Vulnerability Identification

Source: Georgia Weidman, “Advanced Penetration Test” Cybrary
Query systems for potential vulnerabilities

(1) Nessus
Vulnerability database + scanner 

(2) Nmap Scripting EngineVulnerability scripts
Listed in /usr/share/nmap/scripts in Kali 

nmap -sC 172.16.85.135-136 
nmap –script-help=smb-check-vulns 
nmap –script=nfs-ls 172.16.85.136 
nmap –script=smb-os-discovery 172.16.85.136

(3) Metasploit Scanners​auxiliary/scanner/ftp/anonymous 

Web Application Scanning​
(1) Dirbuster
Graphical tool that is used for bruteforcing directories and pages.

(2) NiktoVulnerability database of known website issues
nikto -host http://172.16.85.136

Manual Analysis
*Default passwords – Webdav
*Misconfigured pages – open phpMyAdmin
*Port 3232 on the Windows system – sensitive webserver with directory traversal

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s