Part 4 - WMAP Scan

Video Activity

In this second part covering WMAP, Dean discusses moving forward with running a scan on the discovered modules. He mentions an important point about making sure there is sufficient RAM allocation on the target VM in order to support the overhead generated from the scan. Once the WMAP scan is complete, you then have a list of potential vulnerabiliti...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Description

In this second part covering WMAP, Dean discusses moving forward with running a scan on the discovered modules. He mentions an important point about making sure there is sufficient RAM allocation on the target VM in order to support the overhead generated from the scan. Once the WMAP scan is complete, you then have a list of potential vulnerabilities present on the target host.

Video Transcription
00:03
>> The dash t option finished.
00:03
We can see that we've got a lot of modules which may be
00:03
related to doing this testing of the website.
00:03
I've got a web server testing some scares here,
00:03
file and directory testing, unique query testing.
00:03
That gives me some indication that I've
00:03
got a lot of modules that may apply.
00:03
Now I'll go back
00:03
to my help screen for wmap_run -e.
00:03
We'll launch all the profiles against these targets.
00:03
So if I don't give a profile name then it runs
00:03
all enabled modules. That's what I'm going to do.
00:03
I'm going to do wmap_run -e and there should put
00:03
all these modules against all of the content found
00:03
in the root folder of the Metasploit server.
00:03
This will probably take a little while.
00:03
I actually had a run this earlier and
00:03
the wmap_run -e failed
00:03
and it was giving me a memory allocation error.
00:03
You may see this as well.
00:03
So what I did was I shut down my Kali instance,
00:03
and I increased the RAM to two gigabytes.
00:03
It was already at one,
00:03
I figured I'd play it safe and just
00:03
>> add another gigabyte.
00:03
>> Hopefully, that does the trick and the scan actually
00:03
completes without the virtual
00:03
>> machine running out of RAM.
00:03
>> We'll check that again in just a little while and see
00:03
if we can find some vulnerabilities.
00:03
The wmap scan finally finished.
00:03
Wmap_run -e was the command that I ran.
00:03
Now we can look at the wmap_vulns command,
00:03
dash L to list of vulnerabilities.
00:03
That didn't show anything.
00:03
All right, but I did find one when
00:03
>> I go to look at vulns.
00:03
>> Let's go back real quick and look at the help.
00:03
Web vulns table did not
00:03
put the vulnerabilities in a table,
00:03
but at least it did find a vulnerability.
00:03
Linux payload execution.
00:03
I'II give you a nice link to the vulnerability.
00:03
I think we have a Postgres payload module
00:03
that we can try to verify that that
00:03
actually is the unknown weakness.
00:03
Actually, I think what I'm considering is
00:03
the default credentials that we explored earlier,
00:03
but we'll take a look at this a little bit later.
00:03
That's the end of the section for WMAP.
00:03
Now we will move on to trying to use Nessus.
Up Next