Cracking the System 3: Vulnerability Assessment:
You should now know what nodes are open on the system. We now have to get large information on the system. We must know what application is running and the host. Most ports have a service on it. We have to scan to see what application is running to grab other version of this application. This can be used to determine the OS that is running. Why would you need to know that? Well you have to know to decide what vulnerabilities are available for the system. Once you know the vulnerabilities you can start exploiting the system.
When you fingerprint the system, the targets' OS can be seen from the TCP/IP stack, so fingerprinting happens on TCP/IP stack because each OS has its own implementation of TCP/IP and is different from OS's,
When you do a default install of OS, certain services will be installed by default, services that are needed for that OS to work properly, such as some ports
that together produce an OS.Such as a combination of 139 and 445 and can determine a certain version of windows such as XP. There are lots of ways to determine OS.
A program mentioned before that is also good for this is nmap. The scanning methods of this were mentioned in the last tutorial.
Here is an example of enumeration scanning in nmap.
nmap -x -sV xx.xxx.xx.xx > filename
Now on the vulnerability assessment. There are many tools out there that have databases of vulnerabilities for each OS and more. I will be assuming you are using one of these instead of finding vulnerabilities yourself, since I am also assuming you dont know how to find vulnerabilities. A good tool for this is Nessus, but the best tool is yourself.
Nessus is a vulnerability assessment tool. It takes the information youve gathered throughout this tutorial and searches its database for known vulnerabilities. As stated the best way to find vulnerabilities is yourself. Only you can discover vulnerabilities no one knows about.
OS: OS exploits are used to gain access to the system. Can used for DoS attacks.
Webserver: Webservers are are the most common vulnerabilities. People can gain root access and alter files.
Database Vulnerabilities: Creators of SQL, Oracle, and others dont have security in mind when developing. Many vulnerabilities.
Application Vulnerabilities: Weak data verification, Buffer Overflow, and weak authentication are common application vulnerabilities.
Dont be stupid when looking for vulnerabilities. Dont look for an OS vulnerability in a database.
That is it for this tutorial. If you have any questions just let me know and I will help you to the best of my ability.