Penetration Testing: Tools for Attack
Both ethical cyber security professionals and malicious hackers, commonly use Linux open source tools when performing vulnerability scans and penetration testing to find security flaws and potential access points within a computer’s operating system, network, browser or banners. In fact, 90% of hackers use these free tools in order to infiltrate a system and either uncover flaws that should be fixed or cause serious damage to an organization and its resources. The prospect of a hacker being able to penetrate a network quickly and at little cost can be frightening, so how can you ensure that your system is truly secure before a hacker breaks in? The answer is actually simple, attack it the same way a hacker would. Whether you want to test your home system, a small business or a larger corporation, there are a number of tools that can help you do so.
The first step to performing any type of penetration test is to download a Linux-based operating system that can effectively use the open-source tools commonly used by ethical and malicious hackers.
The top systems in use today include:
BackTrack5 is the operating system that the Social-Engineering Toolkit concentrates on. This is one of two penetration testing software systems that are commonly used today. This software can be used to hack into any individual’s or corporation’s network regardless of location and it is available as a free download to anyone.
Kali is the latest open-source operating system available to pen-testers. This OS developed from BackTrack5 as a new version of the system was in the planning stages. Kali essentially takes all of the top used BackTrack5 applications and features as well as other things on a wish list for the new version and puts it to life. Overall, the Kali system is most closely related to the design of a Fedora environment.
PwnPi is the other main operating system used for penetration testing. Similar to BackTrack5, this software is a free Linux-based software available to anyone and can be used anywhere.
After a pen-tester has downloaded their operating system of choice, the Social-Engineering Toolkit is the first package any “would be” hacker should purchase. This toolkit, created by TrustedSec, is essentially a how-to box for simulating social engineering attacks. The free download outlines the various open source software available and how to properly use it for a targeted penetration test.
Such tools include:
1. Wifi Pineapple Mark IV
Wifi Pineapple Mark IV is a hardware device used for wireless penetration testing. This small piece of equipment is capable of creating rogue, or “evil twin,” access points and breaking into a network’s real access points. This device, so long as it is within range of the wireless access points, can monitor all data sent and received. Additionally, it has a relatively inexpensive cost of only $99.99.
2. ODroid-U2 and X2
ODroid-U2 and X2 are mini computers designed solely for penetration testing and users can choose between downloading the BackTrack5, Kali or PwnPi operating systems. The device comes with standard Android 4.0.4 platform and various other tools necessary for performing a penetration test; just simply connect it to a network and get to work. The only difference between the ODroid U2 and ODroid X2 is that the X2 is more powerful and slightly more expensive at $135.00, compared to the U2 at $89.00.
3. Java Applet Attack
Java Applet Attack is a Linux-based distribution program within the Social-Engineering Toolkit that can easily affect any Windows, Linux or Mac OS X platform. This program works to specifically compromise any Java-based vulnerability and is considered one of the most successful and popular methods among hackers.
Once a cyber security professional or malicious hacker has downloaded or purchased a combination of the tools above in conjunction with TrustedSec’s Social-Engineering Toolkit they will have the tools necessary to penetrate a network and compromise its vulnerabilities.