Invasion of penetration testing process specifications

Others 2019-07-01 08:56:41 views: null

Intrusion penetration testing procedure:

First, penetration testing Note:
1, prohibit malicious attacks
2, pay attention to obtaining authorization
3, pay attention to the recording process

Second, penetration testing terms:
1, POC: usually verify whether the program is a piece of code vulnerable
2 exploit (Exploit):
exploit is the use of exploits
3,0day:
0day is a system in its business and publish patches money before it was to grasp or open loopholes
4, white-box testing: white-box testing is a test case design method, the box refers to the software being tested, the box refers to the white box is visible, you know inside the box and how something works inside the
5, black box testing: it is through tests to detect each master function is normally available in the test, the program can not open as a black box, without considering the internal structure of the program and the case where the internal characteristics of the test program interface

Third, the penetration test execution process:
(1) information collection:
1, the child domain
2, the information disclosure
3, DNS information
4, whois information
5, IP range
6 to identify defense mechanisms
(2), information collected - port scan
1 online host discovers
2, of ping scan
3, Nmap TCP / UDP / ACK / SYN scanning
. 4, the Windows Super scan
(3), the fingerprint identification
1, web server component fingerprints
2, system fingerprint
3, system service fingerprint
4, Nmap fingerprinting using
(4), vulnerability exploiting discovery analysis
1, Web service components apache / nginx vulnerabilities such as
2, server system vulnerabilities
3, web loophole
(5), web / system / exploits
a system exp directly mention the right
2, Web server exp mention the right
3, Web vulnerability to gain webshell
. 4, social workers
(6), webshell provide the right
one, take the shell
2, see the current execution privilege
3, the system exploits mention the right to the system
(. 7), after lifting the right rear door mounting points
1, concealment
2, the timing for updates
3, free to kill
(8), the log clears
1, camouflage, hiding you want to use the log removal tool
2, to avoid triggering an alarm
3 separate deal with different mechanisms of different systems of
4, depending on the time period, find the relevant log file
5, strict
( 9), the output summed
. 1, WIKI
2, has summarized, summarized
3, white can not speak, not to waste
4, the output of the precipitate

Guess you like

Origin blog.csdn.net/qq_35811830/article/details/91661937
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com