Penetration test does not have a standard definition. Some foreign security organizations have reached a consensus that penetration test is an evaluation method to evaluate the security of computer network system by simulating the attack methods of malicious hackers. This process includes the active analysis of any weakness, technical defect or vulnerability of the system, which is conducted from a possible location of an attacker, and from this location, it is conditional to actively exploit the security vulnerability.
1. Host operating system penetration
The penetration test is carried out for windows, Solaris, AIX, Linux, SCO, SGI and other operating systems.
2. Database system penetration
The penetration test of MS-SQL, Oracle, mysql, Informix, Sybase, DB2, access and other database application systems is carried out.
3. Application system penetration
Penetration test is carried out for various applications provided by penetration target, such as WWW applications composed of ASP, CGI, JSP, PHP, etc.
4. Network equipment penetration
To test the penetration of various firewalls, intrusion detection systems and network equipment.
The experimental building not only provides an attacker, but also provides a Linux experimental machine with multiple vulnerabilities as the target. You can't miss it if you want to learn information security~
This paper summarizes 5 practical projects of penetration test, which will help you to learn penetration test;
Knowledge points involved:
- How msfvenom generates Trojans
- How to bundle Trojan horse to common software in msfvenom
- How msfvenom code Trojans to avoid killing
Design sketch:
[Python implements FTP weak password scanner]
This project starts with the implementation of an FTP weak password scanner by using python, and starts with Python penetration testing technology. The experiment involves the principles of FTP protocol, the use of ftplib library and other knowledge points.
Knowledge points involved:
- Understanding FTP server
- The use of FTP lib Library
- Use of argparse Library
- Setup of FTP server in Ubuntu
Design sketch:
[Kali penetration test - back door technology practice]
This course mainly focuses on the back door technology practice, focusing on the maintenance visit after successful penetration. The course consists of 10 experiments, each of which provides detailed steps and screenshots. There will be three special experiments, which are specially used to explain the making of Trojans and the source code analysis of the generated back door Trojans.
List of experiments:
Enter a description of the picture here
Attack the target:
Picture description
[Kali penetration test - Web application attack practice]
There are 20 web application attack experiments in this tutorial. We use penetration test technology to teach you how to attack a website, and provide solutions for the security vulnerabilities found in cross site scripts XSS, SQL injection, file inclusion, etc.
List of experiments:
The attack platform of reflective XSS provided by DVWA:
dvwa-reflected.png
Pop up Facebook login to get account password:
beef-pretty-facebook.png
[Kali penetration test - server attack practice]
List of experiments:
To view the nmap scan report:
Enter a description of the picture here
The attack successfully obtains the shell of the target system:
Enter a description of the picture here
Finally, there is another resource: Python penetration testing tool set, you can have a look after the tutorial;
Recommend reading more
In today's era, web application has become an indispensable tool for people, a large number of sensitive information and money are flowing on the Internet, making web security extremely
Reading 7094 comments in the lab building 0 likes 9
White hat refers to the hacker attacks launched by individuals to find the potential vulnerabilities or vulnerabilities of the system that may be exploited by malicious hackers. When the target doesn't know or is not authorized
March Walker reads 943 reviews 2 likes 5
Reading in the laboratory building 2693 comments 4 likes 108