How CORE IMPACT Pro Penetration Testing Works

The Information Gathering step collects data about the targeted network, typically using Network Discovery, Port Scanner, and OS and Service Identification modules. Alternately, you can complete this step by importing information from your network mapping tool or vulnerability scanner. Access to a vulnerability scanner is not required to use IMPACT.

Key Capabilities

• Identify the operating system and services running on targeted machines
• Control the IP ranges you want to scan
• Select from a variety of network discovery and port scanning methods, including TCP Connect, Fast SYN and ICMP

Client-Side Rapid Penetration Testing

In the case of end-user testing, Information Gathering involves the collection of email addresses to target with phishing, spear phishing or other social engineering attacks. IMPACT offers a number of modules for gathering email addresses of individuals in your organization, or you can enter or import your own list of email addresses to test.

Key Capabilities

• Crawl a website to harvest addresses published on the site
• Leverage major search engines to locate addresses for a given domain
• Find addresses in PGP and Whois databases
• Scan a domain for documents and scrape useful information from them, such as email addresses

Web Application Rapid Penetration Testing

During this phase of the Web Application Rapid Penetration Test, IMPACT crawls through web pages and identifies pages to test. Alternately, you can import the results from popular web application vulnerability scanners and validate imported vulnerabilities for exploitability.

Key Capabilities

• Specify a domain or range of web pages to crawl
• Set a link depth limit for the crawler
• Select whether to follow links outside the specified site
• Crawl JavaScript to discover and assess dynamically generated pages
• Establish the browser type and version to use
• Supply any login information required to emulate an attack from someone with access rights to the web application
• Import web scanner results for vulnerability validation

Wireless Rapid Penetration Testing

IMPACT Pro’s discovery capabilities allow users to identify both authorized networks and unauthorized points of access. It then profiles any networks discovered by analyzing signal and packet data to measure network strength, determine security protocols, and identify devices interacting with the involved network.

Key Capabilities

• Discover both known and unauthorized Wi-Fi networks and access points
• Gather MAC addresses and SSIDs from beaconing machines
• Impersonate access points, and fingerprint / harvest information from systems that connect
• Gather information on network strength, security protocols and connected devices
• Sniff traffic for streams of sensitive data

Network Device Rapid Penetration Testing

IMPACT Pro’s locates network devices as part Network Rapid Penetration Testing. If IMPACT discerns the operating system of a target and confirms it to be a network device, it will attempt to collect information about the device. Alternately, IMPACT includes a Passive CDP network discovery module that listens for broadcasts from Cisco devices.

Key Capabilities

• Fingerprint found devices to determine manufacturer, device model/type, and operating system details
• Determine the inputs on which the device accepts connections or instructions, including SNMP, Telnet, HTTP, etc.

Network Rapid Penetration Testing

During Attack and Penetration, CORE IMPACT Pro automatically selects and launches remote attacks leveraging IP, OS, architecture, port and service information obtained in the Information Gathering step. You can choose to launch every potential attack against each target computer, or you can have the system stop once it successfully deploys a single Network Agent, which carries the attack payload. You maintain full control over which computers are attacked and the order in which exploits are launched. In addition, you can further simplify and speed tests by excluding exploits that may leave a target service unavailable or take a long time to run.

Key Capabilities

• Launch multiple, simultaneous attacks to speed the penetration testing process
• Interact with compromised machines via discrete Agents that are installed only in system memory
• Run local exploits to attack machines internally, rather than from across the network
• Maintain control over which exploits are applied

Client-Side Rapid Penetration Testing

In the Attack and Penetration stage of the Client-Side Rapid Penetration Test, you create an email, associate it with an exploit, and go phishing. The product includes sample email templates that mimic common phishing attacks. You can also create your own custom spear phishing emails that leverage inside knowledge of your organization. IMPACT’s extensive library of client-side exploits includes attacks that target endpoint applications, endpoint security solutions, and endpoint operating systems and services. The product also takes care of sending the email, giving you options such as selecting an SMTP server or spoofing a specific “from” email address.

Key Capabilities

• Create phishing, spear phishing and spam emails from a variety of pre-built templates
• Safely deploy Agents using real-world malware attacks to test end-user system security
• Track who responds to attacks and measure the effectiveness of security awareness programs – with or without exploiting their systems
• Assess data leakage risks by luring users to complete imposter web forms
• Demonstrate the consequences of a end-user security breach by interacting with compromised workstations

Web Application Rapid Penetration Testing

CORE IMPACT Pro enables you to test web applications for Persistent Cross-Site Scripting (XSS), Reflective XSS (both for static HTML and Adobe Flash® objects), Remote File Inclusion for PHP applications, SQL Injection, and Blind SQL Injection. IMPACT then dynamically creates exploits to prove whether the vulnerabilities pose actual threats. If an exploit is successful, IMPACT establishes an Agent that allows you to take a number of actions to reveal at-risk information assets.

Key Capabilities

• Analyze custom, customized and out-of-the-box web applications for security weaknesses
• Validate security exposures using dynamically generated exploits, emulating a hacker trying various attack paths and methods
• Guess application usernames and passwords with dictionary attacks
• Leverage Web Application Firewall (WAF) evasion capabilities
• Demonstrate the consequences of an attack by interacting with web server file systems and databases through command shells and database consoles
• Perform penetration tests without corrupting web applications or running code on targeted servers

Wireless Rapid Penetration Testing

CORE IMPACT Pro determines keys by taking advantage of known vulnerabilities in WEP-secured networks. The solution also assesses networks secured by WPA and WPA2 (using a Pre-Shared Key) via dictionary attacks that leverage information from sniffed authentication attempts. Finally, IMPACT enables you to intercept wireless transmissions and conduct Man-in-the-Middle attacks.

Key Capabilities

• Replicate attacks against WEP, WPA and WPA2-encrypted networks
• Conduct Man-in-the-Middle attacks, intercept wireless transmissions, and insert exploits into relayed traffic
• Impersonate access points to connect with beaconing systems and test them against remote exploits

Network Device Rapid Penetration Testing

IMPACT Pro uses dictionary attacks to guess passwords and gain access to network devices. Once the device is compromised, IMPACT offers various modules to demonstrate the ramifications of the breach.

Key Capabilities:

• Launch dictionary attacks to gain device access
• Retrieve the configuration file of a compromised device and try to crack passwords that are in use
• Rename compromised devices
• Demonstrate how attackers could intercept copies of data packets via interface monitoring