*Book Review,  Kali Linux Cookbook: Willie L. Pritchett, David De Smet (published 2013)

Chapter 5 : Vulnerability Assessment

I’ve heard Nessus is the most popular tool among other vulnerability scan tools. I’ve never used it before at work, but it was always fun to try new tools. I set up Nessus to find vulnerability for my own kali linux #2 (Debian7 64bit)  and localhost, which is 127.0.0.1. I find useful feature of vulnerability scan on Nessus, which is CVE numbers and CVSS. As we already know, lot of company follows security testing methodology which is based on CVE(Common Vulnerability and Exposure), so this information is easy to check the security and identify the vulnerability. You can find more details on the offical CVE site, https://cve.mitre.org .If you are using free Nessus, some of feature is locked because you have to buy Nessus tools. Because of this, most of my coworker prefer using OpenVas

02-02

02-03

Chapter 6 : Exploiting Vulnerabilities

This chapter was familiar with me because i had experience with msfconsole function on Metasploit. When I worked as a security test methodology researcher,  I used lot of ethical hacking methodology to find out security level of IPS and Firewall. I set up vulnerable environment on the targets, vmware machines based on CVE and exploit the target machines with that vulnerability and see whether it’s blocked or detected by IPS or Firewall. I used two exploit on msfconsole, PDF was easy because it’s putting embedded exploitable code into the file.

02-04.png

But the second vulnerability, ‘Browser_autopwn’ was hard because i need another victim vmware to test and get connection. this attack use reverse TCP connection to get a control. I set LHOST(local host IP) and SRVHOST as 192.168.247.132 which is IP address of this kali linux. I set URIPATH as ‘/’ simply.

02-05.png

Once you exploit, then your victim pc needs to go into that URL ‘ http://192.168.247.132:8080’ to connect reverse_tcp with attacker. I tried to use Debian linux kali as a victim vm, but the session was not opened. So i installed windows XP vwmare as another victim vmware.

02-06

*Book Review,  Kali Linux Cookbook: Willie L. Pritchett, David De Smet (published 2013)

Advertisements