8 steps permeation test

Others 2019-10-17 13:33:09 views: null

Penetration Testing: The basic principles of safety, by the attacker and the defender's point of view to analyze security risks that exist and target vulnerabilities in order to protect system security as the ultimate goal.

General penetration testing process:

Clear objectives -> Information gathering -> Vulnerability detection -> Vulnerability Validation -> Information Analysis -> to obtain the required -> organize information -> Report form

 

1. clear objectives:

(1) determine the scope: the scope of the test target, IP, domain name, inside and outside the network, test accounts

(2) determine the rules: the extent and time of penetration, the ability to upload modified, such as the right to mention

(3) determine the requirements: Web application vulnerabilities, business logic vulnerabilities, personnel rights management loopholes

2. Information Collection:

(1) Method: active scanning, open search.

(2) open search: use search engines to get: background, unauthorized page, sensitive url, and so on.

(3) basic information: IP, network segments, domain name, port.

(4) Application: Application of each port. Such as web applications, email applications, and so on.

(5) System Information: Operating System Version

(6) Version Information: Version all these things detected.

(7) Service information: all kinds of information middleware, plug-in information.

(8) personnel information: domain name registration personnel information, web application poster's id, name, etc. administrator.

(9) protection information: see if trying to detect protective equipment.

3. Vulnerability detection:

method:

 (1) Leakage sweep, awvs, IBM appscan like.

 (2) binding to exploit-db Vulnerability other position finding use.

 (3) the Internet looking for validation poc.

content:

(1) system vulnerability: the system is not timely patching

(2) WebSever vulnerabilities: WebSever configuration issues

(3) Web application vulnerability: Web application development issues

(4) other ports of Service Vulnerability: various 21/8080 (st2) / 7001/22/3389

(5) Communication Security: plaintext transmission, token transfer and the like in a cookie.

4. Vulnerability Verification:

It will be possible found in the previous step can be successfully utilized all vulnerabilities are verified again. The actual situation, to build simulation environment test. And then applied to the target in the success.

  • Automatic verification: combined results of automated scanning tools
  • Manual verification, the resource is validated disclosed
  • Experimental verification: build their own simulation environment to verify
  • Log guess: Sometimes you can try to guess what information the account password and other login mouth
  • Business validation vulnerability: vulnerabilities found business to be verified

Public resources:

  • exploit-db/wooyun/
  •  google hacking
  • Code penetration website
  • Universal default password
  • Manufacturers vulnerability warnings

5. Information analysis:

To prepare for the next Permeation

  •  Precision strike: exp ready to step on the detected vulnerabilities for precision strike
  •  Bypass the defense mechanism: if there is a firewall and other equipment, how to get around
  •  Custom attack path: the best tool path, according to the entrance is weak, the high position of authority within the network, the ultimate goal
  •  Bypass the detection mechanism: Is there a mechanism for detection, traffic monitoring, anti-virus software, malicious code detection (to avoid killing)
  •  Attack code: After the test codes come, including but not limited to the code xss, sql statement like injection

 6. Obtain required:

Attack: According to the results of the previous steps, attack

  •  Obtain internal information: infrastructure (network connection, vpn, routing, topology, etc.)
  •  Further penetration: network intrusion, sensitive targets
  •  Continued existence: Generally, we do not need penetration to customers. rookit, back door, add the account management, and other techniques stationed
  •  Clean up traces of: clean up relevant log (access operation), upload files, etc.

7. organize information

  • Finishing penetration tool: Finishing osmosis process used in the code, poc, exp, etc.
  • Collating information: consolidation infiltration process to gather all the information
  • Finishing vulnerability information: all kinds of loopholes consolidation infiltration process encountered various vulnerable position information

8. Report formed

  • Demand Finishing: good first step in determining the scope in accordance with the customer before, we need to organize data and information reporting form
  • Additional information on: To the causes of vulnerability, the verification process and analyze harm
  • Repair advice: of course, reasonable and efficient security solution for all problems arising

 

flow chart:

 

 

 

 

 

 

Note: Reprinted from https://www.cnblogs.com/iceliu/p/

 

Guess you like

Origin www.cnblogs.com/iceliu/p/11691348.html
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com