The pre-attack phase
The pre-attack phase focuses on the planning and preparation of the penetration test, this is done prior to any direct engagements to the target system or network. During this phase, the penetration tester would be creating an arsenal of tools, scripts, and operating systems to be used during the attack phase. Determining a penetration methodology prior to the actual penetration test is quite important, it will create a systematic approach in achieving each objective of the pen test.
We must not forget one of the most important objectives during the pre-attack phase, discussing the rules of engagement with the client. This is quite important as both parties, the penetration tester and the client, must have a mutual agreement and understanding on the type of tests that will be conducted, the duration of the testing, the target systems and networks, if remote testing is done-the source IP address if possible, intrusive or non-intrusive testing, and so on.
So far, we've learned organizations hire security professionals, such as penetration testers, to check the security controls and discover any hidden vulnerabilities within their systems or network. At times, an organization may contract a penetration tester to simulate real-world attacks on their web applications, while another company may want security auditing on their Windows servers. Having a single methodology does not always apply to each target from a penetration tester's perspective. This is where the penetration tester can create their own methodology to fit the type of testing required for the target.
Having as much information as possible about the target prior to the attack phase is very helpful. Let’s think of this as a military operation; before launching an attack, the General or someone of high authority would send a unit of soldiers to conduct reconnaissance and gather as much information as possible about the target while being undetected (stealthy). This concept also applies in penetration testing; the more information that is known about a target will assist the penetration tester in discovering flaws and weaknesses. Once a vulnerability (weakness) is found on a target, the next step is to use a working exploit to take advantage of the flaw/weakness. This is done during the attack phase.
Information, such as open ports, types of devices, operating systems, network layout, security appliances, and network shares, is usually found during the pre-attack phase of the penetration test.