Infrastructure Penetration Testing Methodologies

Many organizations across industries today use digital infrastructure as their backbone. The need for robust cyber security measures have become critical.

Infrastructure penetration testing, often referred to as pen testing, emerges as a vital practice in identifying and mitigating vulnerabilities within IT systems and networks. This article delves into what is infrastructure pen testing, methodologies of pen testing, and examples of infrastructure pen testing in the context of black box pen testing.

What is Infrastructure Pen Testing

Infrastructure penetration testing involves simulating real world cyber attacks to assess the security posture of the infrastructure that is tested.

The goal of the pen tester is to identify the vulnerabilities within the network and report them and provide recommendations to their respectful organizations.

Methodologies

There are some steps required while performing infrastructure pen testing.

1. Information gathering and analysis

During this step, the pen testers will scan for active or open ports and try to find vulnerabilities of those ports. The pen testers will gather as much information as possible about the target and understand the workings of the infrastructure.

Some tools that could be used to conduct it include Nessus, Naabu, and nmap. Below is an example of reconnaissance using nmap.

Example reconnaissance / recon using nmap

From the recon report, we could see the list of open ports and their own services. For example, the IP address in the picture have port 80 open that offers HTTP as the service. If the IP address is opened using the web browser, it would take the viewers to a web page. From there, the pen testers would continue to gather information about the website and conduct the next methodology.

2. Vulnerability detection

In this step, the pen testers would try to find any vulnerabilities of the infrastructure. The tools and techniques could vary depending on the features that exist within the website.

Below is an example of detecting the vulnerabilities of the infrastructure from the previous example.

Example analyzing recon report and detecting the vulnerabilities

As we can see, on port 80 there is a robots.txt file which usually contains directories that would block website bots, such as web crawlers, from visiting certain website directories. In the example above, there is one listed directory that is disallowed and pen testers could try accessing the directory by adding the directory after the IP address.

Credit: mangools.com

In a real world scenario, the directories listed in the robots.txt file usually would be more than one directory like the example above. This file is important as it could open possibilities for the next method, which is exploitation.

3. Exploitation

This method is where all the hacking stuff happens. A simulation of the attack is conducted. Again, depending on the features of the infrastructure, the tools and techniques used to exploit the vulnerability varies.

This step relies heavily on the first two steps, information gathering and vulnerability detection, as those steps will give the pen tester an idea of the infrastructure and would pick the tools needed to complete the job.

The goal here is to see if the vulnerabilities are exploitable or not, such as see how far a privilege escalation vulnerability can be conducted, test the responses of any automated defense system, and test the cyber security awareness of the company employees.

An example method of privilege escalation is using the kernel’s version known vulnerability and execute the script to achieve privilege escalation.

In the image above, the kernel version is 5.19.0–42. To find the known vulnerabilities of the kernel version, a tool called searchsploit could be used to list all known vulnerabilities and exploit scripts that could achieve a privilege escalation.

4. Reporting

The final step is to report the findings to the organization so patching and remediation could be conducted. The report is made using all the information gathered during the exploitation step.

The report will generally include:

1. Recon data and general flow of the exploit
2. The tools used to exploit the infrastructure
3. The vulnerabilities found within the infrastructure
4. How the exploit was carried out
5. Mitigations of the vulnerabilities found

The pen testing team would then suggest the mitigations for the vulnerabilities of the infrastructure so it would be patched and avoid a potential security risk.

Conclusion

Infrastructure penetration testing is important to conduct as it gives an idea of how secure an infrastructure is. Even if the infrastructure have been set to be as secure as possible, there are always ways for an attacker to exploit the vulnerabilities as there is no system that is fully secure.

The methods in the exploitation step is just the tip of the iceberg in conducting an exploit to the infrastructure. It could vary depending on the vulnerability found within the infrastructure, the tools used by the pen testers and many other factors.

That is all for this article, I hope you enjoyed this article and thank you for reading.

References

How to Perform Infrastructure Vulnerability Assessment & Penetration Testing

What Is Infrastructure Penetration Testing? | RSI Security