Penetration testing and ethical hacking is an exciting topic. Everyone is always excited to hack another system, whether it's a computer or even a wireless network. The previous chapters focused on gathering enough intelligence on a target prior to launching an attack. The exploitation phase of hacking and penetration testing can sometimes be challenging.

It's very important to gather as many details as possible about the target. Such background work helps us to determine approximate exploits and a payload we can launch against a target system or network. Sometimes, when you launch an exploit that's intended for a particular operating system, it may not work, and this can be frustrating. One tactic you can adopt is to target the low-hanging fruits on a network—that is, attempt to exploit and gain access to systems and devices that seem easier and vulnerable to TCP/IP protocols that can be easily exploited.

An example is the vsftpd service, which we explored in the previous chapters and used to gain entry to the target via a shell interface. Another example is the EternalBlue vulnerability, which is found on the Windows operating system. During your scanning phase, be sure to perform an extensive vulnerability assessment on all the devices on your target network.

Begin by exploiting targets that seem to be the most vulnerable and, hence, easy to exploit, and then move on to those that are less vulnerable and thus more difficult to exploit. To put this into context, imagine appearing for a written examination. The question paper has a lot of challenging questions that need to be answered within a given time period. In such a scenario, it's always wise to answer easier questions first and then move on to the tougher ones. This will give you more time to answer questions that you are more likely to get correct and maximize the marks that you will score in the exam.

There are many methods and techniques a penetration tester can apply to gain access to systems, such as the following:

• Online and offline password cracking
• Cracking the pre-shared key (PSK) on a wireless network
• Social engineering
• Performing a Man-in-the-Middle (MITM) attack
• Performing a brute-force attack on application layer protocols

During the gaining-access phase, a penetration tester usually performs various types of attack that will assist them in gaining entry to a network. Usually, you start by performing online or offline password cracking. Once you've obtained a valid username and password, the next step is to access the victim's system and escalate your user privileges. Obtaining a higher level of user privilege will allow for the execution of any application and tasks on the compromised machine. Hiding files such as malicious code is designed to ensure that a hidden backdoor is created and that logic bombs (a type of virus that contains a set of instructions triggered by a user's action) have been planted. Lastly, when disconnecting from a compromised machine, it's always wise to cover your tracks. Covering your tracks is the last phase in penetration testing and focuses on removing any log files and evidence indicating that an attacker was present on the system or network.

The following is a typical flowchart for gaining access to a system:

In the upcoming sections, we will take a look at various methods we can use in order to gain entry to a target system.