Penetration Testing(Pen Test) The Ultimate Guide

What is penetration testing?

Penetration testing is an art. You can find out a lot of techniques and understand all of the tools, but the reality is that software is complex, especially when you start putting a lot of software systems together.

It’s that complexity that means that there is no one-size-fits-all solution when it comes to finding ways to get into systems.

An attack that may work against one web server may not work for the same web server running on a different system.

Sometimes, you can try a particular attack a number of times without success before it suddenly starts working and you find a way to break into the system.

A skilled and successful penetration tester has not only the technical skills necessary to run the tools and understand what is happening, but also the creativity necessary to try different approaches.

Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system.

If a system is not secured, then any attacker can disrupt or take authorized access to that system.

Security risk is normally an accidental error that occurs while developing and implementing the software. For example, configuration errors, design errors, and software bugs, etc.

Why is penetration testing required?

Ultimately, the goal of a penetration tester is to help an organization improve their defenses in case a real attacker comes by to break in and steal information.

This information can come in many forms. In the case of a business, it may be intellectual property. This is any information that the business relies on to set them apart from other companies.

This may be patents, source code, or any other documentation about how the business is run. Other forms of data are banking information, credit card numbers, social security numbers, usernames, passwords, and especially anything related to health care.

Attackers may be trying to steal any of that information, because it can be sold or used to gain additional access to other systems.

Penetration testing normally evaluates a system’s ability to protect its networks, applications, endpoints and users from external or internal threats. It also attempts to protect the security controls and ensures only authorized access.

Penetration testing is essential because:

It identifies a simulation environment i.e., how an intruder may attack the system through white hat attack.

It helps to find weak areas where an intruder can attack to gain access to the computer’s features and data.

It supports to avoid black hat attack and protects the original data.

It estimates the magnitude of the attack on potential business.

It provides evidence to suggest, why it is important to increase investments in security aspect of technology.

Note: – we have been talking about information security, and that’s a phrase you will hear about a lot. The objective is to protect the information assets of an organization. However, an attacker may not care about your information assets. They may care more about your computing assets. In other words, they may simply be looking to collect a system they can add to their network of systems that will perform tasks for them. This is a very lucrative business, so don’t assume that just because you are a small organization you aren’t a target. You are. Especially if you are easy for the picking. Your systems and their computing power are just as good as those from large, high-profile companies—more so if they are easy to break into.

Testing types

Black box test


The first is called a black box test. This is something like a traditional penetration test, but on the extreme end.

A black box test means the tester has no knowledge of the target other than who the target is. The attacker may not know ip addresses, domain names, or anything.

Gray box test

When someone is performing a full-blown black box penetration test, it may be a good chance to test response capabilities.

In that case, you may have a red team, also sometimes called a tiger team.

The red team is the attack team. They are the ones trying to get in. The ones on the inside, whether they are aware it’s happening or not (and sometimes the operations staff has no idea in order to get a true sense of response capabilities), are called the blue team.

You may also have a white team, which is aware of both ends of the equation. This is more common in competitions, however, and the white team in that case is entirely neutral and manages the competition.

White box test

This is generally full knowledge. The attack team works closely with the target. It may involve having credentials established ahead of time.

This allows the tester to perform full local (on-system) assessments without having to penetrate before checking the local settings.

You may have systems that appear to be very hard on the outside, but once the system is popped it’s a soft, gooey mess on the inside.

This can be an enormous problem, so it’s helpful to check local hardening as well as remote hardening.

The operations team is generally informed and works with the attack team to ensure that there is no impact to customers as a result of the testing.

When to perform penetration testing?

Penetration testing is an essential feature that needs to be performed regularly for securing the functioning of a system. In addition to this, it should be performed whenever:

Security system discovers new threats by attackers.

You add a new network infrastructure.

You update your system or install new software.

You relocate your office.

You set up a new end-user program/policy.

Penetration Testing Methodology

The Penetration Testing methodology we will be using in this article is a modified version of a common methodology I would use when working with a client. It will allow us to get right to the meat of penetration testing.


There will be a number of areas that we won’t get into that will come up as you keep working, including the following:

Intelligence gathering: – this is reconnaissance work against your target and will vary based on how much information you were provided before the engagement.

Scanning – before you start determining your attack strategy, you need to know what your targets are. This will provide you with a lot of information about systems and ports as well as, potentially, any firewalls that may be in place.

Vulnerability identification: – once you have some target systems and applications identified, getting a list of known vulnerabilities will tell you where you can quickly and easily get in.

Exploitation: – the vulnerabilities that you have identified will lead you to exploitation. This is where you actually begin to penetrate the systems by exploiting the vulnerabilities that you have identified. Some vulnerabilities are very difficult to exploit, and other exploits may just not work. You may end up finding a lot of false positives in this stage where the vulnerability was identified but the expected exploit didn’t work.

Reporting: – once you are done, make sure to clearly document all of your findings so you have something tangible and coherent to present to your employer or client.


How is penetration testing beneficial?

Penetration testing offers the following benefits:

Enhancement of the management system:- it provides detailed information about the security threats. In addition to this, it also categorizes the degree of vulnerabilities and suggests you, which one is more vulnerable and which one is less. So, you can easily and accurately manage your security system by allocating the security resources accordingly.

Avoid fines: – penetration testing keeps your organization’s major activities updated and complies with the auditing system. So, penetration testing protects you from giving fines.

Protection from financial damage: – a simple breach of security system may cause millions of dollars of damage. Penetration testing can protect your organization from such damages.

Customer protection: – breach of even a single customer’s data may cause big financial damage as well as reputation damage. It protects the organizations who deal with the customers and keep their data intact.

How to become a penetration tester?

Anyone can be a penetration tester. Good penetration testers require experience and knowledge,

You should keep in mind the expected ethical obligations. If you just want to go out and break into systems without regard to laws, you are free to do that, of course. That doesn’t make you a penetration tester, though. It makes you a criminal, and it’s entirely possible that you won’t be free for much longer.some organization that is very understanding and lenient that will let you try things out on their systems, or, better yet, get yourself a small lab system that you can work on.

Penetration Lab

Get a copy of virtualbox, or vmware or parallels if you are more comfortable with them. Install it on your system. You can download virtualbox from

Get a copy of kali linux. This will be an .iso image that you will use to install kali into a virtual machine. You can download the current .iso from Virtualbox will allow you to install a new operating system from the .iso image you have downloaded.

Get a copy of metasploitable 2. There are different places to get this. You should use google, bing, or your favorite search tool to look for a place from which to download it. It will make for a good target for some of what we will be doing. This does not require installation. It is a vmware image that you should be able to just open in any virtualization software that you have, including virtualbox.


WannaCRY Ransomware , How to keep your system safe

We will discuss about wannacry ransomware cyber attack and how to decrypt data which encrypted by wannacry.


The WannaCry ransomware began to spread across the all over the Internet on Friday May 12th, 2017. I took my phone to see the text from my friend, “What should we do to beware the ransomware?” My stomach tightened. It was time for friendly IT support.

Their home system was set to auto-install patches. All of their files were backed up remotely to a secure system and their firewall & malicious software protections were current.

I determined to share the steps that I use to protect my friend’s computer so that end users can better protect themselves when issues like the WannaCry ransomware crop up from time to time. If you are using a Windows operating system here is a helpful steps to follow.

Open Windows Update by clicking the Start button in the lower left corner. In the search box, type Update, and then, in the list of results, click Windows Update.


  1. Click on Check for updates, and then wait while Windows looks for the latest updates for your computer.

  2. Then turn on the automatic windows update


   3.  Click Install updates.


If you’re not of a mind to do thing automatically you can set it to manually install patches.

• Use this link to download update Manual :

MS17-010 Update for Windows 8.1
The first option is for 64bit system and another option for 32bit system
MS17-010 Update for Windows 10
The first option is a 32bit system and a second option for a 64bit system
Update link for MS17-010 for Windows 7 and Server 2008
Choose the first 64bit system choice or the second 32bit option.
Links Update for MS17-010 for Windows XP and Server2003 and 8

In the case of a user that has MacOS who might not be technically sound knowledge, have them click on the AppStore and select “update” next to the patches that need to be installed.



  •  No matter what your platform of choice.
  • Make sure that you have malicious software protections   installed and that they are kept up to date.
  • Your system firewall should deny inbound connections and anti-virus should be kept current.
  • While these programs are not a 100% guarantee, by any stretch of the imagination, they will help with the lot of the cruft that could negatively affect your systems.


How to Decrypt WannaCRY.


A tool under the name WanaKiwi is “able” to decrypt the data in the hands of the ransom software,But only if the user has not restarted or turned off the computer.

This condition must come from how the rudimentary software algorithm works. The researcher focused on the initial numbers stored in the random memory of the computer on which the software is based to perform the encryption process.

More generally and simply, the tool searches for these numbers and begins the process of decrypting encrypted data in advance, hence the importance of the above requirement, in addition to the reference of some other reports to another condition is not to take off new software after infection such as games and office applications which can damage the order Store those numbers on your computer’s memory by using that space for another program.

Note: The new tool works on both Windows 2008, 7, XP and Vista, and has been proven effective by some security companies. Another tool named WanaKey is based on the same principle
Link Download direct: or

For more information and reference.

Often I see people finding fault to the end users. Rather than do that, I preferred to share what should be done to better protect their systems. Hopefully, if we preserve to share more information like this it will help to better protect the home user.

20 Common Protocols and Their Well-Known Port Numbers

The port number is a numeric identifier used to route packets to the correct application on a computer.

Just as Media Access Control (MAC) addresses are used to deliver frames to the correct physical computer or you can say to the network adapter.

And IP Addresses are used to route packets to the correct logical computer (x.x.x.x) , Port numbers are used to route a packet to the correct application after the packet has arrived at its destination computer.

We know that on a single computer/Server their are lots of applications are running.When a packet arrives at that server, it cannot be delivered to ust any application.For example, HTTP client requests are not going to be understood by an LDAP server application.

Port numbers range from 1 to 65,000.Most established Internet protocols have assigned port numbers,reffered to as well-known port numbers.

By this it is easy for firewall to allow or block request on particular port.

For example,if a firewall were configured to block port 80,HTTP clients would not be able to pass through the firewall and communicate with any internal virtual servers.You will have to open specific ports in order to let the proper traffic pass.

For an extra measure of security, you can usually change the port numbers that an application uses.For example,you might change your POP3 virtual server and all POP3 clients too use port 28,345 instead of the default 110.

The drawback of doing this is that you will have to manually chang any application that will need to communicate with the server.



Powershell – How To – SID To User

Step 1: Domain User to SID

This will give you a Domain User’s SID
$objUser = New-Object System.Security.Principal.NTAccount(“DOMAIN_NAME”, “USER_NAME”)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

Step 2: SID to Domain User

This will allow you to enter a SID and find the Domain User
$objSID = New-Object System.Security.Principal.SecurityIdentifier `
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])


$objUser = New-Object System.Security.Principal.NTAccount(“LOCAL_USER_NAME”)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

Found on Spiceworks:

Dlightdily : “ Have you any query ? , Post It below in comment box” !

windows script to check Server Uptime


Ever wanted a simple HTML report showing you the UP/DOWN status of your servers?

And for a little extra flavor how long that server has been up for?

Some basic disk information?

1. Download the script to your favorite location and name it Uptime.ps1

2. Open a Powershell prompt and type: Get-Help pathtoscript\Uptime.ps1 –Full

3. Edit PARAM section so that variables match your environment.

4. Edit $Key variable with random numbers, this is your encryption key.

5. Run it manually once, if you are using alternative credentials script will prompt you for password and save those credentials to a file.

To run as a scheduled task:

1. Create the scheduled task and set your trigger (hourly?)
2. For action the Executable should be Powershell.exe
3. For Arguments use: -ExecutionPolicy Bypass -File pathtoscript\Uptime.ps1


Source Code

This script has not been checked by Dlightdaily. Please understand the risks before using it.


     Simple HTML report generator for UP/DOWN status of servers.
     Create a simple UP/DOWN report, with length of uptime report in a simple HTML
     report.  Also includes a “lowest” disk alert, showing you whichever disk has the
     lowest amount of disk space and how much that is (bar graph).  There is also
     a detailed disk report you can click on to view.
     Will accept an secondary credential and use that to gather information.  The
     username and password are stored in an encrypted file in the path you designate.
     Since this script is intended to be run from a scheduled task, it is important
     to modify the PARAM section to suit your needs. 
     How to Run:
     Make sure to run the script once on the server you intend to run the scheduled
     task.  The script will prompt for the specified credential password on the first
     run (or any time you change the credential username).  After that first run it
     will run without prompting.
     *** IMPORTANT ***
     Required:  Modify the $Key variable (line 74) to get unique encryption on your
     Will accept a comma seperated array of server names and if not specified default
     to load the server names from a text file.  Make sure to edit the Param section
     to fit your environment.  Will also accept object input from Get-ADComputer.
.PARAMETER AlertThreshold
     A number representing the % that free space has to go below to trigger an alert
     (changing the display to red).
     The output path and file name for the HTML report.  Make sure to edit the Param
     section to fit your environment.
.PARAMETER Credential
     Specify the alternative credential
     Path where the script will store the encrypted password file.
     Produces the report based on the servers in C:\utils\servers.txt and will save the
     report at c:\utils\uptime.html
     .\Uptime.ps1 -Servers server1,server2,server3 -path \\webserver\share\uptimereport.html
     Will create the uptime report for servers 1,2 and 3 and save the report at
     .\Uptime.ps1 -Servers server1,server2,server3 -AlertThreshold 25
     Will create the uptime report for servers 1,2 and 3 and if the lowest disk free percentage
     is below 25% it will show up in red.
     Author:        Martin Pugh
     Twitter:       @TheSurlyAdm1n
     Spiceworks:    Martin9700
         1.7        Added the ability to use alternative credentials.  Added quite a bit of error
                    handling and verbose output (if wanted).  Added the ability for the script to
                    accept pipeline input from Get-ADComputer as well as other pipeline items.
         1.6        Added remaining disk information in a more detailed report below the primary
                    status table.  Click on the “Show Disk Detail Report” link to display the detailed
         1.5        Added the “Lowest Disk Status” column.  The script will now look at all disk
                    volumes and report on the one with the lowest free disk space.  It will so the free
                    space as a percentage of the total.  By default if that percentage drops below 10%
                    it will “alert” and show that percentage in red.  This setting is configurable
                    using the -AlertThreshold parameter.
         1.0        Initial release
Param (
     [string[]]$Name = (Get-Content “c:\utils\servers.txt”),
     [int]$AlertThreshold = 10,
     [string]$Path = “c:\utils\uptime.html”,
     [string]$Credential = “surly\administrator”,
     [string]$PathToCred = “c:\utils”

Begin {
     Function Get-Credentials {
         Param (
             [String]$AuthUser = $env:USERNAME
         $Key = [byte]29,36,18,74,72,75,85,52,73,44,0,21,98,76,99,28
         #Build the path to the credential file
         $CredFile = $AuthUser.Replace(“\”,”~”)
         $File = $PathToCred + “\Credentials-$CredFile.crd”
         #And find out if it’s there, if not create it
         If (-not (Test-Path $File))
         {    (Get-Credential $AuthUser).Password | ConvertFrom-SecureString -Key $Key | Set-Content $File
         #Load the credential file
         $Password = Get-Content $File | ConvertTo-SecureString -Key $Key
         $AuthUser = (Split-Path $File -Leaf).Substring(12).Replace(“~”,”\”)
         $AuthUser = $AuthUser.Substring(0,$AuthUser.Length – 4)
         $Credential = New-Object System.Management.Automation.PsCredential($AuthUser,$Password)
         Return $Credential

    Write-Verbose “$(Get-Date): Script begins!”

    #Define static HTML
     $HeaderHTML = @”
<style type=’text/css’>
body { background-color:#DCDCDC;
table { border:1px solid gray;
   font:normal 12px verdana, arial, helvetica, sans-serif;
   border-collapse: collapse;
th { color:black;
   border: 1px solid black;
   font:normal 16px verdana, arial, helvetica, sans-serif;
   background-color: #6495ED;
td.up { background-color:#32CD32;
   border: 1px solid black;
td.down { background-color:#B22222;
   border: 1px solid black;
td { border: 1px solid black;
} { background-color:#B22222;
} { background-color:#32CD32;
} { background-color:#7FFF00;
a.detail { cursor:pointer;
<script type=’text/javascript’>
     document.getElementById(“ShowHideLink”).innerHTML=”<h6>Show Disk Detail Report</h6>”
function ShowHide() {
     if (document.getElementById(“diskdetail”).style.visibility==”visible”)
         document.getElementById(“ShowHideLink”).innerHTML=”<h6>Show Disk Detail Report</h6>”
         document.getElementById(“ShowHideLink”).innerHTML=”<h6>Hide Disk Detail Report</h6>”
<h1>Server Uptime Status Report</h1>
<table class=”Main”>
<tr><th style=”width:175px;”>Server Name</th><th style=”width:125px;”>Status</th><th style=”width:475px;”>Lowest Disk Status</th></tr>


    $DiskDetailHeaderHTML = @”
<a id=”ShowHideLink” class=”detail” onClick=”ShowHide()”></a>
<div id=”diskdetail”>
<h1>Disk Detail Report</h1><p>


    $FooterHTML = @”

    $AllComputers = @()

Process {
     #Gather all computer names before processing
     ForEach ($Computer in $Name)
     {   $AllComputers += $Computer

End {
     #Sort the servers by name, then start getting information
     Write-Verbose “Sort server names and gather Credential information”
     $Name = $Name | Sort
     $DiskData = @()

    If ($Credential)
     {   $Cred = Get-Credentials $Credential

    ForEach ($Computer in $AllComputers)
     {    Write-Verbose “Testing $Computer…”
         $ErrorReport = $null
         If (Test-Connection $Computer -Quiet)
         {    #Set parameters for splat, determine if checking local
             $CredParameter = @{
                 ComputerName = $Computer
                 ErrorAction = “Stop”
             If ($Computer.ToUpper() -notlike “*$($env:COMPUTERNAME.ToUpper())*” -and $Cred)
             {   $CredParameter.Add(“Credential”,$Cred)
             #Get uptime information
             Try {
                 $WMI = Get-WmiObject Win32_OperatingSystem @CredParameter
                 If ($WMI)
                 {    $Uptime = New-TimeSpan -Start $($WMI.ConvertToDateTime($WMI.LastBootUpTime)) -End (Get-Date)
                     $UpText = “<td class=””up””>$($Uptime.Days)d, $($Uptime.Hours)h, $($Uptime.Minutes)m</td>”
                 {    $UpText = “<td class=””up””>Up</td>”
                 #Get disk information and pretty up the data
                 $Disks = Get-WmiObject Win32_LogicalDisk -Filter “DriveType=3” @CredParameter | Select `
                     @{LABEL=”Size”;EXPRESSION={[int](“{0:N0}” -f ($_.Size/1gb))}},
                     @{LABEL=”FreeSize”;EXPRESSION={[int](“{0:N0}” -f ($_.FreeSpace/1gb))}},
                     @{LABEL=”perUsed”;EXPRESSION={[int](“{0:N0}” -f ((($_.Size – $_.FreeSpace)/$_.Size)*100))}},
                     @{LABEL=”perFree”;EXPRESSION={[int](“{0:N0}” -f (100-(($_.Size – $_.FreeSpace)/$_.Size)*100))}},
                 $DiskData += $Disks
             Catch {
                 Write-Verbose “Error encountered gathering information for $Computer”
                 $ErrorReport = $Error[0]
                 $Error.Clear | Out-Null
             #Create the simple Status table
             If ($ErrorReport)
             {   $UpText = “<td class=””down””>WMI Error</td>”
                 $DiskHTML = “<div class=””red””>$($Error[0])</div>”
             ElseIf ($Disks)
             {    $LowDisk = $Disks | Sort FreeSize | Select -First 1
                 If ($LowDisk.perFree -le $AlertThreshold)
                    {    $FreeClass = “red”
                 {    $FreeClass = “free”
                 $DiskHTML = “<div class=””green”” style=””width:$($LowDisk.perUsed)%””>$($LowDisk.DriveLetter) $($LowDisk.Size)gb ($($LowDisk.perUsed)% used)</div><div class=””$FreeClass”” style=””width:$($LowDisk.perFree)%””>$($LowDisk.FreeSize)gb free ($($LowDisk.perFree)%)</div>`n”
             {    $DiskHTML = “”
             $DetailHTML += “<tr><td>$Computer</td>$UpText<td>$DiskHTML</td></tr>`n”
         {    $DetailHTML += “<tr><td>$Computer</td><td class=””down””>DOWN</td><td class=””down””></td></tr>`n”

    #Disk Details Report
     Write-Verbose “WMI data gathered, making the report”
     $Servers = $DiskData | Select Server -Unique
     ForEach ($Server in $Servers)
     {    $Server = $Server.Server
         $DiskDetailHTML += “<h3>$Server</h3>”
         $DiskDetailHTML += “<table>”
         $DiskDetailHTML += “<tr><th>Drive Letter</th><th>Volume Name</th><th>Total Disk Space</th><th>Used</th><th>Free</th><th style=””width:350px;””>Usage</th></tr>`n”
         $Disks = $DiskData | Where { $_.Server -eq $Server } | Sort DriveLetter
         ForEach ($Disk in $Disks)
         {    $DiskDetailHTML += “<tr><td>$($Disk.DriveLetter)</td><td>$($Disk.VolumeName)</td><td>$($Disk.Size)gb</td><td>$($Disk.Size – $Disk.FreeSize)gb</td><td>$($Disk.FreeSize)gb</td>”
             If ($Disk.perFree -le $AlertThreshold)
             {    $FreeClass = “red”
             {    $FreeClass = “free”
             $DiskDetailHTML += “<td><div class=””green”” style=””width:$($Disk.perUsed)%””> </div><div class=””$FreeClass”” style=””width:$($Disk.perFree)%””>$($Disk.perFree)%</div></td></tr>`n”
         $DiskDetailHTML += “</table><br>`n”

    #Combine all the HTML fragments and save to a file
     $HTML = $HeaderHTML + $DetailHTML + $DiskDetailHeaderHTML + $DiskDetailHTML + $FooterHTML
     $HTML | Out-File $Path

    Write-Verbose “$(Get-Date): Script completed!”


Found on Spiceworks: