< All Advanced Penetration Testing Notes

Oishi | Advanced Penetration Testing | Module 5 - Vulnerability Discovery/Scanning

By: Oishi | Related Course: Advanced Penetration Testing | Published: June 28, 2017 | Modified: July 24, 2017
Join Cybrary

NotepadMetasploit

Kali

>service postgresql start

> service metasploit start

>msfconsole

username security

>use auxiliary/scanner/ftp/anonymous

new term> cat classscan.gnmap

>cat classscan.gnmap |grep Up | cut -d ”” -f 2 192.168.1.80 192.168.1.76

>cat classscan.gnmap | grep Up | cut -d ”” -f 2 | sort -u >livehost.txt

>cat livehosts.txt

Metsploit>set RHOSTS file:/root/livehosts.txt

> run

——————————–

>use exploit/windows/smb/ms08_067_netapi

>show options

>set rhost 192.168.1.76

> check

 

 


NotepadVulnerability scanning : directory

Kali

> zervit 0.4   web server

> http://192.168.1.76:3232

 


NotepadVulnerablity pt 3

Kali…. 

cd /user/share/namp/scripts

> namp –scripts-help default

> nmap –script-help smb-check-volns

> namp –scripts-help nfs-ls

> nmap -sC 192.168.1.76 192.168.1.80 -oA script output

xampp 1.7.2 doenst have the best security features. .

an open mysql can be expoited

> nmap — scripts=nfs-ls 192.168.1.80     

(or add # -p ___ )

 


NotepadVulnerablity testing (nessus)

> Kali

> Pen tester should be able to find vulnerablities without a scanner. 

> service nessus start

> service nessusd start

Browser>https://127.0.0.1:8834

https://www.tenable.com/products/nessus-vulnerability-scanner

https://localhost:8834

1st. create the policies

– basic network scan

 


NotepadWeb applications

Kali

>Programs: tom cats,  cold fusion, cadaver, Dirbuster (password breaking), nikto

> mysql -h 192.168.1.76

> http://192.168.1.76 > xampp

>cadaver http://192.168.1.76/webdav

username: 

> find : search web: xampp 1.7.2 credentials …metasploit

RPASS is the password and RUSER is username

> dav:// 

 

Search web> 192.168.1.76/phpmyadmin/

dirbuster run> add word list… 

nikto> nikto

>nikto -h http://192.168.1.80

osvdb = open source  vairble database

 


< All Advanced Penetration Testing Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel