Part 7 - Why Sites Get Hacked

Video Activity

In this next video in the series of why sites get hacked, we take a deeper look into enumeration. After the network terrain has been mapped out, we need to begin probing for vulnerabilities. This is accomplished in two ways: manually and automatically via scanning. We discuss various manual methods along with several automated tools such as Nessus,...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

In this next video in the series of why sites get hacked, we take a deeper look into enumeration. After the network terrain has been mapped out, we need to begin probing for vulnerabilities. This is accomplished in two ways: manually and automatically via scanning. We discuss various manual methods along with several automated tools such as Nessus, Armitage, and Searchploit.

Video Transcription
00:03
>> Enumeration is our next step here.
00:03
After you have your network terrain mapped out,
00:03
you need to probe for vulnerabilities.
00:03
This could be done in two ways:
00:03
manually, through scanning.
00:03
Scanning can be done with a tool like Nessus.
00:03
I will not be showing you that tool.
00:03
I don't have that tool.
00:03
That actually requires licenses,
00:03
but there is a free version that you can
00:03
download to try on your home network.
00:03
Nessus uses what's called STIG,
00:03
which is the Security Technical Implementation Guide.
00:03
It uses that guide to identify vulnerabilities,
00:03
and that's called a STIG scan.
00:03
You can also manually identify
00:03
vulnerabilities with the map that you've built.
00:03
After you've identified running services,
00:03
you can attempt to log into
00:03
them with default credentials,
00:03
or you can check Exploit Database to
00:03
identify vulnerable versions of the software.
00:03
Another thing you can do is to use Armitage to
00:03
do what's called a Hail Mary to try
00:03
to find a vulnerability,
00:03
but that will be gaining access as well.
00:03
You'll be performing enumeration and
00:03
getting access at the same time,
00:03
which if you're doing a scan on
00:03
a network that you don't have permission
00:03
to actually break into the boxes and exploit,
00:03
or you're on something that may
00:03
have sensitive ICS Systems,
00:03
thrilling vulnerabilities,
00:03
and doing a Hail Mary like
00:03
that may not be your best option.
00:03
Let's go check out some enumeration tools.
00:03
[NOISE]
00:03
See if I have the tool in here.
00:03
There we go.
00:03
[NOISE]
00:03
Here we are back in our Kali box.
00:03
I'm going to open up a new terminal here, a new window.
00:03
I'm going to open up our Armitage box,
00:03
view the services that are running.
00:03
We see we have Apache 2.2.16.
00:03
We have a OpenLDAP, couple other things.
00:03
We're going to use a tool called SearchSploit.
00:03
Simply type SearchSploit.
00:03
You see your options here that you have.
00:03
You're going to do SearchSploit, any option.
00:03
If you want to perform a case sensitive search,
00:03
if you want to search just for an exploit title,
00:03
get a verbose output,
00:03
things like that, you can add that before.
00:03
We're going to do SearchSploit,
00:03
[NOISE] OpenLDAP to see
00:03
if there's any OpenLDAP vulnerabilities.
00:03
We see here that we have some exploits
00:03
are available to us for OpenLDAP.
00:03
Now, the service info here didn't give us too much.
00:03
Let's run back to our Nmap.
00:03
We're going to Nmap detect
00:03
-sV to get service version 192.168.0.1.10.
00:03
We're going to get the service versions,
00:03
see if we can pin down a better service version
00:03
of this item.
00:03
Now, from this we get OpenAL.2.2.x to 2.3. x.
00:03
We do have some exploits here.
00:03
They're available to us so we could go through,
00:03
and take note that we have
00:03
some options for our enumeration here.
00:03
We can also do SearchSploit Apache.
00:03
We're running Apache httpd 2.2.16.
00:03
Here we go. We really don't see anything
00:03
here for Apache httpd 2.2.16.
00:03
That's one way of performing
00:03
an enumeration is by using the SearchSploit tool.
00:03
Now, everything that's in SearchSploit can
00:03
be found from the Exploit Database,
00:03
which is located online.
00:03
Every time there's an update to Kali,
00:03
the Exploit Database,
00:03
with all its scripts and exploits,
00:03
gets pulled into Kali machines.
00:03
Let's go check out the website.
00:03
[NOISE]
00:03
Here we are on Exploit Database.
00:03
Like I said before, everything that's on
00:03
Exploit Database gets put into the Kali machine.
00:03
But if you aren't on a Kali machine,
00:03
and you're doing enumeration somewhere else,
00:03
you can easily go up to search.
00:03
I'm going to type in Apache httpd
00:03
there. See what we get here.
00:03
73S4, yey, CAPTCHA.
00:03
I'm going to perform a search
00:03
right here on the database's website.
00:03
We got the same exploits that we found on Kali as well.
00:03
Sometimes, you may get
00:03
different exploits because new exploits are found.
00:03
Sometimes, they may be exactly the same.
00:03
That's one example of how enumeration can be performed.
00:03
Let's move on to our next step.
Up Next