Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Updating the Database
- Testing SCADA Environments with Nmap
- Installation
|
Updating the Database
The scripts are frequently updated, so it’s very good practice to frequently update your nmap scripting engine database. You can use the following command to update the scripting engine: Vulnerability Assessment ◾ 123 nmap –script-updatedb Scanning MS08 _ 067 _ netapi MS08 _ 067 _ netapi is one of the most commonly found vulnerabilities in Windows XP or Windows 2003, and it’s one of the first vulnerabilities you should look for. We will look more into exploiting this vulnerability in the next chapter. The nmap scripting engine has a script named “smb-check-vulns”, which will automatically test the specified targets against this vulnerability and report if a certain target is vulnerable to it. Command : nmap --script=smb-check-vulns The output shows that the target host is vulnerable to the ms08 _ 067 _ netapi exploit. Alternatively, we can use the –script=vuln to execute all the scripts that are related to vulner- ability scanning and can report additional vulnerabilities. At the same time, we need to keep in mind that this type of scan could be very loud and be easily detected. Command : nmap --script=vuln The output shows that the target machine is vulnerable to the MS08 _ 067 exploit. Testing SCADA Environments with Nmap SCADA (Supervisory Control and Data Acquisition) is a special device used for monitoring industrial systems. As these systems are very sensitive, they need to be handled with great care. 124 ◾ Ethical Hacking and Penetration Testing Guide Therefore, using automated scanners such as Nessus, OpenVas, or Netexpose could be very dan- gerous and can cause such systems to crash. Luckily, we have a great alternative with nmap’s new script called vulscan.nse. The script would require two arguments to run: the first argument is “–sv”, which is commonly used to perform service detection with nmap.; the second argument is “–script=vulscan.nse”, which is the default syntax for using an nmap script. Installation A vulnscan.nse script is not installed in nmap, we need to download the script and extract its con- tents to the usr/local/share/nmap/scripts directory. Here is how we can do it: root@root: cd/usr/local/share/nmap/scripts root@root:/usr/local/share/nmap/scripts# wget www.computec.ch/mruef/software/nmap _ nse _ vulscan-1.0.tar.gz root@root:/usr/localshare/nmap/scripts# tar xvzf nmap _ nse _ vulscan-1.0.tar.gz. Usage Now that we have installed vulscan.nse script, we will use the following command to run it: nmap –sV –script=vulscan.nse Yüklə 22,44 Mb. Dostları ilə paylaş:
|