top of page

Fundamentals

Before starting the Penetration Testing, penetration tester must know some fundamentals like Types of hackers, Rules those should be obeyed by pen testers, Internet protocol suit, Linux file structure, Passwords in the system and Hacking OS like BackTrack and Kali Linux.


1. Types of Hackers: In the hacking world, it is not uncommon to hear the words like script-kiddie, cracker, white hat hacker, etc. These are nothing but the names given to classify the hackers as follows:

  • Script-kiddie: They are mostly non-technical people or young kids who accidently get the access of something really confidential. Or they are the people who use the tools, tricks and techniques made by other professional hackers.

  • Crackers: They are mainly college going students or the people with some knowledge of computer who do hacking for the purpose of ego, fame, revenge or money.

  • Professional hackers: They are highly technical people who perform hacking for earning their income. There are mainly two communities of professional hackers as White Hat Hackers and Black Hat Hackers. The term White Hat Hacker is used interchangeably with Ethical Hacker or Penetration Tester to describe good guys. While the bad guys are referred as Black Hat Hackers or Malicious/ Unethical Hackers. Also there are hackers who sometimes act ethically but sometimes not. They are nothing but hybrid of white hat and black hat hackers, also known as Grey Hat Hackers.

  • Terrorist: Their sole purpose is destruction.

The way of performing the hacking by ethical as well as malicious hacker is almost same. The only difference is of mind-set i.e. the purpose of hacking.


2. Rules to obey: As a penetration Tester, there are certain rules that have to be followed while performing the penetration testing, as follows:


  • Penetration tester should have authority to probe the system. Hence it is recommended to have a written contract between client and penetration tester before starting penetration testing.

  • Penetration tester should respect the privacy of the client. The focus of the penetration tester should be only in finding the security flaws.

  • Penetration tester should report all the findings that he found during penetration testing and not leaving any for the future use.

  • Penetration tester should tell all the vulnerabilities that he found in software and hardware.

3. Backtrack and Kali Linux: Backtrack was the operating system that was dedicatedly made for hackers by the Offensive Security organization of Israel hackers. The whole distribution was built for hackers. Backtrack Linux came with so many hacking tools integrated inside it. And the best thing was, it was free. Hence it was like hacker‟s dream came true. But now days, we have new distribution known as Kali Linux in which many out-dated tools from Backtrack Linux are removed. It is nothing but the re-birth of Backtrack Linux.

4. Linux File Structure: It is very important to know Linux directory structure. It helps to find where the particular file might have stored.

Fig. Linux File Structure shows user files stored under ‘/home’ are directory

5. Internet Suite: Technically we call it as TCP/IP protocol suite. TCP/ IP protocol suite is used worldwide for the networking. It is a practical stack of protocols that governs the computer network.

Fig. Internet Suite showing various TCP/ IP layers, their protocols and hacking tools used at each layer

6. Password in the System: Linux system uses /etc/passwd and /etc/shadow files for password storage. Out of these /etc/passwd file contains User details such as User ID, group ID, home directory information etc. And User ID and hashed password is actually stored in the /etc/shadow file.


Similarly, in windows, the Security Account Manager (SAM) is a protected subsystem that manages the accounts database. Passwords are in LM or NTLM. SAM is available either locally or on the domain. Local Security Authority is responsible for validation of credentials in windows.

7. Phases of Penetration Testing: The overall methodology of Penetration testing can be described step by step into separate phases as follows:

  • Reconnaissance

  • Exploitation

  • Maintaining Access

  • Post Exploitation



bottom of page