Penetration Testing with Kali Linux OffSec
sudo nmap -sV -p 443 --script "vuln" 192.168.50.124
|
- Bu səhifədəki naviqasiya:
- 443/tcp open http Apache httpd 2.4.49 ((Unix))
|
sudo nmap -sV -p 443 --script "vuln" 192.168.50.124
[sudo] password for kali: Starting Nmap 7.92 ( https://nmap.org ) ... PORT STATE SERVICE VERSION 443/tcp open http Apache httpd 2.4.49 ((Unix)) 336 (Nmap, 2021), https://nmap.org/nsedoc 337 (Nmap, 2021), https://nmap.org/nsedoc/scripts/vulners.html 338 (Vulners, 2022), https://vulners.com Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 196 ... | vulners: | cpe:/a:apache:http_server:2.4.49: ... https://vulners.com/githubexploit/DF57E8F1-FE21-5EB9-8FC7-5F2EA267B09D *EXPLOIT* | CVE-2021-41773 4.3 https://vulners.com/cve/CVE-2021-41773 ... |_http-server-header: Apache/2.4.49 (Unix) MAC Address: 00:0C:29:C7:81:EA (VMware) Listing 95 - Using NSE’s “vuln” category scripts against the SAMBA machine Nmap detected the Apache service with the version 2.4.49 and tried all of the NSE scripts from the vuln category. Most of the output comes from the vulners script, which uses the information from the detected service and version to provide related vulnerability data. The vulners script not only shows us information about the CVEs found but also the CVSS scores and links for additional information. For example, Listing 95 shows that Nmap, in combination with the vulners script, detected that the target is vulnerable to CVE-2021-41773 . 339 Another useful feature of the vulners script is that it also lists Proof of Concepts for the found vulnerabilities, which are marked with “*EXPLOIT*”. However, without a successful service detection, the vulners script will not provide any results. 7.3.2 Working with NSE Scripts In the previous section, we learned about the vuln NSE category and the vulners script. While the vulners script provides an overview of all CVEs mapped to the detected version, we sometimes want to check for a specific CVE. This is especially helpful when we want to scan a network for the existence of a vulnerability. If we do this with the vulners script, we would need to review an enormous amount of information. For most modern vulnerabilities, we need to integrate dedicated NSE scripts manually. Let’s practice how to do this with CVE-2021-41773. In order to find a suitable NSE script, we can use a search engine to find the CVE number plus NSE (CVE-2021-41773 nse). 339 (NIST, 2022), https://nvd.nist.gov/vuln/detail/CVE-2021-41773 Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 197 Figure 80: Searching for a NSE script for a specific CVE in Google One of the first search results is a link to a GitHub 340 page that provides a script to check for this vulnerability. Let’s download this script and save it as /usr/share/nmap/scripts/http-vuln- cve2021-41773.nse to comply with the naming syntax of the other NSE scripts. Before we can use the script, we’ll need to update script.db with --script-updatedb. kali@kali:~$ Yüklə Dostları ilə paylaş:
|