< All Advanced Penetration Testing Notes

Oishi | Advanced Penetration Testing | Module 5 - Vulnerability Discovery/Scanning

By: Oishi | Related Course: Advanced Penetration Testing | Published: June 28, 2017 | Modified: July 24, 2017
Join Cybrary



>service postgresql start

> service metasploit start


username security

>use auxiliary/scanner/ftp/anonymous

new term> cat classscan.gnmap

>cat classscan.gnmap |grep Up | cut -d ”” -f 2

>cat classscan.gnmap | grep Up | cut -d ”” -f 2 | sort -u >livehost.txt

>cat livehosts.txt

Metsploit>set RHOSTS file:/root/livehosts.txt

> run


>use exploit/windows/smb/ms08_067_netapi

>show options

>set rhost

> check



NotepadVulnerability scanning : directory


> zervit 0.4   web server



NotepadVulnerablity pt 3


cd /user/share/namp/scripts

> namp –scripts-help default

> nmap –script-help smb-check-volns

> namp –scripts-help nfs-ls

> nmap -sC -oA script output

xampp 1.7.2 doenst have the best security features. .

an open mysql can be expoited

> nmap — scripts=nfs-ls     

(or add # -p ___ )


NotepadVulnerablity testing (nessus)

> Kali

> Pen tester should be able to find vulnerablities without a scanner. 

> service nessus start

> service nessusd start




1st. create the policies

– basic network scan


NotepadWeb applications


>Programs: tom cats,  cold fusion, cadaver, Dirbuster (password breaking), nikto

> mysql -h

> > xampp



> find : search web: xampp 1.7.2 credentials …metasploit

RPASS is the password and RUSER is username

> dav:// 


Search web>

dirbuster run> add word list… 

nikto> nikto

>nikto -h

osvdb = open source  vairble database


< All Advanced Penetration Testing Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?