Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

In this next video in the series of why sites get hacked, we take a deeper look into enumeration. After the network terrain has been mapped out, we need to begin probing for vulnerabilities. This is accomplished in two ways: manually and automatically via scanning. We discuss various manual methods along with several automated tools such as Nessus, Armitage, and Searchploit.

Video Transcription

00:04
enumeration is our next step here.
00:06
After you've your network terrain mapped out, you'll need toe pro for vulnerabilities. This could be done in two ways. Manually, through scanning and scan. It could be done with a tool like messis.
00:17
I will not be showing you that, too. I don't have that tool, UM,
00:22
that actually requires licenses,
00:25
But there is a free version that you can download to try on your home network.
00:30
Ness issues is what's called STIG, which is the security technical implementation guide on, and it uses that guide
00:38
to identify vulnerabilities
00:41
that's called a Stig scan.
00:43
You can also manually identify vulnerabilities with the map that you've built
00:48
so after you've identified running service is you can attempt to log into them with default credentials. Or you can check exploit database to identify vulnerable versions of the software.
00:58
Another thing you can D'oh
01:00
is to use a massage to do what's called a Hail Mary to tryto find a vulnerability. But
01:08
that would be gaining access as well, so you'll be performing enumeration and getting access to the same time,
01:15
which,
01:15
if you're doing a scan on a network that you don't have permission to actually break into the boxes and exploit,
01:23
or you're on something that
01:26
may have sensitive, uh, I C s systems
01:30
throwing
01:33
vulnerabilities and doing Hail Mary like that may not be your best option.
01:38
So let's go check out some in new Marais shin tools.
02:08
See if I have the tool in here
02:15
every year.
02:27
Right here. We are back in our
02:30
Callie box.
02:32
Gonna open up are a new terminal here. A new window.
02:38
I'm gonna open up our massage box,
02:43
be the service's are running.
02:45
So we see we have Apache
02:47
2.2 point 16 We have open l dap
02:52
a couple other things.
02:54
So we're going to use a tool called Search Floyd.
02:59
So simply type
03:00
search split,
03:05
and you see your options here that you have.
03:07
So
03:08
you're gonna do search, deployed,
03:10
any kind of options. So if you want to perform a case sensitive search if you want Thio,
03:16
search just for an exploit title,
03:20
get over both output.
03:23
Things like that. You can add that before. All right. So we're gonna do, sir exploit
03:30
open
03:34
held up to see if
03:36
there's any open elder vulnerabilities.
03:38
So
03:39
we see here that we have some exploits are available to us for
03:46
open L dap.
03:52
Now,
03:53
a service info here didn't give us too much. So it's run back to our
04:00
and map.
04:03
We're gonna
04:05
and that
04:09
tak es
04:11
VD get service. Version
04:14
192 down 1680.1
04:17
10
04:23
That's actually a 1.10
04:26
where I get the service version. Stephen, a pin down a better service version of this item.
04:36
And now from this we got open Al adapt to point to point X 22.3
04:43
point
04:44
x.
04:45
So we do have some
04:48
exploits here. They're available to us. So
04:51
we kid
04:54
go through and, you know, take note that we have some options for ah are in numerous in here.
05:00
Then we can also do Apache. So
05:03
search boy
05:09
Apache
05:12
and we're running Apache. Http D 2.2 point 616
05:25
may have again,
05:28
and we really don't see anything here for Apache.
05:33
Http d to point to point
05:36
16 So that's when we have performing in new Marais. Shin is by using the search boy tool.
05:45
Now, everything that's insert sport can be found from the Exploit database,
05:50
which is located online. Every time there's an update to Cali,
05:57
the exploit database, with all its scripts and exploits gets pulled into Callie machines. Let's go check out the website.
06:26
Alright, here we are on exploit database. Like I said before, everything that's on exploit database gets put into the Cali machine.
06:34
But if you aren't on the Keller machine and you're
06:39
doing enumeration
06:41
somewhere else, you can easily go up to search
06:57
when I type in Apache. H T T P D. There, see what we get here. 73
07:02
That's for your capture.
07:06
Couldn't perform a search right here on the databases website,
07:10
and we got the same kind of exploits
07:14
that we found on Kelly as well.
07:16
So sometimes you may get
07:20
different exploits because new exports are found, and sometimes they may be exactly the same.
07:46
So as one example of how a new Marais shin can be performed,
07:50
let's move on to our next step

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor