Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Description

In this second part covering WMAP, Dean discusses moving forward with running a scan on the discovered modules. He mentions an important point about making sure there is sufficient RAM allocation on the target VM in order to support the overhead generated from the scan. Once the WMAP scan is complete, you then have a list of potential vulnerabilities present on the target host.

Video Transcription

00:04
Okay, so the nasty option finished. We can see that we've got a lot of modules
00:08
which may be related to doing this testing of the website.
00:13
I've got a Web server testing some scanners here
00:16
following directory testing unique query testing.
00:21
So that gives me some indication that I've got
00:26
a
00:28
a lot of models that may apply.
00:31
Now, what I can do
00:36
is used mine. I'll go back to my help screen for W. Matt. Matt, Run,
00:42
Dash e Will will launch all the profiles against these targets.
00:49
So if I don't give a profile name than it runs all enabled modules. So that's what I'm going to do. I'm going to do w map
00:55
underscore. Wrong Dash E.
00:58
They should put all these models against all of the content found in the root folder of the Medicis Boyd server.
01:07
Uh, this will probably take a little while.
01:10
I actually had run this earlier and the
01:15
the w map run under.
01:18
Tell him that. Underscore. Wrong gash. He failed,
01:21
and it was giving me a memory allocation error.
01:23
You may see this as well. So what I did was I shut down my callie instance and I increased the Ram to two gigabytes.
01:34
It was ready at one favorite. I'd played safe just at another gigabyte. Hopefully that does the trick. And this scan actually completes without the
01:42
virtual machine running out of rant.
01:46
So we'll check back in just a little while and see if we can find some vulnerabilities.
01:49
All right, the the W map scan finally finished.
01:56
W map. Underscore. Run! Dash E was the command that I ran.
02:01
And now we can look
02:04
at the, uh, W math Vallone's command dash out a list. Vulnerabilities
02:10
didn't show anything,
02:15
All right, but I did find one. When I go to look at Bones,
02:17
um,
02:19
let's let's go back real quick and
02:23
look at the hole.
02:27
So Webb bones table did not put it the vulnerabilities in a table.
02:30
But at least it did find
02:34
a vulnerability.
02:37
Looks paler. Execution.
02:39
Looks like a, uh,
02:42
having fun would give you a nice link to the ER
02:45
to the vulnerability.
02:47
And I think we have a post crest
02:52
payload,
02:54
huh?
02:55
Model that we can try
02:58
to verify that. That actually is the
03:01
no weakness. Don't you think? What I'm considering is the, uh,
03:06
the default credentials that we explored earlier, but we'll take a look at this a little bit later.
03:12
All rights, that's the end of the section for W map. Now we will move on to trying to use Ness's.

Up Next

Metasploit

This Metasploit tutorial will teach you to utilize the deep capabilities of Metasploit for penetration testing and help you to prepare to run vulnerability assessments for organizations of any size.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor