Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

CHAPTER 3 Scanning > Vulnerability scanning - Pg. 58

58 The Basics of hacking and penetration Testing once we have completed port scanning our target, we should have a list of open ports and services. this information should be documented and reviewed closely. while reviewing the nmap output, you should take a few moments to attempt to log into any remote access services that were discovered in your port scan. the next chapter will address running a brute force tool to attempt to log in. for the time being, you can attempt to log in using default usernames and passwords. You could also try logging in using any information, usernames, or e-mail addresses you found during reconnaissance. it is possible to complete a penetration test by simply discovering an open remote connection and logging into the box with a default username and password. telnet and ssH are great remote services that you should always try to connect to. You can do this from the command line by typing: telnet target_ip ssh root@target_ip in this example, the "target_ip" is the iP address of your victim. most likely these will fail, but on the rare occasion when you are successful, these are an absolute home run. vULNERABILITy SCANNING now that we have a list of iPs, open ports, and services on each machine, it is time to scan the targets for vulnerabilities. A vulnerability is a weakness in the software or system configuration that can be exploited. Vulnerabilities can come in many forms but most often they are associated with missing patches. Vendors often release patches to fix a known problem or vulnerability. Unpatched software and systems often lead to quick penetration tests because some vulnerabilities allow remote code execution. remote code execution is definitely one of the holy grails of hacking. it is important to understand this step as the results will feed directly into step 3 where we will gain access to the system. to scan systems for vulnerabilities, we will use a vulnerability scanner. there are several good scanners available to you but for this book we will be focusing on nessus. nessus is a great tool and available for free, for a home user, from their website. You can download a full-fledged version of nessus and get a key for free. if you are going to use nessus in a corporate environment, you will need to sign up for the Professional feed rather than the Home feed. the Professional feed will run you about $100 a month. we will be using the Home version for this book. installing nessus is very straightforward. it will run on either linux or windows. nessus runs using a client/server architecture. once set up, the server runs quietly in the background, and you interact with the server through a browser. to install nessus, you need to complete the following steps: 1. download the installer from 2. register for a key on the nessus website by submitting your e-mail address. the nessus crew will e-mail you a unique product key that can be used to register the product.