enumeration is our next step here.
After you've your network terrain mapped out, you'll need toe pro for vulnerabilities. This could be done in two ways. Manually, through scanning and scan. It could be done with a tool like messis.
I will not be showing you that, too. I don't have that tool, UM,
that actually requires licenses,
But there is a free version that you can download to try on your home network.
Ness issues is what's called STIG, which is the security technical implementation guide on, and it uses that guide
to identify vulnerabilities
that's called a Stig scan.
You can also manually identify vulnerabilities with the map that you've built
so after you've identified running service is you can attempt to log into them with default credentials. Or you can check exploit database to identify vulnerable versions of the software.
Another thing you can D'oh
is to use a massage to do what's called a Hail Mary to tryto find a vulnerability. But
that would be gaining access as well, so you'll be performing enumeration and getting access to the same time,
if you're doing a scan on a network that you don't have permission to actually break into the boxes and exploit,
or you're on something that
may have sensitive, uh, I C s systems
vulnerabilities and doing Hail Mary like that may not be your best option.
So let's go check out some in new Marais shin tools.
See if I have the tool in here
Right here. We are back in our
Gonna open up are a new terminal here. A new window.
I'm gonna open up our massage box,
be the service's are running.
So we see we have Apache
2.2 point 16 We have open l dap
a couple other things.
So we're going to use a tool called Search Floyd.
and you see your options here that you have.
you're gonna do search, deployed,
any kind of options. So if you want to perform a case sensitive search if you want Thio,
search just for an exploit title,
get over both output.
Things like that. You can add that before. All right. So we're gonna do, sir exploit
there's any open elder vulnerabilities.
we see here that we have some exploits are available to us for
a service info here didn't give us too much. So it's run back to our
VD get service. Version
That's actually a 1.10
where I get the service version. Stephen, a pin down a better service version of this item.
And now from this we got open Al adapt to point to point X 22.3
exploits here. They're available to us. So
go through and, you know, take note that we have some options for ah are in numerous in here.
Then we can also do Apache. So
and we're running Apache. Http D 2.2 point 616
and we really don't see anything here for Apache.
Http d to point to point
16 So that's when we have performing in new Marais. Shin is by using the search boy tool.
Now, everything that's insert sport can be found from the Exploit database,
which is located online. Every time there's an update to Cali,
the exploit database, with all its scripts and exploits gets pulled into Callie machines. Let's go check out the website.
Alright, here we are on exploit database. Like I said before, everything that's on exploit database gets put into the Cali machine.
But if you aren't on the Keller machine and you're
somewhere else, you can easily go up to search
when I type in Apache. H T T P D. There, see what we get here. 73
That's for your capture.
Couldn't perform a search right here on the databases website,
and we got the same kind of exploits
that we found on Kelly as well.
So sometimes you may get
different exploits because new exports are found, and sometimes they may be exactly the same.
So as one example of how a new Marais shin can be performed,
let's move on to our next step