Scanning is one of the most important steps in the penetration testing
process; if done thoroughly, it will provide the best value to your
client.
A vulnerability scanner is an automated program designed to look for
weaknesses in computers, computer systems, networks, and applications.
A vulnerability scanner can also use a given set of user credentials to
log into the remote system and enumerate the software and services to
determine whether they are patched.
The Basic Vulnerability Scan :
we use netcat to grab a banner from the target 192.168.1.2. Banner
grabbing is the act of connecting to a remote network service and
reading the service identification (banner) that is returned.
root@kali:/opt/framework3/msf3# nc 192.168.1.2 80
GET HTTP 1/1
HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/5.1
As you can see, The information returned tells us that the system
running on port 80 is a Microsoft IIS 5.1–based web server. Armed with
this information, we could use a vulnerability scanner to determine
whether this version of IIS has any vulnerabilities associated with it
and whether this particular server has been patched.
SMB Login Check :
A common situation to find yourself in is being in possession of a
valid username and password combination, and wondering where else you
can use it. This is where the SMB Login Check Scanner can be very
useful, as it will connect to a range of hosts and determine if the
username/password combination can access the target.
-----------------------
msf > use auxiliary/scanner/smb/smb_login
msf auxiliary(smb_login) > show options
---show options------
msf auxiliary(smb_login) > set RHOSTS 192.168.1.2 /24
RHOSTS => 192.168.1.2/24
msf auxiliary(smb_login) > set SMBUser user
SMBUser => user
msf auxiliary(smb_login) > set SMBPass pasword
SMBPass => pasword
msf auxiliary(smb_login) > set THREADS 50
THREADS => 50
msf auxiliary(smb_login) > run
--------------------------------------------
VNC Authentication :
The VNC Authentication None Scanner will search a range of IP addresses
looking for targets that are running a VNC server without a password
configured.
To utilize the VNC scanner, we first select the auxiliary module,
define our options, then let it run.
----------------------------------
msf auxiliary(vnc_none_auth) > use auxiliary/scanner/vnc/vnc_none_auth
msf auxiliary(vnc_none_auth) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
RPORT 5900 yes The target port
THREADS 1 yes The number of concurrent threads
msf auxiliary(vnc_none_auth) > set RHOSTS 192.168.1.2 /24
RHOSTS => 192.168.1.2/24
msf auxiliary(vnc_none_auth) > set THREADS 50
THREADS => 50
msf auxiliary(vnc_none_auth) > run
process; if done thoroughly, it will provide the best value to your
client.
A vulnerability scanner is an automated program designed to look for
weaknesses in computers, computer systems, networks, and applications.
A vulnerability scanner can also use a given set of user credentials to
log into the remote system and enumerate the software and services to
determine whether they are patched.
The Basic Vulnerability Scan :
we use netcat to grab a banner from the target 192.168.1.2. Banner
grabbing is the act of connecting to a remote network service and
reading the service identification (banner) that is returned.
root@kali:/opt/framework3/msf3# nc 192.168.1.2 80
GET HTTP 1/1
HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/5.1
As you can see, The information returned tells us that the system
running on port 80 is a Microsoft IIS 5.1–based web server. Armed with
this information, we could use a vulnerability scanner to determine
whether this version of IIS has any vulnerabilities associated with it
and whether this particular server has been patched.
SMB Login Check :
A common situation to find yourself in is being in possession of a
valid username and password combination, and wondering where else you
can use it. This is where the SMB Login Check Scanner can be very
useful, as it will connect to a range of hosts and determine if the
username/password combination can access the target.
-----------------------
msf > use auxiliary/scanner/smb/smb_login
msf auxiliary(smb_login) > show options
---show options------
msf auxiliary(smb_login) > set RHOSTS 192.168.1.2 /24
RHOSTS => 192.168.1.2/24
msf auxiliary(smb_login) > set SMBUser user
SMBUser => user
msf auxiliary(smb_login) > set SMBPass pasword
SMBPass => pasword
msf auxiliary(smb_login) > set THREADS 50
THREADS => 50
msf auxiliary(smb_login) > run
--------------------------------------------
VNC Authentication :
The VNC Authentication None Scanner will search a range of IP addresses
looking for targets that are running a VNC server without a password
configured.
To utilize the VNC scanner, we first select the auxiliary module,
define our options, then let it run.
----------------------------------
msf auxiliary(vnc_none_auth) > use auxiliary/scanner/vnc/vnc_none_auth
msf auxiliary(vnc_none_auth) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
RPORT 5900 yes The target port
THREADS 1 yes The number of concurrent threads
msf auxiliary(vnc_none_auth) > set RHOSTS 192.168.1.2 /24
RHOSTS => 192.168.1.2/24
msf auxiliary(vnc_none_auth) > set THREADS 50
THREADS => 50
msf auxiliary(vnc_none_auth) > run
No comments:
Post a Comment