Learn about some of the tools, techniques and resources to exploit vulnerabilities
https://tryhackme.com/room/exploitingavulnerabilityv2
Task 1 - Introduction
Going over some means of identifying vulnerabilities and coupling our research skills to learn how these can be abused. Additionally some publicly available resources that are essential additions to your skill set and tools when performing vulnerability research and exploitation.
Task 2 - Automated Vs. Manual Vulnerability Research
Lots of toold available for cybersecurity vuln scanning. Nessus being one of them.
Advantages and disadvantages of using a vulnerability scanner in the table below:
| Advantage | Disadvantage |
|---|---|
| Automated scans are easy to repeat, and the results can be shared within a team with ease. | People can often become reliant on these tools. |
| These scanners are quick and can test numerous applications efficiently. | They are extremely “loud” and produce a lot of traffic and logging. This is not good if you are trying to bypass firewalls and the likes. |
| Open-source solutions exist. | Open-source solutions are often basic and require expensive licenses to have useful features. |
| Automated scanners cover a wide range of different vulnerabilities that may be hard to manually search for. | They often do not find every vulnerability on an application. |
Manual scanning for vulnerabilities is often the weapon of choice by a penetration tester when testing individual applications or programs. In fact, manual scanning will involve searching for the same vulnerabilities and uses similar techniques as automated scanning.
Ultimately, both techniques involve testing an application or program for vulnerabilities. These vulnerabilities include:
| Vulnerability | Description |
|---|---|
| Security Misconfigurations | Security misconfigurations involve vulnerabilities that are due to developer oversight. For example, exposing server information in messages between the application and an attacker. |
| Broken Access Control | This vulnerability occurs when an attacker is able to access parts of an application that they are not supposed to be able to otherwise. |
| Insecure Deserialization | This is the insecure processing of data that is sent across an application. An attacker may be able to pass malicious code to the application, where it will then be executed. |
| Injection | An Injection vulnerability exists when an attacker is able to input malicious data into an application. This is due to the failure of not ensuring (known as sanitising) input is not harmful. |
Answer the questions below
You are working close to a deadline for your penetration test and need to scan a web application quickly. Would you use an automated scanner? (Yay/Nay)
- yay
You are testing a web application and find that you are able to input and retrieve data in a database. What vulnerability is this?
- injection
You manage to impersonate another user. What vulnerability is this?
- broken access control
Task 3 - Finding Manual Exploits
Tools:
Answer the questions below
What website would you use as a security researcher if you wanted to upload a Proof of Concept?
- Github
You are performing a penetration test at a site with no internet connection. What tool could you use to find exploits to use?
- searchsploit
Task 4 - Example of Manual Exploitation
Answer the questions below
What type of vulnerability was used in this attack?