Review #2_OpenVAS and Metasploit

*Book Review,  Kali Linux Cookbook: Willie L. Pritchett, David De Smet (published 2013)

Chapter 5 : Vulnerability Assessment

I’ve heard Nessus is the most popular tool among other vulnerability scan tools. I’ve never used it before at work, but it was always fun to try new tools. I set up Nessus to find vulnerability for my own kali linux #2 (Debian7 64bit)  and localhost, which is I find useful feature of vulnerability scan on Nessus, which is CVE numbers and CVSS. As we already know, lot of company follows security testing methodology which is based on CVE(Common Vulnerability and Exposure), so this information is easy to check the security and identify the vulnerability. You can find more details on the offical CVE site, .If you are using free Nessus, some of feature is locked because you have to buy Nessus tools. Because of this, most of my coworker prefer using OpenVas



Chapter 6 : Exploiting Vulnerabilities

This chapter was familiar with me because i had experience with msfconsole function on Metasploit. When I worked as a security test methodology researcher,  I used lot of ethical hacking methodology to find out security level of IPS and Firewall. I set up vulnerable environment on the targets, vmware machines based on CVE and exploit the target machines with that vulnerability and see whether it’s blocked or detected by IPS or Firewall. I used two exploit on msfconsole, PDF was easy because it’s putting embedded exploitable code into the file.


But the second vulnerability, ‘Browser_autopwn’ was hard because i need another victim vmware to test and get connection. this attack use reverse TCP connection to get a control. I set LHOST(local host IP) and SRVHOST as which is IP address of this kali linux. I set URIPATH as ‘/’ simply.


Once you exploit, then your victim pc needs to go into that URL ‘’ to connect reverse_tcp with attacker. I tried to use Debian linux kali as a victim vm, but the session was not opened. So i installed windows XP vwmare as another victim vmware.


*Book Review,  Kali Linux Cookbook: Willie L. Pritchett, David De Smet (published 2013)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s