Análisis de Metodologías para Pruebas de Penetración Mediante Ethical Hacking

 

FMÆJAXAX @D IDPG@GJGLÉFX RF_F R_TDOFX @D RDMDP_FHAØM ID@AFMPD DPNAHFJ NFHCAML

DMMQ _GHAG @AF[ OF__D_F

TMAUD_XA@F@ MFHAGMFJ FOAD_PF Q F @AXPFMHAF ‚TMF@’  DXHTDJF @D HADMHAFX OÆXAHFX, PDHMGJGLÉF D AMLDMAD_ÉF R_GQDHPG @D XDLT_A@F@ AMEG_IÆPAHF AA  QGRFJ ?26>

6

 

FMÆJAXAX @D IDPG@GJGLÉFX RF_F R_TDOFX @D RDMDP_FHAØM ID@AFMPD DPNAHFJ NFHCAML

DMMQ _GHAG @AF[ OF__D_F

Igmglrfeéf djfogrf`f hgig rdquasatg `d lrf`g pfrf gptfr dj tétujg `d Dspdhafjastf dm Xdlura`f` Amegriætahf

@ardhtgr `d Pdsas Aml. Ifrtam Hfiajg Hfmhdjf`g

TMAUD_XA@F@ MFHAGMFJ FOAD_PF Q F @AXPFMHAF ‚TMF@’  DXHTDJF @D HADMHAFX OÆXAHFX, PDHMGJGLÉF D AMLDMAD_ÉF R_GQDHPG @D XDLT_A@F@ AMEG_IÆPAHF AA  QGRFJ ?26>

?

 

HGMPDMA@G

JAXPF @D PFOJFX…………………………………………………………………………………...……….0 PFOJFX…………………………………………………………………………………...……….0  JAXPF @D EALT_FX………………………………………………………………………………………….. EALT_FX…………………………………………………………………………………………..4 _DXTIDM……………………………………………………………………………………………………...5

6.  PAPTJG…………………………………………………………………………………………….....> ?.  @DEAMAHAGM @DJ R_GOJDIF……………………………………………………………...……..1  8.  KTXPAEAHFHAGM…………………………………………………………………………………....66 0.  GOKDPAUGX…………………………………………………………………………………………68 0.6  LDMD_FJ…………………………………………………………………………………………...68 0.?  DXRDHAEAHGX……………………………………………………………………………………….68 4.  IF_HG _DED_DMHAFJ…………………………………………………………………..………60 _DED_DMHAFJ…………………………………………………………………..………60  PDG_AHG…………………………………………………………………………………60  4.6  IF_HG PDG_AHG…………………………………………………………………………………60

4.?  IF_HG HGMHDRPTFJ………………………………………………………………………..….6> HGMHDRPTFJ………………………………………………………………………..….6>  4.?.6 

NFHCAM DPAHG…………………………………………………………………………...…...6> DPAHG…………………………………………………………………………...…...6> 

4.?.? 

R_TDOFX @D RDMDP_FHAGM……………………………………………………………….61 RDMDP_FHAGM……………………………………………………………….61 

4.?.8 

XH_ARP…………………………………………………………………………………………61 

4.?.0 

XDLT_A@F@ AMEG_IFPAHF………………………………………………………………..61 AMEG_IFPAHF………………………………………………………………..61 

4.?.4 

UTJMD_FOAJA@F@……………………………………………………………………..……61 

4.?.5 

GXXPII………………………………………………………………………………...……..61 

4.?.   MIFR………………………………………  MIFR…………………………………………………………………………………..……….?2 …………………………………………..……….?2  4.?.1 

D^RJGAP…………………………………………………………………………………….….?2 

4.?.62  IDPFXRJGAP……………………………………………………………………………….…?2  4.?.66  H_FHCD_ X………………………………………………………………………………...…..?2 X………………………………………………………………………………...…..?2  4.?.6?  GOKDPAUG @D DUFJTFHAGM……….……………………………………………….………?6  4.?.68  IFLD_AP………………………………...…………………………………………………….?6  4.?.60  FPFVTD JGHFJ………………………….……………………………………………...……?6  4.?.64  FPFVTD _DIGPG……………………………………………………………………..……..?6 _DIGPG……………………………………………………………………..……..?6  4.?.65  NFODFX @FPF…………………………………………………………………………….….?6 @FPF…………………………………………………………………………….….?6  4.?.6 

8

 

IDPG@GJGLAHG………………………………………………………………………..86 5.  @AXDÖG IDPG@GJGLAHG……………………………………………………………………….

5.6  PARG @D AMUDXPALFHAGMM……………………………………………………………………. AMUDXPALFHAGMM……………………………………………………………………..8? 5.?  PDHMAHFX D AMXP_TIDMPGX @D _DHGJDHHAGM @D AMEG_IFHAGM…………………... 8? 5.?.6 

DMP_DUAXPF…………………………………………………………………………………..8?

5.?.? 

GOXD_UFHAGM……………………………………………………………………………….8?

NFHCAML………………………………………………………………………….…....80 .?  AXXFE………………………………………………………………………………………………..46 >.?.6 

NAXPG_AF Q UAXAGM LDMD_FJ @D AXXFE…………………………………………..……4? 

>.?.? 

FHD_HF @D AXXFE…………………………………………………………………….……. AXXFE…………………………………………………………………….……..4?

>.?.8 

GOKDPAUGX @D AXXFE……………………………………………………………….……….48 AXXFE……………………………………………………………….……….48 

>.?.0 

DJ E_FID\G_C…………………………………………… E_FID\G_C…………………………………………………………………………….44 ……………………………….44 

RJFMDFHAGM………………………………………………………………..………4.?.0.6  EFXD6. RJFMDFHAGM………………………………………………………………..………4< DUFJTFHAGM……………………………………………………………………….5?  >.?.0.?  EFXD?. DUFJTFHAGM……………………………………………………………………….5?

>.?.0.?.6 _DHGJDHHAGM _DHGJDHHAGM @D AMEG_IFHAGM………………………………………………….…….5?  >.?.0.?.? IFRDG IFRDG @D _D@ @D P_FOFKG………………………………………………………...……58  A@DMPAEAHFHAGM @D UTJMD_FOAJA@F@DX……………………………………..……....58 >.?.0.?.8 A@DMPAEAHFHAGM

>.?.0.?.0 RDMDP_FHAGM………………………………………………………………………… RDMDP_FHAGM………………………………………………………………………….…….58  GOPDMD_ FHHDXG Q DXHFJF@F @D R_AUAJDLAGX……………………………….…...58 >.?.0.?.4 GOPDMD_

>.?.0.?.5 DMTFID_FHAGM DMTFID_FHAGM F@AHAGMFJ………………………………………………… F@A HAGMFJ………………………………………………………. ……..……58  >.?.0.?..?.0.?.> IFMPDMD_ IFMPDMD_ FHHDXG………………………………………………………………… FHHDXG………………………………………………………………….…….50  HTO_A_ _FXP_GX…………………………………………………………… _FXP_GX…………………………………………………………….…….….……50  >.?.0.?.1 HTO_A_ P_FPFIADMPG………………………………………………………… ………………….…….....…54 >.?.0.8  EFXD 8. P_FPFIADMPG………………………………………

>.?.0.0  EFXD 0. FH_D@APFHAGM………………………….…………………………………………5< FH_D@APFHAGM………………………….…………………………………………5.?.0.4  EFXD4. IFMPDMAIADMPG………………………..…………………………………………5< IFMPDMAIADMPG………………………..…………………………………………5.?.4 

LDXPAGM @D HGIR_GIAXGX………………………………………………………………5.?.5 

OTDMFX R_FHPAHFX ‘  R_D  R_D DUFJTFHAGM, DUFJTFHAGM, RGXPDUFJTFHAGM…………………………………………………………………………………5.?. _ADXLGX…………………………………………………………………5> 

0

 

JAXPF @D PFOJFX

Pfojf 6; @djatgs Amegriætahgs………………………………………………………….?8   Pfojf ?; Nastgraf `dj G\FXR………………………………………….……………… EALT_F 0; Jglg AXXFE…………………………………………………………………01  EALT_F 4; Efsd AXXFE…………………………………………………………………45  EALT_F 5; Mudvd hfpfs `d efsd `d Dvfjufhaøm…………………………………….50  EALT_F   EALT_F >; Rrghdsgs `d jf dvfjufhaøm `dj radslg……………………………………51 

5

 

_DXTIDM

Dj prgydhtg `d lrf`g hgrrdspgm`d dm `dhar dj mavdj `d hgmghaiadmtg sgord jfs idtg`gjgléfs `d Dtnahfj Nfhcaml y dm jf pgsahaøm sd dmhudmtrf fhtufjidmtd dm dj ium`g `alatfj. @dhar jfs pramhapfjds `aedrdmhafs dmtrd umf y gtrf idtg`gjgléfs. Q @f`g hgm dj hrdhadmtd mûidrg `d haodr ftfquds, jf eajtrfhaøm y dj usg am`doa`g `d jf amegrifhaøm id`af`gs pgr efjtf `d sdlura`f` `d jf rd` y dquapgs. Dm jf fhtufja`f` dj mavdj `d sdlura`f` pfrf jgs sastdifs amegriætahgs diprdsfrafjds y pdrsgmfjds nf hgmvdrta`g dm um tdif `d lrfm aipgrtfmhaf pdrg qud pgr `dshgmghaiadmtg g efjtf `d jgs rdhursgs sd `dkf f um jf`g g sd rdstf aipgrtfmhaf. Pg`g dstg nf igtavf`g f qud jgs Nfhcdr Átahgs sd hgjgqudm dm jf tfrdf `d `dsfrrgjjfr idtg`gjgléfs, luagmds g Xhrapts mgvd`gsgs, pfrf fsé pg`dr prdvdmar `d jgs pgsaojds ftfquds, pár`a`fs g sustrfhhaøm `d amegrifhaøm pravf`f. Dmtrd jfs eumhagmds `d jgs Nfhcdr átahgs dstæm jf sgjuhaøm `d jfs vujmdrfoaja`f`ds, idkgrfr prghdsgs `d sdlura`f` y hgmhadmtazfr f jgs diprdsfrags y `diæs usufrags, u sufrags, sgord jf aipgrtfmhaf `d jf aipjdidmtfhaøm `d um oudm sastdif `d sdlura`f` amegriætahf6. Jf `difm`f `d tdhmgjgléfs y prghd`aiadmtgs mgvd`gsgs pfrf f`iamastrfr jgs sastdifs `d sdlura`f` y fjifhdmfiadmtg, prgigvaø dj mfhaiadmtg `d jfs prudofs `d pdmdtrfhaøm, umg `d jgs gokdtavgs `d dstfs prudofs ds jf a`dmtaeahfhaøm `d vujmdrfoaja`f`ds `d sdlura`f`, id`afmtd dj usg `d táhmahfs y ndrrfiadmtfs

6

 _dpgrtd @alatfj. Xdlura`f` y Nfhcaml N fhcaml pfrf odmdeahafr um mdlghag. . SDm jémdfY. nttps;//rdpgrtd`alatfj.hgi/mdlghags/tdhmgjglaf/sdlura`f`-y-nfhcaml/  .  <

 

dspdhéeahfs?. Dm dstd trfofkg vf f dxpjahfr jfs pramhapfjds idtg`gjgléfs, id`afmtd hgipfrfhagmds, y fmæjasas `d vdmtfkfs y `dsvdmtfkfs. Jf dstruhturf `d høig sd vf f `fr `dsfrrgjjg f hf`f umf `d jgs gokdtavgs dspdhéeahgs prgpudstgs, sdræ `f`f pgr sdhhagmds, `gm`d jf praidrf sd arf pgr um rdhgrra`g pgr jgs `aedrdmtds ifrhgs hgig sgm dj tdørahg, hgmhdptufj y jdlfj3 sdlua`fidmtd sd dmhudmtrf dj `asdög idtg`gjølahg dm dj hufj sd `dshraod jgs pfsgs f sdluar f eam `d rdhgpajfr jf amegrifhaøm iæs rdjdvfmtd.

?

 Fmgmaig . Rrudofs `d pdmdtrfhaøm y nfhcaml átahg. SDm jémdfY.   Fmgmaig nttps;//rdvastf.sdlura`f`.umfi.ix/muidrg-6>/prudofs-`d-pdmdtrfhagm-pfrf-

 pramhapafmtds-4-ndrrfiadmtfs-pfrf-dipdzfr   pramhapafmtds-4-ndrrfiadmtfs-pfrf-dipdz fr   >

 

6. PAPTJG

 FMÆJAXAX @D I IDPG@GJGLÉFX DPG@GJGLÉFX RF_F R_TDOFX @D RDMDP_FHAØM ID@AFMPD DPNAHFJ NFHCAML

1

 

?. @DEAMAHAGM @DJ R_GOJDIF

 Fj `éf `d ngy, dj eumhagmfiadmtg `d jfs sghad`f`ds nuifmfs sd ofsf dm jgs sastdifs amegriætahgs, mg sgjg dm jfs amstfmhafs pûojahfs g pravf`fs p ravf`fs samg tfioaám dm dj sdhtgr hgidrhafj, hgig tfioaám dm jg qud fhtufjidmtd lrfm`ds hgmkumtgs `d `ftgs qud sd hgipgmdm hgm `ftgs hgta`afmgs `d jf pgojfhaøm, jg qud hgiprfigs g `dhaigs, y qud judlg sdlûm rdsujtf`gs `d fmæjasas, sd dstfojdhdm pdreajds pfrf gerdhdr jgs prg`uhtgs g sdrvahags, `d umf egrif pdrsgmfjazf`f. Jf havajazfhaøm sd iudvd f trfvás `d jf amegrifhaøm y dj fjifhdmfiadmtg `d jf iasif. Xa jgs mavdjds `d sdlura`f` mg sgm f`dhuf`gs, f`dh uf`gs, jf vujmdrfoaja`f` sd fuidmtf y hgm djjg jgs radslgs f um rgog `d `ftgs, g hufjquadr ftfqud qud rdfjahd um nfhcdr hgm eamds `d ifmapujfr g `dstruar jf amegrifhaøm. Jfs rfzgmds pfrf dedhtufr um ftfqud sgm `avdrsfs y sd pud`dm fsghafr fsg hafr f um kudlg, um dxpdraidmtg pfrf `digstrfr sus hgmghaiadmtgs, g um nfhcdr qud tadmd jgs gokdtavgs hjfrgs `d rgofr amegrifhaøm vfjagsf hgig hgmtrfsdöfs, hudmtfs ofmhfrafs, vujmdrfr jf sdlura`f` g dspfrhar um varus.  Fpjahfm`g jfs saiajfrds ndrrfiadmtfs `d ftfqud utajazf`fs pgr um nfhc nfhcdr dr g Hrf Hrfhcdr hcdr sd pud`dm rdfjazfr jfs prdvdmhagmds y prgtdhhagmds f jgs sastdifs amegriætahgs. Jfs fidmfzfs sgord jgs sastdifs amegriætahgs ofsf`fs dm usurpfr jf pdrsgmfja`f` `d usufrags futgrazf`gs pfrf fhhd`dr y ifmapujfr am`doa`fidmtd jgs `ftgs `d jfs diprdsfs nfm jjdvf`g f qud dj trftfiadmtg jf sdlura`f` amegriætahf sdf

62

 

prdpgm`drfmtd.8  Pg`g jg fmtdragr sd pud`d prdvdmar y iamaiazfr egrtfjdhadm`g dj hgmghaiadmtg sgord dj Dtnahfj Nfhcaml y jfs ndrrfiadmtfs qud jg hgmstatuydm. Rfrf jf prdsdmtd amvdstalfhaøm sd tadmd hgig gradmtfhaøm jf saluadmtd prdlumtf; ·Høig dj fmæjasas `d jfs pramhapfjds pramhapf jds idtg`gjgléfs `d Dtnahfj Nfhcaml, pdriatd f jfs pdrsgmfs y/g diprdsfs a`dmtaeahfr jgs idkgrds prghd`aiadmtgs pfrf dvfjufr `deahadmhafs dm jgs sastdifs `d sdlura`f`7

8 EJG_D[,

_gkfs. Idtg`gjgléf pfrf rdfjazfr Nfhcaml Átahg dm ofsds `d `ftgs pfrf pfrf Rgsatavf Hgipföéf `d Xdlurgs X.F dm jf hau`f` `d Oglgtæ. Oglgtæ. ?26