What is Grey Box Penetration Testing
So you understand black box external penetration testing. Now it’s time to move on to grey box penetration testing. This combination of white box and black box testing is often used by penetration testing firms when performing security tests at the application level. Grey box testing is for a presenter with only partial knowledge of the internal structure of a network. Grey box testing is the perfect hybrid of the straightforwardness of black box testing and the code targeting of white box testing.
Because grey box testing uses the assertion method to present all the conditions of a program, it is based on requirement test case generation. In order to verify its correctness and make it easy to understand a specification language is required. Required assumptions include Activation of Methods, State Reporting and Report Testing both in Class Under Test (CUT).
Grey Box vs Black Box
While grey box testing is more focused and efficient than black box testing the code coverage is only partial and it can be difficult to associate defect identification in distributed applications. And yet, it cannot be ignored that grey box testing has the advantages of being non-intrusive, handles the intelligence testing exceptionally and maintains unbiased testing conditions required for ethical hacking engagements.
Rather than squandering hours determining elusive information, presenters can use grey box testing to focus their assessment efforts on systems with the greatest risk and value. A sort of cyber triage, if you will. The security of the system is tested by simulating an attacker with long term access to the network.
What are the Best Pen Tests for Grey Box Security Testing?
Because web application systems have distributed network or systems grey box penetration testing is best suited for it. Functional of business domain testing is also ideal for grey box penetration testing. This will confirm that the software meets the defined requirements.
Grey box penetration testing is the right way to go when the tester has no access to the souse code and a non-intrusive, unbiased test is desired.
What is a Meterpreter?
Well, if you are planning to hack like a pro, then you need to know some of the basic commands for Metepreter exploits, before you dive in below.
A Meterpreter is a dynamic and advanced extensible payload. It deploys in-memory DLL injection stagers. Moreover, it extends over the network during runtime. Nevertheless, t communicates over the stager sockets to provide a client-server Rubi API.
Written by Skape for Metasploit 2.x, there has been an overhaul of the standard extension, and the current one is Metasploit 3.3. Typically, the server side is implemented using plain C and is compiled using and MSVC; thus, making it portable. Besides, the client can be written in any language. However, it is worthy to note that the Metasploit has a full-featured Ruby client API.
How does Meterpreter Work?
-The target first executes the initial stager. Usually, this is one bind, findtag, passivex among others.
-The stager then loads the DLL prefixed with reflective. The reflective tub is responsible for loading or injection of the DLL.
-Next, the Meterpreter core initializes and establishes a TLS/1.0 link through the server socket and sends a GET message. When Metasploit receives the GET message, it configures the client.
-Lastly, the Meterpreter is involved in loading the extension. If the module gives administrative rights, it will load priv modules; otherwise, it loads stdpi. All the extensions are stacked over the TLS/1.0 through a TLV protocol.
Now that you have a clear glimpse of Metasploit Meterpreter. What are some of the Cheatsheet commands to use?
Step one: The Core Commands
Meterpreter is a Linux based terminal based on a victims PC. As such, most of the underlying Linux commands can still be used on the Meterpreter even if you are running on a Windows or other operating systems.
The core commands include:
-?: If you are not sure os nay command, you can use this to access the help menu. -Background: The control moves the current session to run on the background. -bglist: Allows you to access all the scripts running in the background. -bgkill: The command is used to kill any Meterpreter running on the background. -bgrun: You can use this to run a script as a background thread. -Close: Closes the terminal. -help: opens up the help menu. -irb: Used when you want to go intoRuby scripting mode. -quit: terminates the session. -write: Used to write data to a channel. -read: Reads data from a chain. -migrate: Used to move the active process to a specific PID.
Step two: The file system commands
The following are file system commands.
-mkdir: Used to make a directory on the victim system. -rmdir: Used to remove an index from the victim system. -del: Command for deleting a file on the victim. -getwd: If you want to print the local directory, then use this command. -ls: list all files in the current directory. -edit: Used when you want to edit a file using vim. -cd: change directory of the victim system. -cat: Command used to read and output the content of a file. -lcd: Change local directory. -download: Used to download a file from the victim systems to an attacker system.
Step Three: Network Commands.
If you want to find something on the network, then the following commands will be handy. -ipconfig: Used to display all the network interface key information including IP addresses. -route: Used to modify or view victims routing table. -portfwd: Command used to forward a victims port to a remote server.
Step four: System commands
Whenever you want to get the details of a victim PC, you can use the sysinfo command. It will display the operating system and the name of the PC. Other system commands include.
-shutdown: Shuts down victims computer. -reg: Allows you to interact with the victim's registry. -getpid: Shows the current process ID. -getuid: Provides information on the user on which the server is running. -drop_token: help drop the stolen token. -kill: terminates the PID process. -ps: Lists all running processes. -getprivs: Used when you want to get privileges. -shell: Opens command shell. -clearav: helps clear event logs on the victim machine.
Step five: Interface commands.
-set_desktop: Changes the Meterpreter desktop. -screeshot: Grabs screenshots on the victim desktop. -keyscan_dump: dumps the software keylogger -keyscan_stop: Stops the keylogger. -enumdesktops: Provides a list of all available desktops. -idletime: checks how long the victim system has been idle. -keyscan_start: Starts the keylogger software associated with a process. -uictl: Enables control of the UI components.
Step six: Privilege escalation
If you want to escalate the system privileges, you can use the gestsytem command. It uses a 15 built-in way to gain system administrator privileges.
Step Seven: How to dump passwords
You can use the hashdump command to grab the hashes in the password file. Notably, the command often trips AV software, although you can run more stealthy like “run smart_hashdump” or “run hashdump.” The above scripts will stop the AV from tripping.
We’ve all heard of the term hacking and we’ve all had that image in our heads when it comes to hacking. A bunch of random numbers, flickering rapidly through the screen, only the man in front of the monitor seemingly aware of what’s going on…
But hacking in real-world circumstances paints a different picture that more or less isn’t far from the one painted above. Ethical hacking is a term given by a company or an individual that is said to perform by identifying, in a computer or network, potential threats. They do so, not with malicious intent, but with the sole intent of finding vulnerabilities.
The difference in methods between an ethical hacker (also see grey box penetration testing) and a regular hacker isn’t much. They both use the same technique. The only difference is in their intent. One works for the betterment of security while the other works against it. The ones that work for the betterment are called “white hats” and the ones who work with malicious intent are called “black hats”, a set of terms inspired by old western movies in which the good guy wore a white hat and the antagonists, black hats.
Ethical hacking differentiates itself by following a set of rules which include respecting the privacy of the company or the individual, not leaving a backdoor for anyone, including the hacker himself, to exploit later and also letting the ones responsible know about the vulnerabilities in the software or hardware that the company isn’t aware of.
One of the first instances of ethical hacking ever to be recorded was in the 1970s. The United States government assembled a group of experts which came to be known as the “red team”. The team was assigned to hack into their own systems. This led to the spark which that ignited the inception of a sub-industry within the information security market. It has gone on to dwell both the physical and mental aspects of a corporation’s defense line.
Today, many large companies have a team of ethical hackers; some companies have solely focused on ethical hacking alone, such as Trustwave Holdings, Inc. Trustwave Holdings specialize in penetrating ATMs and surveillance systems. The employment of ethical hackers by large companies has come under question. Many people have often voiced criticism, citing there is no such thing as ethical hacking. This is because hacking is seen as a crime and is an action commonly associated with cybercriminals. Ethical hackers are, therefore, needed to ask permission from the network’s owner to perform probing.
But one cannot undermine the importance of ethical hacking as it has led to the successful improvement of security.