Penetration Test - Survey the Target(4)

转载

mb5ff981a16d1dd 2020-08-06 22:48:00

文章标签 Penetration Testing Cyber Security sed ide linux 文章分类 Java 后端开发

Vulnerability Scanning

VULNERABILITY SCAN

Structured approach to examining targets to identify known weaknesses
Many different types
Determine if any known weaknesses exist

CREDENTIALED VS. NON-CREDENTIALED

Credentialed(authenticated) - Accessing resources using valid credentials
- More detailed, accurate information
Non-credentialed(non-authenticated) - anonymous access to exposed resources
- Fewer details, often used in early phases of attacks/tests

TYPES OF SCANS

Discovery scan - used to find potential targets
- Identity/info gathering early on
- nmap ping sweep
  - nmap -sP target
Full scan - scans ports, services, and vulnerabilities
- Full scan with fingerprinting
  - nmap - A
    - Not stealthy
  - perl nikto.pl -h
  - OpenVAS
    - Open-source version of Nessus
Port scan
- nmap -p
Stealth scan - attempt to avoid tripping defensive control thresholds
- nmap -sS
Compliance - scan for specific known vulnerabilities that would make a system non-compliant

QUICK REVIEW

Structured approach to discovering target vulnerabilities
Correlates known vulnerabilities with target characteristics
Scans can be general (find any weaknesses) or targeted(see if specific weaknesses exist)
Scans can range from quiet to very noisy

DEMO

Lab Environment:

Metasploitable - 10.0.0.19,

DVWA - 10.0.0.20,

Kali Linux - 10.0.0.1`7

nmap

Stealth scan: nmap -sS

nmap -sS 10.0.0.20

Penetration Test - Survey the Target(4)_Cyber Security

Scan specified ports: nmap -p

nmap -p 1-65535 10.0.0.20

Penetration Test - Survey the Target(4)_linux_02

A option includes fingerprinting

nmap -p 22 -A 10.0.0.20

Penetration Test - Survey the Target(4)_sed_03

nikto

Nikto vulnerability scan: nikto -h

nikto -h 10.0.0.20

Penetration Test - Survey the Target(4)_sed_04

Penetration Test - Survey the Target(4)_Penetration Testing_05

OpenVAS

Official site:

https://www.openvas.org/

https://github.com/greenbone/openvas/blob/master/INSTALL.md

Install perquisites on Kali:

https://tools.kali.org/vulnerability-analysis/openvas

apt-get install gcc pkg-config libssh-gcrypt-dev libgnutls28-dev \
libglib2.0-dev libpcap-dev libgpgme-dev bison libksba-dev libsnmp-dev \
libgcrypt20-dev redis-server

Continue on the next blog...

相信未来 - 该面对的绝不逃避，该执著的永不怨悔，该舍弃的不再留念，该珍惜的好好把握。

本文章为转载内容，我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题，欢迎原作者联系我们进行内容更正或删除文章。