Penetration Test Report Demo
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> I want to do a demo
00:00
describing a bit more on what a CVE is,
00:00
a CWE and CVSS,
00:00
a lot of C's in there,
00:00
but let's break this down a bit more.
00:00
I love this website CVE details.
00:00
It provides a whole lot of
00:00
information and you can see off
00:00
the bat if we're looking for a particular vulnerability,
00:00
in this case, CDE 2009,
00:00
3023, which came out in the year 2009.
00:00
We can already see there's two public exploits
00:00
available for this in one Metasploit module.
00:00
I'll go into that a little bit later.
00:00
But a descriptions here that is
00:00
a buffer overflow and FTP in
00:00
Microsoft IIS versions 5.0 through
00:00
6.0 and if you look down here at the CVSS score,
00:00
it's a 9.3, the highest being a 10.
00:00
This is a pretty severe vulnerability.
00:00
Now I also spoke about CWEs.
00:00
This is a CVE here describing
00:00
a specific type of software
00:00
and a specific type of vulnerability.
00:00
If we look at the CWE,
00:00
we can see it's attached to CWE119
00:00
failure constraint operations within
00:00
the bounds of memory buffer.
00:00
This is more of a general description
00:00
of what the vulnerability class is,
00:00
rather than a specific vulnerability for that software.
00:00
I think it's good to know what a CWE is.
00:00
You'll have a CWE,
00:00
that's more of a general vulnerability and
00:00
then a more specific CVE for
00:00
that piece of software or service.
00:00
Now, if we go down here,
00:00
we'll see that there's references to the Exploit.
00:00
It's nice that it's in red right here.
00:00
We can actually go to exploit DB,
00:00
which we'll do later in our labs.
00:00
We can then go to exploit DB and look at this
00:00
particular exploit and then
00:00
modify it for our environment,
00:00
and then hope that it works.
00:00
The other thing is we have
00:00
a Metasploit module attached to
00:00
it so you can use Metasploit once and OSEP.
00:00
If we wanted to use it,
00:00
if we found this particular vulnerability,
00:00
then we know based on this website that there is
00:00
a Metasploit module that we could
00:00
use to exploit that vulnerability.
00:00
The other thing I want to delve into
00:00
a bit more CVSS score.
00:00
If we have a custom application
00:00
that doesn't have a CVE attached to it,
00:00
we could use CVSS to
00:00
score or rank how severe that vulnerability is.
00:00
For example, let's think that we've found
00:00
a stored cross-site scripting
00:00
vulnerability in custom application.
00:00
We'll go into this more in
00:00
the web attack section of this course.
00:00
But let's say anyone on the Internet
00:00
can reach this website,
00:00
which will be network.
00:00
Attack complexity is low.
00:00
You just have to use some JavaScript to
00:00
execute the cross-site scripting exploit.
00:00
There are no privileges required.
00:00
Anybody on the Internet can access the website.
00:00
There's no authentication.
00:00
User interaction is required.
00:00
Someone who actually has to go to that website,
00:00
you have to entice them to go there or maybe
00:00
they're on unwittingly go into that website.
00:00
Scope is unchanged.
00:00
It's simply affects that specific website or domain.
00:00
Confidentiality is high because I, as an attacker,
00:00
I could craft my exploits so that I could steal
00:00
somebody's cookie or read sensitive information.
00:00
Integrity is high because maybe I
00:00
can redirect them to a phishing page that looks
00:00
exactly like a legitimate page and they
00:00
could give me some sensitive information there.
00:00
Availability is high because I could,
00:00
again redirect somebody so there's
00:00
no ability for them to actually reach that domain,
00:00
which all this calculated and I wouldn't worry
00:00
about these other scores down
00:00
here, temporal or environmental.
00:00
It's just stick to the base score,
00:00
comes out to be high.
00:00
When you write your report,
00:00
you can put the numerical score.
00:00
You could say it's an 8.8,
00:00
it's a high and then read.
00:00
They typically will have different colors
00:00
associated with different vulnerabilities.
00:00
Let's say attack complexity is
00:00
high and we modify these scores here.
00:00
It changes it to a medium it goes from
00:00
a red to an orange there.
00:00
Hopefully that makes sense or
00:00
more sense as far as what a CVE is,
00:00
a CWE and CVSS scoring.
Up Next
Instructed By
Similar Content
