As the reader is aware, exploitation penetration testing is conducted to detect and exploit computer systems for the purpose of making those systems more secure. In this manner it is our goal to discover vulnerabilities and resolve them before an attacker does.
However, penetration testing often fails and the full extent of the entities vulnerabilities isn't determined. There are a number of reasons for this, and the primary reason for a failed penetration test is lack of adequate reconnaissance on the part of the pen-tester.
In their zeal to get to the exploitation phase, or due to their lack of a thorough understanding of the value, many pen-testers will skip this step.
Without performing reconnaissance, targets or means of ingress will be missed, this greatly reducing the potential attack surface.By utilizing the results of our reconnaissance and scanning stages we may find vulnerable services that we can exploit.
If our results show the existence of remote access services, such as SSH, VPN, VNC, RDP, FTP, PC Anywhere, and the like, we can potentially gain access and control of the systems in question by the use of brute-force password cracking.
A secondary reason is that evidence derived from the pen-test was not captured. This may due to the use of live penetration distros, and the unfamiliarity with the techniques and tools to capture and record pen-testing results.
A tertiary reason may be the pen-testers lack of familiarity or expertise with the pen-testing tool that they are using. Take for example Backtrack which has hundreds of tools, or Nmap which has many switches and options, and we may find that the pen-tester is deficient in their proficiency of their chosen tool.
Finally, in the far from halcyon early days of pen-testing information assurance personnel would have to create and code their own custom exploit for each vulnerability they uncovered. Now, pen-testers and malevolent attackers alike have exploitation frameworks such as Kali, which provide an easy to use, yet formal structure for developing and mounting exploits. These exploitation frameworks provide consistency and guidelines to create and launch exploits against a chosen target.