The category would be “information leakage”. I would note down OpenSSH5.1p1, Apache2.2.12 and Ubuntu Linux in a pentest report.If this were a client server, I would set the risk to critical and immediately make sure that this issue is being fixed asap. This version has a shocking amount of vulnerabilities documented in CVE: The newest version 2.4.46. Apache 2.2.12 also falls into the category “using components with known vulnerabilities”. It’s important, that all components are being checked and updated on a regular basis. A counter measure would be to update to the newest version, being 8.3p1. And second, the version 5.1p1 has vulnerabilities listed in CVE. OpenSSH5.1p1 falls into the category “using components with known vulnerabilities”, because first of all, it has not been updated in a long time.There are some interesting findings to be written down in cherry tree, which would also be documented in a pentest report: We can look at our scan with this command: less nmap.nmap I highly reccomand this nmap cheat sheet. It just depends on how much time you have. Parameters like -p- for scanning all ports or -sU for a UDP scan are very important if you want to get the most information from a server. On a regular pentest, I would run a different nmap setup. The -A enables OS detection, version detection, script scanning, and traceroute. This scan setup runs very fast and shows important results. My methodology with nmap looks like this: nmap -A -oA nmap 10.10.10.6 Every pentester has their own unique parameters which they use with nmap. There is a lot to find out about nmap, so take your time and look at the help page. It can also be used in order to run scripts, such as vulnerability scripts, or cipher suite scans. Today we will be looking at Popcorn from HackTheBox, so get your VPN up and running.įirst let’s start with enumeration in order to gain as much information about the machine as possible.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |