No offence, but if you need to ask then you probably shouldn't be doing it. The tools are the least important part of the process.
Mostly Word... Open Office if that's your bent, or Latex if you're going to be doing it for lots of places . --- Whats the business goal here? Or do you just want to point a VB6 GUI at your environment and click "Hack Me"?
I read a recent professional pentest report, and all I can say is wow. How they cracked the superuser level account was in my opinion genius, but probably just a day at the office for these guys. I was particularly blown away by how often an unusual sideways shuffle got them out of a dead-end. Echoing the same thoughts - exact tools are not really a good place to start. On the other hand, if you know what you want to do, you can probably find a tool or at the very least, some sample source code for you to compile your own tool. The real art of pentesting is knowing what kinds of weaknesses to look for, and how to link them together.
I can't be too particular, but it comes down to the normal security practices. You have to lock all the doors. If there is an option to password protect something, its usually because it can be exploited. Thing of thinks like BIOSes, encrypting desktop hard disks, routing protocols. They're are a pain in the ass to do. Thats why they're an easy and safe target to get a foothold. Reveal nothing unless required and secure. Password reuse - thats what allowed the sideways move i mentioned earlier. And privileged users - they have to be by-the-book. Fixing a trivial workstation issue with a DA account - unnecessary and dangerous. There's just too many breadcrumbs left behind, especially with windows.
I've been through a few pen tests, and they're always the same. Somewhere along the line, someone's made a shortcut to "just quickly make something work". These compromises get found, abused, and broken. I see it every day. Someone will want to do something, I'll tell them "do it right", they'll tell me they don't have the time and it's not that big a deal anyway blah blah. 6 months later it appears on a pen test, and everyone needs to spend twice the money fixing it than they would have doing it right in the first place.
What did you use when you were a pen tester? Recommended tools are based completely upon what you are trying to compromise.
I've been getting into reading about pentesting and ethical hacking, and it's made me look at the environments I manage in a whole different way.
tools are irrelevant really, the environment is very relevant will you have access to it remotely or physical? what's the client expectation? just get Admin or is it for PCI-DSS ? I normally use Cain and Abel for quick dirty ARP poisoning and poking around (90% of the time i gain admin with that) and Kali for the rest Yersinia for a lot of the cisco stuff, Armitage and Burp ... but it depends on what you find really, there are always tools you just gotta find vectors
Based of the detailed PasteBin dump I read on how the Hacking Team got hacked, I'm not even coming close to deluding myself that I could Pen test my own business adequately these days Ridiculously scary shit. Certainly makes me re-evaluate "pen testing" companies when they list out what sort of testing they could do while speaking to us.
2nd set of eyes is as important as knowing what you're doing. If you try to test your own stuff, you're going to focus on what you already know about it (consciously or subconsciously).
Yeah, most impressive, for a company supposedly all about security, they had some glaring policy/procedural issues.
I've been competing in a number of CTF comps lately. For web application testing one of the most useful is Burp Suite. Check it out
You can't lawyer yourself, you can't doctor yourself, you can't proofread yourself, you can't pentest yourself.
Surprised it hasn't been mentioned, just use the Kali OS, it has all the tools you need. For a listing of decent pentest companies, CREST has a good list @ http://www.crestaustralia.org/approved.html
There is no one size fits all for pentesting. It depends what sector you're in mostly, and the person managing/working in the environment being tested shouldn't be the one to do the testing, because they'll know the network and where to poke around. A reputable company will have the skills to get in if there are any holes in the security without this knowledge and is what you need to know to patch up. The demo's we were shown were using Kali, and seemed simple to use.
That needs to be repeated 100 times. Doing some pre-testing yourself is OK. Hopefully that will remove obvious stupid mistakes before a real test. But never, ever call self-testing complete.
