Source: Georgia Weidman, “Advanced Penetration Test” Cybrary
Query systems for potential vulnerabilities
(1) Nessus
Vulnerability database + scanner
(2) Nmap Scripting EngineVulnerability scripts
Listed in /usr/share/nmap/scripts in Kali
nmap -sC 172.16.85.135-136
nmap –script-help=smb-check-vulns
nmap –script=nfs-ls 172.16.85.136
nmap –script=smb-os-discovery 172.16.85.136
(3) Metasploit Scannersauxiliary/scanner/ftp/anonymous
Web Application Scanning
(1) DirbusterGraphical tool that is used for bruteforcing directories and pages.
(2) NiktoVulnerability database of known website issues
nikto -host http://172.16.85.136
Manual Analysis*Default passwords – Webdav
*Misconfigured pages – open phpMyAdmin
*Port 3232 on the Windows system – sensitive webserver with directory traversal