog, I thought of starting it with writing about the field I love the most.
Penetration testing often called as 'pen testing' has been the most important and rapid growing sectors of cyber security field. With growing data there is growing demand for security to protect it as well and this is where the role of an Ethical hacker comes into play. Pen testing is done by an hacker to crack and find out the vulnerability inside any system, the idea is to get the security professionals act like attackers and crack the system down to find its vulnerability and further help the organization to strengthen it in order to protect it from any real offensive attack.
We know there are good as well as bad people in any field, you as an ethical hacker would do everything by taking the permission from the organization, under the law, though our intention should be to crack the organization's security yet only to strengthen it more, not to use it for any false purposes and this is what differentiates us from the bad one's.
Alright! Enough about the banal theory, lets get started..
If I'd have to really talk about the requirements in detail, I'd probably have to write another blog for it, but I would like to be as simple and precise telling you the most basic requirements needed for getting started with penetration testing.
1) Networking basics - You don't have to know everything but basics are very important like -
MAC Addresses, the OSI Model, specially the
three-way handshake protocol. Common ports and their protocols and subnetting. File transfer protocols like
ssh Having this much knowledge for starters is enough to dive into this field.
2) Linux - You would probably be setting up your testing lab using either
kali linux or
parrot, these distros have inbuilt tools which are really helpful in carrying out the attacks. Ofcourse you can go ahead and make your own tool and scripts but for starters this is where almost every other newbie starts its journey, you would get your work done and focus more about the methodology behind pen testing rather than worrying about coding the tools and programs to run attacks. Get familiar with basic linux commands like navigating file systems, network commands, starting and stopping services, users and privileges.
3) Programming and Scripting - Most important, though not necessary to be god in it, but yes you should have an intermediate level knowledge about any programming language like
ruby because mostly all the tools are written using these languages. I've seen many people say its not necessary to know any language but not according to me, as someday or the other you will write your own exploits and make tools, so why not to start learning in advance, you can contribute to the community by helping improve on some existing exploits and tools as well. Also, having some knowledge about bash scripting is very useful in post exploitation.
4) Hacking Paradigms - Even if theoretical but having a good knowledge about basic hacking paradigms is important, for example
reverse tcp shell,
remote exploits, maintaining the
covering the tracks. These are some very common things done while exploitation and should be understood.
There are a ton, I repeat a ton of tools available to begin with, and its really hard to choose between them. But I would list out some of the most basic tools which you'll use executing any attack.
Nmap : An amazing network scanning tool coming with a lot of different modes to scan a given target. You can use this tool to find out all the open ports on the victims machine and plan out your attack from there. An aggressive nmap scan can even list out the available vulnerabilities and exploit hints available if any.
dirbuster : Mostly used when targeting a web server, both the tools help you get all the directories of an website, from where you can find and target any vulnerable thread and break into the server
hydra: One of the most powerful tool for brute-force attack. You can use this tool brute force against any login form and easily crack the admin password if they have not set their password hard enough.
metasploit : Most powerful and widely used with over 7000+ available exploits, Metasploit makes your job way easier. It helps you by providing an exploit for almost every other vulnerability. It is widely used to gain access in a system.
All these tools come inbuilt in Kali Linux
For starters, you can signup on some platforms like Hack The Box and Try Hack Me, they have some free as well as paid hackable rooms. They even provide a step by step guide and tutorial to start using the tools used for pen testing.
Research, Research and Research! I can't emphasize more over this point. The more you read and research the more you come across amazing hacking techniques and walkthroughs, get to know about new vulnerabilities discovered and their patching technique. The never ending process of unraveling a new exploit and sewing the old one, you have to keep learning new techniques and try improvising them.
To take your skills to the next level you can go for some certifications such as OSCP and CEH by EC-Counsel.
Above all this is the most important thing which has to be in you and that is the motivation and eagerness to learn and explore more about this field. This is one the most ever changing fields of computer Universe and one needs to keep himself updated about all the new tools and exploits available.