Tracks Covering in Penetration Testing

Tracks Covering in perceptiveness TestingEr. Ramesh narwalEr. Gaurav GuptaAbstract subsequently completing bang, top tracks is the next step in discernment testing. In tracks chase aftering after completing beset we volition return to each exploited administration to erase tracks and clean up either(a) footprints we left behind. Tracks covering is grave beca exercise it gives clue to forensics analyst or Intrusion Detection System (IDS). Some meters its difficult to cloud wholly tracks but an aggressor crapper manipulate the placement to shelve the examiner and make it al intimately impossible to come upon the extent of the assaulter. In this research paper we describe all of the methods used in tracks covering and their next scope.Keywords Exploit, Payload, pic Assessment, perspicacity Testing, Track CoveringIntroduction cleverness testing is nowadays an important presidential term security testing method. Penetration testing is also known as Pentesting. Main objective of sixth sense testing is to identify the security threats in networks, formations, servers and applications. Penetration testing consists of mingled builds which we discuss in overview of perceptiveness testing. After gaining administrative access on a administration or server, attacker first task is to cover their tracks to prevent detection of his current and past comportment in the frame. An attacker or intruder may also try to remove designate of their individuality or activities on the frame to prevent tracing of their identity or location by authorities. To prevent himself an attacker usually erases all error messages, alerts or security events that have been lumberged.Overview of Penetration TestingPenetration Testing used for validation and effectiveness of security protections and controls of an organisation. It reduce an organisations expenditure on IT security by identifying an remediating vulnerabilities or loopholes. It provides stay steps that can prevent upcoming exploitation. Penetration testing phasesPre-engagement Interactions scholarship GatheringThreat ModelingVulnerability AnalysisExploitation stance ExploitationCovering Tracks notifyingPre-engagement InteractionsPlanning is the first step in pre-engagement. During this phase scope, goal and terms of the penetration test is finalised with the client. Target and methods of intend attacks are also finalised in this phase.Intelligence GatheringThis is most important phase if we miss something here we might miss an entire opportunity of attack. All education regarding target is self-collected by using societal media networks, google hacking and otherwise methods. Our primary goal during this phase to gain accurate selective information about target without revealing our presence, to learn how organisation operates and to determine the better(p) entry point.Threat ModelingThe information acquired in intelligence throng phase used in this phase to identify exis ting vulnerabilities on the target system. In threat modelling, we determine the most effective attack methods, the information type we need and how attack can be implemented at an organisation.Vulnerability AnalysisVulnerability is loophole or weakness in the system, network or product by using which can agree it. After identification of most effective attack method, we consider how we can access the target. During this phase we combine information acquired in previous phases and use that information to find out most effective attack. Port and Vulnerability scans are performe in this phase and all data is also gathered from previous phases.ExploitationExploit is a code which allows an attacker to stimulate advantage of the flaw or vulnerability within system, application or service. We must perform exploit only when we are sure that the finical exploit will be successful. May be unforeseen overprotective measures might be on the target that inhibit a crabby exploit. Before tr igger a vulnerability we must sure that the system is vulnerable.Our exploit must do proper clean-up after execution at compromised system and must not cause the compromised system to grow into coseismic state. Given below pattern signals some system shutdown energetic at compromised windows machine due to without proper clean-up of exploit after execution.After successful exploitation the compromised system is under the control of an attacker. Many times attacker or penetration tester need to alter the compromised or breached systems to attain privilege escalation.Post ExploitationPayload is actual code which executed on the compromised system after exploitation. Post Exploitation phase begins after compromised one or more systems. In this phase penetration tester identifies critical infrastructure, targets specific systems, targets information and data that values most and that must be attempted to secure. In Post Exploitation season attacking systems we should take time to u nderstand what the system do and their distinguishable user roles. all tester and attacker generally spend time in compromised system to understand the information he have and how he can take benefit from that information.After gaining access of one system an attacker can access other systems in that network by using compromised as a staging point. This method is known as pivoting. Sometimes attackers creates backdoor into the compromised system to regain access of the system in the hereafterCovering TracksIn the previous phases penetration tester or attacker often made significant changes to the compromised systems to exploit the sytems or to gain administrative rights. This is the final stage in penetration test in which an attack clears all the changes made by himself in the compromised systems and returns the system and all compromised hosts to the on the nose configurations as they are before conducting penetration test.ReportingAll of the information desire vulnerability reports, diagrams and exploitation results generated during penetration testing must be taked after handover to the client. If any information is not deleted it should be in the experience of client and mentioned in the technical report which is generated after penetration testing.Reporting is the last phase in penetration test in which penetration tester organise available data and related result sets into report and present that report to the client. This report is highly confidential which have all the results of penetration tests like vulnerabilities list in the organisation systems, networks or products and recommendations to light up these problems related to the security of the organisation assets, which helps organisation in go againstping future attacks.How to cover tracksTo compromise system successfully an attacker need to be stealthy and avoid detection by miscellaneous security systems like firewalls, Intrusion detection systems (IDS). System administrators and ot her security personals uses similar techniques to identify malicious activities, so its very important for attacker to be remains undetected. A system administrator can examine processes and recordarithm files to check malicious activities. There are various challenges which are confront by a penetration tester after successfully compromise of target system. Now we describe various problem faced by a penetration tester in covering tracksManipulating logarithm Files infoTo manipulate log files data an attacker must have comme il faut knowledge of commonly used operational systems. An attacker must conscious of two types of log files system generated and application generated.Penetraion tester or attacker have two options when manipulating log data first one is to delete entire log and second one is to modify the content of the log file. After deleting entire log an attacker there is surety of undetectability. save there is drawback of deletion of entire log is detection.Second option an attacker have to enjoyment of log files data within the log files so that system administrator is not able to notice attacker presence in the system. But sometimes if attacker removal of so lots information make gap between logs files makes it noticeable.Log Files Management in Various SystemMain purpose of log files in various operating systems is to check health and state of operating system, to detect malicious body process, to analysis system if something bad happens(system troubleshooting). Here we show locations of log files in commonly used operating systems Windows, Linux/Unix, Mac.WindowsIn windows log files or stored in event beauty, which is easy to find simply search event viewer and run it. Event viewer is simply look like the figure as given below, where we can see all log files of the system and applications. simulacrum Log Files Managements in WindowsLinux/UnixIn mainly all linux and unix operating systems log files are stored in the /var/log directory. Mainly system log files are hidden in linux and unix operating systems to see shade list of log files from shell simply type ls l /var/log/ command in shell. In the below figure we show log files in BackTrack linux operating systemFigure Log Files Management in Linux/UnixMacTo get or access log files in MAC operating system simply open inventor and select Go to Folder in the Go menu. Type in /Library/Logs and hit Enter here you get the screen like as given in figure which contains all log files.Figure Log Files Management in Mac OS XTo manipulation of log files data an attacker must have root privileges.Challenges in Manipulation of Log FilesIf the system administrator configures its system to transfer all log files on the remote server time to time, in that grapheme an attacker or penetration tester can only stop log files transfer process except it they have no other way.Hiding FilesVarious Tools for Covering TracksThere are so numerous to compromise a system but after comp romising the system the attack must need to cover their tracks because each and every activity that attacker can do is stored or recorded by the system. Every system have different way to record the activity that occurs in the system. Every attacker must covers their tracks that are recorded by the system so that no one can identify him.