Every Penetrationg testing consists of multiple test phases. From my understanding they are four steps to penetration testing ask any sophisticated hacker about the four steps and they will tell you what I am about to tell you now.
The first step in any penetration test is “reconnaissance.” This phase deals with information gathering about the target. Regardless of the information you had to begin with, after completing in depth reconnaissance you should have a list of target IP addresses that can be scanned. The second step in our methodology can be broken out into two distinct activities. The first activity we conduct is port scanning. Once we have finished with port scanning, we will have a list of open ports and potential service running on each of the targets.
The second activity in the scanning phase is vulnerability scanning. Vulnerability scanning is the process of locating and identifying specific weaknesses in the software and services of our targets. With the results from step 2 in hand, we continue to the “exploitation” phase. Once we know exactly what ports are open, what services are running on those ports, and what vulnerabilities are associated with those services, we can begin to attack our target .This is the phase that most newcomers associate with “real” hacking. The ultimate goal of exploitation is to have administrative access (complete control) over the target machine.
The final phase is “maintaining access.” Oftentimes, the payloads delivered in the exploitation phase provide us with only temporary access to the system. Because most payloads are not persistent, we need to create a more permanent backdoor to the system. This process allows our administrative access to survive program closures and even reboots. As an ethical hacker, we must be very careful about the use and implementation of this phase and I mean very careful. Although not included as a formal step in the penetration testing methodology, the final and arguably the most important activity of every PT is the report. Yes and Regardless of the amount of time and planning you put into conducting the penetration test, the client will often judge your work and effectiveness on the basis of the quality of your report, so if it’s crap don’t and you know it’s crap don’t even bother with it because you are going to make yourself look more stupid. The final PT report should include all the relevant information uncovered in your test and explain in detail how the test was conducted and what was done during the test. Whenever possible, mitigations and solutions should be presented for the security issues you uncovered. Finally, an executive summary should be included in every PT report. The purpose of this summary is to provide a simple one- to two-page, nontechnical overview of your findings. This report should highlight and briefly summarize the most critical issues your test uncovered. It is vital that this report be readable (and comprehendible) by both technical and nontechnical personnel. It is important not to fill the executive summary with too many technical details; that is the purpose of the detailed report.