👾
Rootkid - Cyber Journal
Portfolio
  • 👩‍🚀Introduction
    • 🤖About Cyber Journal & Rootkid
    • 📜License Agreement
    • ⚠️Disclaimer
  • 📚Exam Prep Notes
    • 🗒️KLCP Exam (PEN-103) - Notes
      • 1. Linux Fundamentals
      • 2. Introduction
      • 3. About Kali Linux
      • 4. Getting Started with Kali Linux
      • 5. Installing Kali Linux
      • 6. Configuring Kali Linux
      • 7. Helping Yourself and Getting Help
      • 8. Securing and Monitoring Kali Linux
      • 9. Debian Package Management
      • 10. Advanced Usage
      • 11. Kali Linux in the Enterprise
      • 12. Introduction to Security Assessments
      • 13. Conclusion: The Road Ahead
    • 📒ISO/IEC 27001:2022 Lead Auditor - Notes
      • ISO - Training - Day - 1
      • ISO - Training - Day - 2
      • ISO - Training - Day - 3
      • ISO - Training - Day - 4
      • Practice Questions - Notes
      • Other PDF References
    • 📑Junior Penetration Tester (eJPTv2) - Notes
      • 💡Assessment Methodologies
        • 🔍Information Gathering
          • 🌏Passive Information Gathering
          • 🧐Active Information Gathering
        • 👣Footprinting & Scanning
          • 🗺️Mapping a Network
          • 🎛️Port Scanning
        • 🕵️Enumeration
          • 📜SMB Enumeration
          • 📂FTP Enumeration
          • 🐚SSH Enumeration
          • 🕸️HTTP Enumeration
          • 🗄️MySQL & MSSQL Enumeration
        • 🐛Vulnerability Assessment
          • 🩸Case Study: Heartbleed Vulnerability (CVE-2014-0160)
          • 🔵Case Study: EternalBlue Vulnerability (CVE-2017-0143)
          • 👨‍💻Case Study: Log4J Vulnerability (CVE-2021-44228)
      • 🧰Assessment Methodologies: Auditing Fundamentals
      • 📶Host & Network Penetration Testing
        • 💻System/Host Based Attacks
          • 🪟Overview Of Windows Vulnerabilities
          • 💣Exploiting Windows Vulnerabilities
            • 🧨Exploiting Microsoft IIS WebDAV
            • 🧨Exploiting WebDAV With Metasploit
            • 🧨Exploiting SMB With PsExec
            • 🧨Exploiting Windows MS17-010 SMB Vulnerability (EternalBlue)
            • 🧨Exploiting RDP - Brute Force
            • 🧨Exploiting Windows CVE-2019-0708 RDP Vulnerability (BlueKeep)
            • 🧨Exploiting WinRM
          • 📈Windows Privilege Escalation
            • 🔥Windows Kernel Exploits
            • 🔥Bypassing UAC With UACMe
            • 🔥Access Token Impersonation
          • 🗃️Windows File System Vulnerability - Alternate Data Streams
          • 💳Windows Credential Dumping
            • 🔑Searching For Passwords In Windows Configuration Files
            • 🔑Dumping Hashes With Mimikatz
            • 🔑Pass-The-Hash Attacks
          • 💎Linux Vulnerabilities
          • 🎰Exploiting Linux Vulnerabilities
            • 🐚Exploiting Bash CVE-2014-6271 Vulnerability (Shellshock)
            • 🗄️Exploiting FTP - Linux
            • 🔐Exploiting SSH - Linux
            • 📭Exploiting SAMBA - Linux
          • ‼️Linux Privilege Escalation
            • 💥Linux Kernel Exploits
            • 💥Exploiting Misconfigured Cron Jobs
            • 💥Exploiting SUID Binaries
          • 🔐Linux Credential Dumping
        • 📶Network-Based Attacks
          • 📦Tshark & Filtering Basics
          • 🕷️Arp Poisoning
        • 💣The Metasploit Framework (MSF)
        • 💥Exploitation
          • 🖲️Vulnerability Scanning
          • ⚠️Searching For Exploits
          • 🐚Bind & Reverse Shells
          • 👾Exploitation Frameworks
          • 🪟Windows Exploitation
          • 🥌Linux Exploitation
          • ☣️AV Evasion & Obfuscation
        • 🚩Post-Exploitation
          • 🌬️Windows Local Enumeration
          • 📟Linux Local Enumeration
          • 🚜Transferring Files To Windows & Linux Targets
          • 🔼Upgrading Shells
          • 👀Windows Privilege Escalation
          • ⚒️Linux Privilege Escalation
          • 🔮Windows Persistence
          • 🧙Linux Persistence
          • 〰️Dumping & Cracking Windows Hashes (NTLM Hashes)
          • 🍘Dumping & Cracking Linux Password Hashes
          • ➿Pivoting Overview
          • 🧹Clearing Your Tracks On Windows & Linux
        • 🧑‍🔬Social Engineering Fundamentals
      • 🕸️Web Application Penetration Testing
        • ℹ️Intro to Web
        • 🎯Directory Enumeration
        • 🧰BurpSuite and ZAP-Proxy Overview
        • 🛠️Nikto, SQLMap, XSSer & Hydra Overview
      • 👽Extra Resources
        • ➕CIDR Conversion Table
        • 📦Machines or Lab Solved to Practice
    • 📓Certified in Cybersecurity - (ISC)2 - Notes
      • 📝Chapter-1 Security Controls - Notes
      • 📝Chapter-2 Incident Response, Business Continuity & Disaster Recovery - Notes
      • 📝Chapter 3: Access Control Concepts - Notes
      • 📝Chapter 4: Network Security - Notes
      • 📝Chapter 5: Security Operations - Notes
    • 📕Certified Ethical Hacker v12 - Practical - Notes
      • 👣Module 02: Footprinting and Reconnaissance
      • 🔎Module 03: Enumeration
      • Module 04: Scanning Networks
      • Module 05: Vulnerability Analysis
      • 💻Module 06: System Hacking
      • 🐛Module 07: Malware Threats
      • 🧙Module 08: Sniffing
      • 🐧Module 09: Social Engineering
      • ⚠️Module 10: Denial-of-Service
      • 🪝Module 11: Session Hijacking
      • Module 12: Evading IDS, Firewalls, and Honeypots
      • 🗄️Module 13: Hacking Web Servers
      • Module 14: Hacking Web Applications
      • 💉Module 15: SQL Injection
      • Module 16: Hacking Wireless Networks
      • Module 17: Hacking Mobile Platforms
      • Module 18: IoT and OT Hacking
      • Module 19: Cloud Computing
      • Module 20: Cryptography
      • Extra Resources
        • 📚Helpful Resources
        • 📜Cheat Sheet
  • ✍️Blogs
    • Mastering the Art of Logic Flaws: Unraveling Cyber Mysteries !!!
    • How to write a Detailed Vulnerability Report
    • Payment Gateway Bypass on Government Domain.
Powered by GitBook
On this page
  • Overview of Vulnerability Assessment
  • Lab 1: Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
  • Overview of Vulnerabilities in Vulnerability Scoring Systems and Databases
  • Task 1: Perform Vulnerability Research in Common Weakness Enumeration (CWE)
  • Task 2: Perform Vulnerability Research in Common Vulnerabilities and Exposures (CVE)
  • Task 3: Perform Vulnerability Research in National Vulnerability Database (NVD)
  • Lab 2: Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
  • Task 1: Perform Vulnerability Analysis using OpenVAS
  • Task 2: Perform Vulnerability Scanning using Nessus
  • Task 3: Perform Web Servers and Applications Vulnerability Scanning using CGI Scanner Nikto

Was this helpful?

  1. Exam Prep Notes
  2. Certified Ethical Hacker v12 - Practical - Notes

Module 05: Vulnerability Analysis

PreviousModule 04: Scanning NetworksNextModule 06: System Hacking

Was this helpful?

Overview of Vulnerability Assessment

A vulnerability refers to a weakness in the design or implementation of a system that can be exploited to compromise the security of the system. It is frequently a security loophole that enables an attacker to enter the system by bypassing user authentication. There are generally two main causes for vulnerable systems in a network, software or hardware misconfiguration and poor programming practices. Attackers exploit these vulnerabilities to perform various types of attacks on organizational resources.

Lab 1: Perform Vulnerability Research with Vulnerability Scoring Systems and Databases

Overview of Vulnerabilities in Vulnerability Scoring Systems and Databases

Vulnerability databases collect and maintain information about various vulnerabilities present in the information systems.

The following are some of the vulnerability scoring systems and databases:

  • Common Weakness Enumeration (CWE)

  • Common Vulnerabilities and Exposures (CVE)

  • National Vulnerability Database (NVD)

  • Common Vulnerability Scoring System (CVSS)

Task 1: Perform Vulnerability Research in Common Weakness Enumeration (CWE)

Common Weakness Enumeration (CWE) is a category system for software vulnerabilities and weaknesses. It has numerous categories of weaknesses that means that CWE can be effectively employed by the community as a baseline for weakness identification, mitigation, and prevention efforts. Further, CWE has an advanced search technique with which you can search and view the weaknesses based on research concepts, development concepts, and architectural concepts.

Task 2: Perform Vulnerability Research in Common Vulnerabilities and Exposures (CVE)

Common Vulnerabilities and Exposures (CVE) is a publicly available and free-to-use list or dictionary of standardized identifiers for common software vulnerabilities and exposures. It is used to discuss or share information about a unique software or firmware vulnerability, provides a baseline for tool evaluation, and enables data exchange for cybersecurity automation.

Task 3: Perform Vulnerability Research in National Vulnerability Database (NVD)

The National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). These data enable the automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Lab 2: Perform Vulnerability Assessment using Various Vulnerability Assessment Tools

Overview of Vulnerability Assessment

A vulnerability assessment is an in-depth examination of the ability of a system or application, including current security procedures and controls, to withstand exploitation. It scans networks for known security weaknesses, and recognizes, measures, and classifies security vulnerabilities in computer systems, networks, and communication channels. It identifies, quantifies, and ranks possible vulnerabilities to threats in a system. Additionally, it assists security professionals in securing the network by identifying security loopholes or vulnerabilities in the current security mechanism before attackers can exploit them.

There are two approaches to network vulnerability scanning:

  • Active Scanning

  • Passive Scanning

Task 1: Perform Vulnerability Analysis using OpenVAS

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. Its capabilities include unauthenticated testing, authenticated testing, various high level and low-level Internet and industrial protocols, performance tuning for large-scale scans, and a powerful internal programming language to implement any vulnerability test. The actual security scanner is accompanied with a regularly updated feed of Network Vulnerability Tests (NVTs)—over 50,000 in total.

  • Launch OpenVAS tool

OpenVAS is an automated network scanning tool. It can be used by following the documentation provided on the OpenVAS website.

Task 2: Perform Vulnerability Scanning using Nessus

Nessus is an assessment solution for identifying vulnerabilities, configuration issues, and malware, which can be used to penetrate networks. It performs vulnerability, configuration, and compliance assessment. It supports various technologies such as OSes, network devices, hypervisors, databases, tablets/phones, web servers, and critical infrastructure.

Nessus is an automated network scanning tool. It can be used by following the documentation provided on the Nessus website.

Task 3: Perform Web Servers and Applications Vulnerability Scanning using CGI Scanner Nikto

Nikto is an Open Source (GPL) web server scanner that performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files and HTTP server options; it will also attempt to identify installed web servers and software.

Nikto is an automated Web Application scanning tool. It can be used by following the documentation provided on the Nikto website.




Hacker's Mantra:Hacking is like sex, you need breath, in the last step, you feel incredible pleasure and the best time to practice it is at night. - Amine Essiraj

📚
📕
https://cwe.mitre.org/
https://cve.mitre.org/
https://nvd.nist.gov/