Penetration testing of loopholes in the use of the Open chapter

1. Exploit purpose

A simple understanding of known vulnerabilities in the network is not enough for integrated security control of networks and systems. There are many benefits to conducting targeted, comprehensive vulnerability testing.
　　

• jump out of the safe work of speculation and suspicion.
  The management team can also get the details necessary to implement remediation by providing critical infrastructure intrusion that leads to sensitive data leaks or changes, resulting in a focus on security issues.
• Verify the security of the protection measures.
  Exploit penetration testing can verify the security of defensive control in theory, and it is the manager's ability to demonstrate that the security measures taken are running as expected.
• discover small issues that are easily overlooked in the security architecture.
  Can be used to confirm that there are no unknown security issues in the network.

2. Add target drone--kioptrix virtual machine

The Kioptrix virtual machine is a Linux distribution with a specific vulnerability configured by the Steven McElrea and Richard Dinelle team. Can be downloaded on the Kioptrex website, there are currently five versions, the latest is Kioptrix VM 2014, open ports are more, but there will be some problems in the VirtualBox virtual machine. Kioptrix VM 1.3 is small in size and opens up some basic services that are appropriate for beginners.
　　
　　
Download the Kioptrix VM 1.3 Virtual machine image file and unzip it to the specified file plus. Create a new virtual machine in the virtual box's experimental environment and specify the use of an existing mirror.
　　

• Name: Kioptrix4 (customized according to your needs)
• Operating system type: Other linux64 Bit Edition
• Memory: 512M
• Startup disk: KIOPTRIX4_VMWARE.VMDK

3. Configure the Network

By default, the KIOPTRIX4 virtual opportunity automatically assigns an IP address from our DHCP server. If you do not have this condition, you can also enable the built-in DHCP server installed by Virtual box. This can be done using the Vboxmanager command-line tool.
　　

sudo Vboxmanage DHCPServer Add --NetName vlab_1 --IP 192.168. -. - --netmask 255.255.255.0 --Lowerip 192.168. -.101 --Upperip 192.168. -. Max --Enable

We set the network card of the Kioptrix virtual machine to "internal network", the name "Vlab_1", the Kali Linux virtual machine can open another network card to do the same settings. With the above command, the system in the virtual box VM is connected to the Vlab_1 network and is divided into an IP address between 192.168.50.101 and 192.168.50.150.

　　Note: My is OS X system, the command option is used before the double-Bar "–", if other operating systems please use a single bar "-"

Penetration testing of loopholes in the use of the Open chapter