What is penetration testing

Penetration testing is a process of actively evaluating users' information security measures . Through systematic operation and analysis , Actively discover various defects and weaknesses in the system and network , Such as design defects and technical defects .

Penetration testing is about any weakness of the system 、 Technical defects 、 Active vulnerability analysis process . This active analysis is carried out from the possible location of an attacker , And take the initiative to exploit security vulnerabilities conditionally from this position .

Penetration testing is different from other evaluation methods , The usual evaluation method is to find all relevant security problems according to known information resources or other evaluated objects . Penetration testing is based on known exploitable security vulnerabilities , To find out whether there are corresponding information resources . Usually the evaluation method Evaluation of The results are more comprehensive , Penetration testing pays more attention to the severity of security vulnerabilities .

mssql Database penetration test

1. In the local PC Penetration testing platform BT5 Use in zenmap Tool scan server scenario p100_win03-20 Network segment ( for example ：172.16.101.0/24) Live hosts in range IP Address and designated open 1433、3306、80 port . And take the string that needs to be added in the command used by this operation as FLAG Submit ;

Use the command at the command terminal zenmap Open the scanning tool

Fill in the target address , And add after the default parameter -p 1433,3306,80