Hacking Book | Free Online Hacking Learning


5 projects to take you to the penetration test

Posted by herskovits at 2020-03-20

Penetration test does not have a standard definition. Some foreign security organizations have reached a consensus that penetration test is an evaluation method to evaluate the security of computer network system by simulating the attack methods of malicious hackers. This process includes the active analysis of any weakness, technical defect or vulnerability of the system, which is conducted from a possible location of an attacker, and from this location, it is conditional to actively exploit the security vulnerability.

1. Host operating system penetration

The penetration test is carried out for windows, Solaris, AIX, Linux, SCO, SGI and other operating systems.

2. Database system penetration

The penetration test of MS-SQL, Oracle, mysql, Informix, Sybase, DB2, access and other database application systems is carried out.

3. Application system penetration

Penetration test is carried out for various applications provided by penetration target, such as WWW applications composed of ASP, CGI, JSP, PHP, etc.

4. Network equipment penetration

To test the penetration of various firewalls, intrusion detection systems and network equipment.

The experimental building not only provides an attacker, but also provides a Linux experimental machine with multiple vulnerabilities as the target. You can't miss it if you want to learn information security~

This paper summarizes 5 practical projects of penetration test, which will help you to learn penetration test;

Knowledge points involved:

Design sketch:

[Python implements FTP weak password scanner]

This project starts with the implementation of an FTP weak password scanner by using python, and starts with Python penetration testing technology. The experiment involves the principles of FTP protocol, the use of ftplib library and other knowledge points.

Knowledge points involved:

Design sketch:

[Kali penetration test - back door technology practice]

This course mainly focuses on the back door technology practice, focusing on the maintenance visit after successful penetration. The course consists of 10 experiments, each of which provides detailed steps and screenshots. There will be three special experiments, which are specially used to explain the making of Trojans and the source code analysis of the generated back door Trojans.

List of experiments:

Enter a description of the picture here

Attack the target:

Picture description

[Kali penetration test - Web application attack practice]

There are 20 web application attack experiments in this tutorial. We use penetration test technology to teach you how to attack a website, and provide solutions for the security vulnerabilities found in cross site scripts XSS, SQL injection, file inclusion, etc.

List of experiments:

The attack platform of reflective XSS provided by DVWA:


Pop up Facebook login to get account password:


[Kali penetration test - server attack practice]

List of experiments:

To view the nmap scan report:

Enter a description of the picture here

The attack successfully obtains the shell of the target system:

Enter a description of the picture here

Finally, there is another resource: Python penetration testing tool set, you can have a look after the tutorial;

Recommend reading more

In today's era, web application has become an indispensable tool for people, a large number of sensitive information and money are flowing on the Internet, making web security extremely

Reading 7094 comments in the lab building 0 likes 9

White hat refers to the hacker attacks launched by individuals to find the potential vulnerabilities or vulnerabilities of the system that may be exploited by malicious hackers. When the target doesn't know or is not authorized

March Walker reads 943 reviews 2 likes 5

Reading in the laboratory building 2693 comments 4 likes 108