Penetration Testing with Kali Linux OffSec

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
109 
simply explain at a basic level what the vulnerability is and how to exploit it. The intention is to 
describe a complex exploit in a way that most technical audiences can understand. 
We also need to include evidence to prove the vulnerability identified is exploitable, along with any 
further relevant information. If this is simple, it can be included inline as per the first entry above. 
Otherwise, it can be documented in an appendix as shown in the second entry. 
Once the details of the vulnerability have been explained, we can describe the specific finding that 
we have identified in the system or application. We will use the notes that we took during testing 
and the screenshots that support them to provide a detailed account. Although this is more than 
a few sentences, we’ll want to summarize it in the table and reference an appendix for the full 
description. 
It’s good practice to use our notes and screenshots to walk the reader through how we achieved 
the result step-by-step. The screenshots should contain a short explanation of what it shows. We 
should not rely on the screenshot to speak for itself. We should present the impact of the 
vulnerability in a way that frames its severity for the client in an appropriate manner, and is 
directly relevant to the business or application. 
The remediation advice should be detailed enough to enable system and application 
administrators to implement it without ambiguity. The remediation should be clear, concise, and 
thorough. It should be sufficient to remove the vulnerability in a manner acceptable to the client 
and relevant to the application. Presenting remediation that is excessive, unacceptably costly, or 
culturally inappropriate (e.g. not allowing remote logins for a remote working environment) will 
lead to the fix never being implemented. A strong understanding of the needs of the client is 
necessary here. 
There are several other important items to keep in mind. First, broad solutions should be avoided, 
in favor of things that drill down into the specifics of the application and the business. Second, 
theoretical solutions are not effective in combating a vulnerability. Make sure that any solution 
given has a concrete and practical implementation. Finally, do not layer multiple steps into one 
proposed solution. Each distinct step should be its own solution. 
The Technical Findings and Recommendations section will likely be the major part of the report 
and the time and effort invested in writing it should reflect its importance. 
In describing the findings, we will present the means of replicating them, either in the body of the 
report or in an appendix. We need to show exactly where the application was affected, and how to 
trigger the vulnerability. A full set of steps to replicate the finding should be documented with 
screenshots. This includes steps that we take for granted (such as running with administrative 
privileges), as these may not be obvious to the reader. 
The details should be separated into two sections: 
1.
The affected URL/endpoint 
2.
A method of triggering the vulnerability 
If multiple areas are affected by the vulnerability, we should include a reference to each area. If 
there is a large number of similar issues, then it’s often acceptable to provide samples with a 
caveat that these are not the only areas where the issue occurs. In the latter case, we would 
recommend a systemic remediation. 

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
110 
5.2.7
Appendices, Further Information, and References 
The final part of the report is the 

Yüklə

Dostları ilə paylaş: