April 23, 2016 Infiltration learning summary

Vulnerability scanning

Discover weaknesses

Vulnerabilities found

Based on port scan result version information (slow)

Search for exposed vulnerability database (large number)

Using vulnerability scanners to implement vulnerabilities management

EXPLOIT-DB website Search Vulnerability

Searchsploit Tomcat (search for Tomcat's Lu Dong exploit code)

Sandi-gui Vulnerability Search tool in Kali

Agent-based scanning (how to use vulnerability management)

Install scanning on the platform as seen in the limited platform for native scan support

Nmap

Nmap Scan Script

400+

Classification

Cat/usr/share/nmap/scripts/script.db

grep vuln/user/share/nmap/scripts/script.db | Cut-d "\"-f-2 (scripts related to VULN)

Cat/usr/share/nmap/scripts/smb-check-vulns.nse

Smb-check-vulns.nse

Nmap-su-ss-script=smb-check-vulns.nse-script-args=unsafe=1-p u:137,t:139,445 1.1.1.1

Smb-vuln-ms10-061.nse (Use this script to find out if the target system has a shared printer)

One of the 4 vulnerabilities exploited by the Stuxnet worm

Print spooler permissions are inappropriate, printing requests can create files in the system directory, execute arbitrary code

LANMAN API Enumeration shared printer

Remote shared printer Name

OpenVAS

Installation
Create a certificate
Synchronizing vulnerability databases
Create a client certificate
Rebuilding the database
Backing Up the database
Start service load plug-in
Create an Administrator account
Create a regular user account
Configure the service listening port
Installation verification

Cali 2 Just need a command to Opvas-setup
Check installation results: Opvas-check-setup
View current account: Openvasmd--list-users
Modify account password: OPENVASMD--user=admin--new-password=password
Upgrade: Openvas-feed-update

This article is from the "Xiao Yu" blog, please be sure to keep this source http://791120766.blog.51cto.com/10836248/1767138

April 23, 2016 Infiltration learning summary