There are many types of vulnerabilities: Let’s learn about how we can identify them and how we can exploit these vulnerabilities.
Let’s start our daily #FromZeroToHacker challenge.
Table of contents |
Introduction |
What have I learnt today? |
Stats |
Resources |
Introduction to Exploit Vulnerabilities
We are going to study how to identify vulnerabilities and learn how these can be abused.
Also, our list of publicly available resources is going to increase with essential additions with tools that perform vulnerability research and exploitation.
What have I learnt today?
Automated vs Manual vulnerability research
We have a wide set of tools and services available for vulnerability scanning. One of the best is Nessus. Its commercial version costs thousands of euros for a year’s license but luckily has a free edition.
Metasploit framework also has vulnerability scanners. But we can also use manual scanning for vulnerabilities.
Manual scanning involves searching for the same vulnerabilities using techniques similar to automated scanning. But, at the end of the day, both techniques involve testing an application or program for vulnerabilities, which include:
If you want to learn more about these vulnerabilities, check the OWASP Framework top 10 vulnerabilities lesson.
Finding manual exploits
Rapid7
Rapid7 is a vulnerability research database, like Exploit-DB and NVD, but it also acts as an exploit database, where you can filter by type of vulnerability.
This database also contains instructions for exploiting applications using the Metasploit tool:
GitHub
GitHub is a popular service for software developers where the source code of an application is shared. But we can find also rare or fresh exploits, as anyone can create an account and upload files.
Searchsploit
Searchsploit is an offline copy of Exploit-DB, containing copies of exploits in our system. You can search by application name and/or vulnerability type:
Exploit of manual exploitation
Using the information gathered from the Automated Vs Manual Vulnerability Research part, we can exploit a vulnerable service (legally!). We are going to find an exploit and use it to execute commands on the target that is running the vulnerable application or RCE.
This would allow us to read files or execute commands that we previously wouldn’t be able to perform in the system.
Mind you: Exploits rarely come out of the box ready to be used. Sometimes we need to configure the code before they work.
Let’s run help to learn more about this exploit:
Seems like to run it successfully, we need to provide the URL of the application and the command we want to be used.
Summary
In this lesson, we have:
- Compared automated vs manual vulnerability research
- Learn how to find manual exploits
- Did one example of an exploit
Stats
From 81.508th to 80.471th. Still at the top 4%!
Here is also the Skill Matrix:
Resources
Path: Jr Penetration tester
Vulnerability research
TryHackMe: Exploit Vulnerabilities
Other resources
Nessus
OWASP Framework: Top 10 vulnerabilities
Rapid7
Vulnerability Databases
RCE