- service enumeration
" Intensive study of the target, the search for a user account is valid, and share network resources, and applications for which protection is weak. "
for this service enumeration we can use nmap, zenmap and nessus
example :
running your windows in virtual box:
and klick command Prompt., and next write ipconfig.
and will show your ip address
look this
in nessus:
2. vulnerability identification (cve, osvdb)
Here we will identify existing vulnerabilities., we can use the application CVE and OSVDB
3. vulnerability analysis
Here we will analyze what are its vulnerabilities.,
we can use
smb port 445
Gaining access is Getting more data to start trying to access the target. Cover peek and grab passwords, password guessing, and perform a buffer overflow.
5. use exploit repositiry
Exploit is a software that attacks the fragility of security (security vulnerability) are specific but not always aim to launch an unwanted action. Many computer security researcher using the exploit to demonstrate that a system has a vulnerability.
There is a body of researchers who work with the software manufacturer. Researchers were tasked to find the fragility of a software and if they find it, they report the findings to the manufacturers so that manufacturers can take action. However, sometimes exploit being part of a malware attack in charge of security vulnerability.
There is a body of researchers who work with the software manufacturer. Researchers were tasked to find the fragility of a software and if they find it, they report the findings to the manufacturers so that manufacturers can take action. However, sometimes exploit being part of a malware attack in charge of security vulnerability.
we can use exploid.db
etc:
6. metasploit
The Metasploit Framework is a development platform to create security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers around the world. The framework is written in the Ruby programming language and includes components written in C and assembler.
In metasploit there are 2 types of things that need to be noticed, namely payload and exploitnya.
- Exploit = weakness of the target, usually in check with nmap
- payload = type of attack will be launched to exploit it.
#msfconsol
# msfcli
#msfgui
etc:
Tidak ada komentar:
Posting Komentar