Open in app

Sign in

Write

Sign in

Getting started with Penetration Testing

How to learn, practice and perform pen-testing (from theory to practice)

Ned Poplaski (CISSP)
2 min readApr 13, 2021

Before starting to read this article —

  1. This article is heavy on jargons and terms. If you are unfamiliar with the terms in the ethical hacking industry, keep a reference page ready for these terms.
  2. We assume that you have a good working knowledge in python and some basic shell scripting .
  3. A basic knowledge in some key Linux commands is handy. (See below in a section that has a refresher on some basic Linux commands to help you get around)

Stages in Penetration Testing

Before jumping directly into building your technical acumen in Penetration Testing (a.k.a pen-testing), here is the round up on what it actually means to make a career (or a living) doing pen-testing. Here is a quick low down on the stages involved in a standard pen-testing project when you sign-up a contract with a client .

  1. Recon
  2. Threat Analysis / Enumeration
  3. Get your contracts right
  4. Discuss commercials
  5. Actual exploits
  6. Post-exploit / maintaining access / covering tracks
  7. Reporting

Now that we know what a typical pen-testing contact involves, lets try to get the lab set up which will build your technical acumen.

Setting up the environment

  • We will be setting up a VM-Ware environment .
  • We will be using windows OS

A. Set up a VM-Ware environment on windows

B. Set up Kali Linux on the VM-Ware

You can alternatively install a Kali-Linux image of the VM-Ware.

C. Install supporting binaries in your Kali- Linux environment

Here are a list of tools in addition to the standard ones that come with your Kali Linux default installations. These are indicative tools — your choices might vary based on your usage preferences .

  1. ming ( C compiler )

apt-get install mingw32

2. Ettercap (Tool for man-in-the-middle attacks)

Change the conf file in the tool.

nano /etc/ettercap/etter.conf

3. Nessus (General vulnerability scanner )

http://www.tenable.com/products/nessus-home/

4. Veil-Evasion (A tool to create payload executables to bypass common virus scanners)

wget https://github.com/ChrisTruncer/Veil/archive/master.zip

4. Hyperion (an encryption program to bypass common anti-virus software)

5. Also, install the following if you are also looking to do Android/Mobile pen-testing

  • Smartphone Pentest Framework (SPF)
  • Andriod SDK

D. Setting up your Kali Linux environment

  1. Create users with different roles

From your root user, create a sudo previlige user. Here we are creating a user called matt

root@kali:~# adduser matt

adduser matt sudo

Endnote

At this point, we have set up most a good enough environment where we can practice our pen-testing skills. We will see specific use-cases in the coming articles.

Pentest
Penetration Testing
Kali Linux
Cybersecurity
Hacking

--

--

Ned Poplaski (CISSP)

Written by Ned Poplaski (CISSP)

265 Followers

I share news and Lessons to make possible a safer cyber experience. cyber security educator. ex-McAfee, Consultant snyk.io,sonatype.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams