Perform Vulnerability Scan and Analyze Vulnerability Scan Results

Introduction

Welcome to the Perform Vulnerability Scan and Analyze Vulnerability Scan Results Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

• Exercise 1 - Perform Enumeration
• Exercise 2 - Perform Vulnerability Scan
• Exercise 3 - Analyze Vulnerability Scan Results and Prioritize Activities
• Exercise 4 - Describe Common Techniques to Complete Attack

After completing this lab, you will be able to:

• Perform DNS Enumeration
• Switch Off the Windows Firewall on PLABWIN810
• Perform Windows Host Enumeration using Rpcclient
• Perform Linux Host Enumeration using Nmap
• Enumerate Web Applications using Wafw00f
• Enumerate a Web server using HTTPrint
• Perform Website Enumeration using Nmap
• Perform Server Message Block (SMB) Enumeration
• Use Nikto for Vulnerability Scanning
• Perform Vulnerability Scanning using OpenVAS
• Use Lynis for System Vulnerability Scanning
• Describe False Positive
• Map Vulnerabilities
• Prioritize Activities in Preparation for Penetration Test
• Know about Exploits
• Explain Cross-compiling Code
• Explain Exploit Modification
• Know about Exploit Chaining
• Know about Proof-of-Concept Development (Exploit Development)
• Know about Social Engineering

Exam Objectives

The following exam objectives are covered in this lab:

• PT0-001: 2.1 Given a scenario, conduct information gathering using appropriate technique
• PT0-001: 2.3 Given a scenario, analyze vulnerability scan results
• PT0-001: 4.2 Compare and contrast various use cases of tools

Lab Duration

It will take approximately 1 hour to complete this lab.

Exercise 1- Perform Enumeration

Enumeration is part of active reconnaissance. Using Enumeration, you can find a lot of details about a device, server, or service. Enumeration can be used to find information, such as:

• Operating system information, such as version
• DNS information
• SNMP information
• Users and groups
• Password hashes and passwords
• Hostnames
• Domain information
• Running services and process
• The information generated in enumeration can be helpful in exploiting a service, server, or a device.

In this exercise, you will learn about enumeration.

Learning Outcomes

After completing this exercise, you will be able to:

• Perform DNS Enumeration
• Switch Off the Windows Firewall on PLABWIN810
• Perform Windows Host Enumeration Using Rpcclient
• Perform Linux Host Enumeration using Nmap
• Enumerate a Web Applications using Wafw00f
• Enumerate a Web server using HTTPrint
• Perform Website Enumeration using Nmap
• Perform Server Message Block (SMB) Enumeration

Exercise 2 - Perform Vulnerability Scan

The resources that should be made available to the pentester are dependent on the scope of penetration testing. There can be a variety of resources that can be made available to the pentester if they fit into the scope of penetration testing.

In this exercise, you will learn about penetration testing resources and requirements.

Learning Outcomes

After completing this exercise, you will be able to:

• Use Nikto for Vulnerability Scanning
• Perform Vulnerability Scanning using OpenVAS
• Use Lynis for System Vulnerability Scanning

Exercise 3 - Analyze Vulnerability Scan Results and Prioritize Activities

After you have scanned devices, servers, and Web applications for vulnerabilities, you need to analyze the vulnerability results now. This is because after discovering vulnerabilities, you need to make good use of them in penetration testing.

In this exercise, you will learn about analyzing the vulnerability scan results.

Learning Outcomes

After completing this exercise, you will be able to:

• Explain False Positive
• Know about Mapping Vulnerabilities
• Prioritize Activities in Preparation for Penetration Test

Exercise 4 - Describe Common Techniques to Complete Attack

During a penetration test, you will need to choose an attack technique to complete the task. In different environments, the attack technique will differ. Some of the common attack techniques used in penetration testing are:

• Social engineering - This attack sets the base for all other attacks. An attacker can use different methods, such as phishing, to trigger the attack.
• Web application attacks - These could include SQL injection, XSS, XSRF, and many more types of attacks. These are applicable if you are performing a penetration test on a Web application.
• Session hijacking - This is specifically useful when you have unencrypted sessions going on. An attacker can perform session hijacking or man-in-the-middle attack.
• Password cracking - This involves some level of access to the server or system and then use various tools to crack the passwords.

A private network is slightly more secure than the public network, which is visible to everyone. When breaking into a private network, the attacker must find various methods to connect. For example, the attacker may use social engineering and deploy malware by sharing a USB drive with a user.

In this task, you will learn about common techniques to complete an attack.

Learning Outcomes

After completing this exercise, you will be able to:

• Know about Exploits
• Explain Cross-compiling Code
• Explain Exploit Modification
• Know about Exploit Chaining
• Know about Proof-of-Concept Development (Exploit Development)
• Know about Social Engineering