Module 05: Vulnerability Analysis

 

Module 05: Vulnerability Analysis

Lab Scenario

Earlier, all possible information about a target system such as system name, OS details, shared network resources, policies and passwords details, and users and user groups were gathered.

Now, as an ethical hacker or penetration tester (hereafter, pen tester), your next step is to perform vulnerability research and a vulnerability assessment on the target system or network. Ethical hackers or pen testers need to conduct intense research with the help of information acquired in the footprinting and scanning phases to discover vulnerabilities.

Vulnerability assessments scan networks for known security weaknesses: it recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channel; and evaluates the target systems for vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption. Additionally, it assists security professionals in securing the network by determining security loopholes or vulnerabilities in the current security mechanism before attackers can exploit them.

The information gleaned from a vulnerability assessment helps you to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

The labs in this module will give you real-time experience in collecting information regarding underlying vulnerabilities in the target system using various online sources and vulnerability assessment tools.

Lab Objectives

The objective of this lab is to extract information about the target system that includes, but not limited to:

  • Network vulnerabilities
  • IP and Transmission Control Protocol/User Datagram Protocol (TCP/UDP) ports and services that are listening
  • Application and services configuration errors/vulnerabilities
  • The OS version running on computers or devices
  • Applications installed on computers
  • Accounts with weak passwords
  • Files and folders with weak permissions
  • Default services and applications that may have to be uninstalled
  • Mistakes in the security configuration of common applications
  • Computers exposed to known or publicly reported vulnerabilities

Overview of Vulnerability Assessment

Vulnerability assessment plays a major role in providing security to any organization’s resources and infrastructure from various internal and external threats. To secure a network, an administrator needs to perform patch management, install proper antivirus software, check configurations, solve known issues in third-party applications, and troubleshoot hardware with default configurations. All these activities together constitute vulnerability assessment. Network vulnerability scanning can be categorized into active scanning and passive scanning:

  • Active Scanning: Interacts directly with the target network to find vulnerabilities by sending probes and specially crafted requests to the target host in the network
  • Passive Scanning: Finds vulnerabilities without directly interacting with the target network and identifying vulnerabilities via information exposed by systems in their normal communications

Lab Tasks

Ethical hackers or pen testers use numerous tools and techniques to collect information about the underlying vulnerability in a target system or network. Recommended labs that will assist you in learning various vulnerability assessment techniques include:

  1. Perform vulnerability research with vulnerability scoring systems and databases

    • Perform vulnerability research in Common Weakness Enumeration (CWE)
    • Perform vulnerability research in Common Vulnerabilities and Exposures (CVE)
    • Perform vulnerability research in National Vulnerability Database (NVD)

  2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools

    • Perform vulnerability analysis using OpenVAS
    • Perform vulnerability scanning using Nessus
    • Perform vulnerability scanning using GFI LanGuard
    • Perform web servers and applications vulnerability scanning using CGI Scanner Nikto

Comments

Post a Comment

Popular posts from this blog

Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools

Image
Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools Lab Scenario As an ethical hacker, you must try to obtain as much information as possible about the target cloud environment using various enumeration tools. This lab will demonstrate various S3 bucket enumeration tools that can help you in extracting the list of publicly available S3 buckets. Lab Objectives Enumerate S3 buckets using lazys3 Enumerate S3 buckets using S3Scanner Overview of Enumeration Tools Enumeration tools are used to collect detailed information about target systems to exploit them. Information collected by S3 enumeration tools consists of a list of misconfigured S3 buckets that are available publicly. Attackers can exploit these buckets to gain unauthorized access to them. Moreover, they can modify, delete, and exfiltrate the bucket content. Task 1: Enumerate S3 Buckets using lazys3 lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different permutations. This...
Read more

Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools

Image
Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 1: Perform Cryptanalysis using CrypTool CrypTool is a freeware program that enables you to apply and analyze cryptographic mechanisms, and has the typical look and  feel of a modern Windows application. CrypTool includes a multitude of state-of-the-art cryptographic functions and allows you  to both learn and use cryptography within the same environment. CrypTool is a free, open-source e-learning application used in  the implementation and analysis of cryptographic algorithms. Here, we will use the CrypTool tool to perform cryptanalysis. refer to blog  little long --------------------------------------------------------------------------------------------------------------------------------------- Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 2: Perform Cryptanalysis us...
Read more

Task 2: Perform OS Discovery using Nmap Script Engine (NSE)

Image
  Task 2: Perform OS Discovery using Nmap Script Engine (NSE) Module 03: Scanning Networks Lab 3: Perform OS Discovery Task 2: Perform OS Discovery using Nmap Script Engine (NSE) open zenmap nmap -A [Target IP Address]   = -A: to perform an aggressive scan. nmap -O [Target IP Address]   = -O: performs the OS discovery. nmap --script smb-os-discovery.nse [Target IP Address]   = --script: specifies the customized script and smb-os-discovery.nse: attempts to determine the OS, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139). end Nmap, along with Nmap Script Engine (NSE), can extract considerable valuable information from the target system. In addition to Nmap commands, NSE provides scripts that reveal all sorts of useful information from the target system. Using NSE, you may obtain information such as OS, computer name, domain name, forest name, NetBIOS computer name, NetBIOS domain name, workgroup, system time o...
Read more