• Local Vulnerabilities | 125
    		•

    | Chapter 4: Looking for Vulnerabilities




    Download 22,59 Mb.
    Pdf ko'rish
    bet121/225
    Sana14.05.2024
    Hajmi22,59 Mb.
    #232856
    1   ...   117   118   119   120   121   122   123   124   ...   225
    Bog'liq
    learningkalilinux

    124 | Chapter 4: Looking for Vulnerabilities

    The credential setting is only part of the process, though. You still need to configure a
    scan that can use the credentials. The first thing to do is to either identify or create a
    scan configuration that includes local vulnerabilities for the target operating systems
    you have. As an example, 
    Figure 4-3
     shows a dialog box displaying a section of the
    vulnerability families available in OpenVAS. You can see a handful of operating sys‐
    tems listed with local vulnerabilities. This includes CentOS as well Debian and
    Fedora. Many other operating systems are included, and each family may have hun‐
    dreds, if not thousands, of vulnerabilities.
    Figure 4-3. Selecting vulnerability families in OpenVAS
    Once you have your vulnerabilities selected, you need to create targets and apply your
    credentials. 
    Figure 4-4
    shows the dialog box in OpenVAS creating a target. This
    requires that you specify an IP address, or an IP address range, or a file that includes
    the list of IP addresses that are meant to be the targets. Although this dialog box pro‐
    vides other options, the ones that we are most concerned with are the ones where we
    specify credentials. The credentials created here have been selected to be used against
    targets that have SSH servers running on port 22. If you have previously identified
    other SSH servers, you can specify other ports. In addition to SSH, you can select
    SMB and ESXi as protocols to log in with.
    Local Vulnerabilities | 125

    Figure 4-4. Selecting a target in OpenVAS
    Each operating system is going to be different, and this is especially true with Linux,
    which is why there are different families in OpenVAS for local vulnerabilities. Each
    distribution is configured a little differently and has different sets of packages.
    Beyond the distribution, users can have a lot of choices for categories of packages.
    Once the base is installed, hundreds of additional packages could typically be
    installed, and each of those packages can introduce vulnerabilities.
    One common approach to hardening is to limit the number of
    packages that are installed. This is especially true when it comes to
    server systems in which the bare minimum amount of software
    necessary to operate the services should be installed.
    Root Kits
    While not strictly a vulnerability scanner, it’s worth knowing about Rootkit Hunter.
    This program can be run locally on a system to determine whether it has been com‐
    promised and has a root kit installed. A 
    root kit
    is a software package that is meant to
    facilitate a piece of malware. It may include replacement operating system utilities to
    hide the existence of the running malware. For example, the 
    ps
    program may be
    altered to not show the processes associated with the malware. Additionally, 
    ls
    may
    hide the existence of the malware files. Root kits may also implement a backdoor that
    will allow attackers remote access.

    Download 22,59 Mb.
    1   ...   117   118   119   120   121   122   123   124   ...   225




    Download 22,59 Mb.
    Pdf ko'rish