Penetration testing, or pen testing, is using the same tools and skills of a hacker to look for points of potential exploitation in given system. The goal though is to report the issues so the exposure can be fixed and/or the reporter can be compensated via a bug bounty program.
Exposure may include
- Viewing private information on a server
- Viewing private data of other users
- Retrieving sensitive information in databases
- Getting access to systems on a private network
- Ability to modify or vandalize systems or information.
The more you can learn about a particular target, the easier it is to find exploits. Specific technologies (tools, programming languages) or specific versions of those technologies will have different ways to exploit.
The following are some useful tools and tricks
- Burp Suite for interacting with web content
- Hashcat for password recovery
- Wireshark for network capture and analysis
Woolly Hat Systems 