kali penetration test

Posted by deaguero at 2020-03-31

Kali Linux is a Debian based Linux operating system penetration test for penetration test and security audit, which refers to the process of evaluating the information security protection capability of the target server or network with certain authorization. Including but not limited to the use of various scanning and attack means to detect, attack, destroy and set a back door for the target's protection system. Penetration test is a part of information security evaluation, which aims to ensure the network defense ability of the target system to achieve the expected. At present, there are many Internet companies and teams that can provide professional services of penetration testing, and many Internet companies have a large demand for talents in this field. Vulnerability analysis is to test the potential vulnerabilities of the target system through the relevant scanning and detection tools of penetration test, and evaluate whether the target system has completed the patch or security strategy. If there are still corresponding vulnerabilities in the target system, the risk of vulnerabilities should be evaluated according to the difficulty of discovery and utilization. Social engineering is applied to the field of information security, which refers to the sensitive information that can be used to attack and obtain certain privileges through social or interpersonal contact.

For example, we can get the user name and password of a website, even the bank account information through phishing. What we use is to use the form of camouflage and deception without the user's knowledge to obtain necessary information naturally.

The default user password is msfadmin / msfadmin

Libvirt is a free and open-source C function library that supports the mainstream virtualization tools under Linux. It aims to provide a set of convenient and reliable programming interface for various virtualization tools including Xen, and support the binding with C, C + +, ruby, Python and other mainstream development languages. At present, the default virtualization management tools on the mainstream Linux platform, such as virt Manager (graphical), virt install (command-line mode), are developed based on libvirt.

Libvirt library is a Linux API to realize Linux virtualization. It supports various hypervisors, including Xen and KVM, QEMU and some virtual products for other operating systems.

In short, libvirt is a set of standardized virtualization management interface, which can manage all kinds of virtual resources mentioned above. Libvirt provides a command-line tool, virsh, in addition to SDKs in various languages. In our experimental environment, you can start it in the following ways. Please take some time to familiarize yourself with the virsh command, which will be very helpful for us to debug in the subsequent development process.

List of virsh common commands:

Command description help displays the description of the command quit ends virsh, returns to shell connect to the specified virtual machine server create starts a new virtual machine destroy deletes a virtual machine start starts (defined) non started virtual machine define from XML defines a virtual machine undefine undefined virtual machine dumpxml dumps the setting value of virtual machine List list the status of virtual machine reboot virtual machine save save save virtual machine restore restore the status of virtual machine suspend suspend the execution of virtual machine resume resume the virtual machine dump the kernel of virtual machine to the specified file for analysis and troubleshooting shutdown virtual machine setmem modify the size of memory setmaxmem set the maximum value of memory Setvcpus modifying the number of virtual processors

Here are some common tools included in APT get: here are some common parameters of apt get:

If you feel that nginx is no longer needed, you only need to perform sudo apt get remove nginx to uninstall the software. The system will have a confirmation operation, and then the software will be removed from the system.

If you do not want to keep the configuration file, you can use the apt get purge command:

$ sudo apt-get purge nginx

$sudo apt get autoremove about online installation

Let's use the rpcinfo - P localhost command to view the open services of the current system:

msfadmin:msfadmin user:user postgres:postgres sys:batman klog:123456789 service:service

nmap -p1-1000 target