Penetration Test - Survey the Target(9)

Prioritization of vulnerabilities

image-20200826215247163

LEVERAGE INFORMATION
  • Leveraging information to prepare for exploitation
  • Map vulnerabilities to potential exploits
    • Look up vulnerabilities found for possible exploits
    • Nmap - vulners and vulscan scripts
    • Metasploit(search vulnerability)
  • Prioritize activities in preparation for penetration test
    • Will standard exploits work?
    • Will exploits need to be 'tweaked'?
    • Additional steps to prepare test?

Change the directory over to the location of Namp scripts.

cd /usr/share/nmap/scripts

Clone a git repository.

git clone https://github.com/vulnersCom/nmap-vulners.git

git clone https://github.com/scipag/vulscan.git

image-20200826221858164

ls vulscan/*.csv

image-20200826225054525

Demo to use Namp script.

nmap --script nmap-vulners -sV 10.0.0.15

image-20200826225636544

nmap --script vulscan -sV 10.0.0.15

image-20200826230413460

nmap --script vulscan --script-args vulscandb=exploitdb.csv -sV 10.0.0.15

image-20200826230530948

QUICK REVIEW
  • A key step in pen test planning is to map vulnerabilities to potential exploits
  • Use nmap scripts (vulners and vulscan) to find exploits for detected vulnerabilities
  • Use metasploit to search for exploits
posted @ 2020-08-26 23:09  晨风_Eric  阅读(85)  评论(0编辑  收藏  举报