Finding vulnerabilities and exploits

In our previous post, we showed you how to install and start using Nessus to find vulnerabilities in the devices of your network. In the example we run in that test, we scan devices with no vulnerabilities. For this post, we’ve prepared a test scenario with some PCs that do have some vulnerabilities that a malicious person could exploit.

 

1. Vulnerabilities found with Nessus in our network

 

After setting a web scan for the hosts in our lab network, as expected, we found some hosts with medium, high and critical vulnerabilities:

We can now click in some of the hosts and check the vulnerabilities found:

 

 

and for the host with critical vulnerabilities:

 

If we click in each vulnerability,  we will find a description of what it is and how a hacker could exploit it. Also, there are some links with very useful information:

 

We can then look for exploits in exploit-db by using the names found on the list of vulnerabilities:

 

or, we do the search in metasploit directly, as we show you in the next section.

 

2. Finding the exploits available for a given vulnerability with Metasploit

 

In this post we showed you how to install and start using Metasploit. This is a tool to find and run exploits for a given vulnearability:

 

If we search for the oracle database overflow vulnerability, we will get a massive list of exploits to try to run against the compromised target:

 

If reading from the console is a bit difficult for you, you can copy the output in a text editor.

A good thing to check in this list is the rank (it can be normal, brilliant, excellent…), the system where it can be used and the creation date. Once you find a exploit to try, you can do:

 

info + exploit name

After that command, you will see the variables you need to give a value, using the command “set”.

use + exploit name

run

 

3. A note on scanning ports on a host in your network

 

If you want to see the open ports of one of the host in your network, you can also do:

nmap ip_address

This way, when you try a exploit that uses a port, you can know beforehand if that port is open.

 

We hope you found this post useful and maybe helped you to do an audit of your network. If you have any thoughts on this, don’t hesitate to leave a comment below or send an email to us 🙂

 

Add a Comment

Your email address will not be published. Required fields are marked *