Simulating penetration testing in an isolated network environment
Given that our lab environment in GCP has been set up, we can now proceed with having a penetration testing simulation to verify that everything has been configured correctly. Of course, we will work with a simplified penetration testing process, as our primary goal is to assess whether the penetration testing lab environment has been set up and configured correctly:
Figure 4.41 – Penetration testing simulation
Our simulation will start with a port scan to check the open ports of the target VM instance (vm-target). After identifying that port 80 is open, we will use a web browser to navigate through the pages and explore the functionality of the vulnerable web application (running inside a container) accessible on the said port. We’ll end the simulation right after we have used an SQL Injection attack to gain administrator access and successfully signed in using an administrator...
