When pentesting a target in an isolated environment such as the PWK labs, one does not need to be concerned about the risk of causing harm to the target as it runs on a virtual machine and can be reverted to its pristine state. However, this is not the case when conducting an authorised pentest against a real-world target. Despite this, one can reduce the risks which may occur during a pentest. Below is a (non-exhaustive) list that describes a number of precautions that can be taken during a pentest:
- Ensure that you are targeting the correct scope: make sure that you are targeting the correct IP address, URLs etc. Not checking these parameters can result in the attack of the wrong target that is not in scope.
- Use exploits and tools from trusted sources: use trusted sources such as exploits from Exploit Database and tools from Kali Linux. Using exploits or tools from untrusted sources is risky and can result in the exploit or tool causing malicious harm to both your system and the target being pentested.
- Understand what an exploit/tool does before running it: never run an exploit or tool blindly as this is almost guaranteed to result in a bad outcome. For example, running a buffer overflow exploit against a target without modifying the shellcode may crash the target and cause a denial of service.
- Test tools and exploits in an isolated environment: if a tool or exploit (e.g. kernel exploit) is not well understood, set up a virtual machine that is similar to the target and test it in this isolated environment before using it against the real target.
- Prevent account lockouts: when conducting a brute force attack, using default wordlists is likely to cause an account lockout resulting in a denial of service to the end user. An alternative would be to enumerate the account lockout policy of the target and use a password spraying attack with a list of enumerated usernames and a few common passwords that would not trigger an account lockout.
- Enable throttling of tools: automated tools such as vulnerability scanners send a large number of requests at a time which may overwhelm systems and cause a denial of service. Enabling throttling can help prevent this.
- Log your actions: it is important to document the actions that you perform against a target. This helps keep track of the remnants of a pentest such as web shells and user accounts that may have been left on the target after successful exploitation. These remnants can then be traced and removed preventing another attacker from using this as a backdoor into the target.
Even if all of the necessary precautions are taken during a pentest, certain tests may still cause an adverse effect – after all, a pentest involves making a system do what it was not intended to do. It should be noted that while one cannot eliminate all risks, one can make informed decisions that will reduce risks while conducting a pentest.