Venom Academy/Ethical Hacking/Vulnerability Scanning

Definitions and Concept
We have traveled through different activities and lab exercises. Now you are able to perform information gathering and other activities. But our main target is to engage with the target and hijack authority and authenticity. One important thing to keep in mind is that hackers make use of what we call "vulnerabilities". Everything can has vulnerabilities including people themselves. In our example we are looking at computers. Now that we have performed information gathering, we need to find vulnerabilities that we can exploit.

What are vulnerabilities?
Vulnerabilities are flaws, disadvantages or extra-based mediums of something. Vulnerabilities are either there to be exploited or to be patched. We shall be looking at a few examples. Keep in mind that everything has a vulnerability, its just up to you to find it. In a nutshell as a penetration tester or ethical hacker, you will be hired to find vulnerabilities by organizations. As said before, anything can be vulnerable in an organization.

Examples
As we already know that anything can be a vulnerability. Sometimes we can find vulnerabilities in different ways. Below is a list that a penetration tester or ethical hacker may use as a checklist:


 * 1) Vulnerabilities are mostly people who work for the organization. Mostly people who are less educated or lack the basic knowledge on cyber security can be potential vulnerabilities.
 * 2) Services that are offered by Computing machines are common vulnerabilities, for example in a windows XP machine that runs an SMB service can be included as a vulnerability.
 * 3) Most old machines use the autoplay/autorun feature, which is also a potential vulnerability because malicious files may be executed on the machine using removable hardware

Finding vulnerabilities
With all the knowledge that we have, as a penetration tester, one of the most important skills to remember is vulnerability scanning. Lets go over a bit of theory over vulnerability scanners.

What are they?
Vulnerability scanners are softwares that are built to spot vulnerabilities in target systems using networking flags. There are quite a number of vulnerability scanners out there, but we will only focus on two of them in particular Nessus and OpenVAS. But we will look more into Nessus than OpenVAS.

Nessus
Nessus is a proprietary vulnerability scanner developed by Tenable, Inc. Nessus works on windows, Linux and Mac. The recent version of nessus is built to work on a web interface. Nessus can expose vulnerabilities such as:


 * Vulnerabilities that allow privileged escallation
 * Missing patched in the system
 * Vulnerabilities of weak passwords
 * Denial of Service

OpenVAS
OpenVAS is a Vulnerability Assessment tool, which is sometimes called "GNessUs" OpenVAS operates on a framework (Command-line interface)