group-icon
Hacker's Arena
Knowledge base and discussions group for Security enthusiasts
114 Members
Join this group to post and comment.
Naveen Sunil
Naveen Sunil
Information Technology
10 Jan 2019

Why is Information Gathering very important in Pentesting?

Often this is one of the highly ignored steps by beginners or amateur hackers. In pentesting, especially black box pentesting, gathering information is highly important. One needs to know everything about a target before attacking the target. Successful attack happens when you farther and not faster.

To gather information first Identify your target. Then collect surface information about the target as where the target is, what type of target it is, who owns it, what platform it is on, etc...


Next step is to find all possible ways to enter the target. Find out if any security mechanisms are present. If present analyse ways to bypass them or escape them. Next enumerate possible ways to gain access to the target. For that you need to find out vulnerabilities in the target. If any found search on exploit db if any exploits are already available. Else try your payloads if possible or use metasploit for that step.

Once you are able to exploit the target, try to gain super user access and own the system.

Sounds easy huh? Now you need to have a good detailed background info about a target to do all this. Hope you understand why this step is crucial.

Naveen Sunil
Naveen Sunil
Information Technology
2mos ago

If you can perform all these steps perfectly, you can pass one of the premium certificate OSCP by Offensive Security. Penetration Testing Training with Kali Linux

https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/