• 130 | Chapter 4: Looking for Vulnerabilities
    		•

    Remote Vulnerabilities | 129




    Download 22,59 Mb.
    Pdf ko'rish
    bet125/225
    Sana14.05.2024
    Hajmi22,59 Mb.
    #232856
    1   ...   121   122   123   124   125   126   127   128   ...   225
    Bog'liq
    learningkalilinux

    Remote Vulnerabilities | 129

    quickly. To get started with the wizard, you navigate to the Scans menu and select
    Tasks. At the top left of that page, you will see some small icons. The purple one that
    looks like a wizard’s wand opens the Task Wizard. 
    Figure 4-6
    shows the menu that
    pops up when you roll your cursor over that icon.
    Figure 4-6. Task Wizard menu
    From that menu, you can select the Advanced Task Wizard, which gives you more
    control over assets and credentials, among other settings. You can also select the Task
    Wizard, which you can see in 
    Figure 4-7
    . Using the Task Wizard, you will be promp‐
    ted for a target IP address. The IP address that is populated when it’s brought up is
    the IP address of the host from which you are connected to the server. You can enter
    not only a single IP address here—such as the one seen in 
    Figure 4-7
    , 192.168.86.45—
    but also an entire network. For my case, I would use 192.168.86.0/24. That is the
    entire network range from 192.168.86.0–255. The 
    /24
    is a way of designating network
    ranges without using subnet masks or a range notation. You will see this a lot, and it’s
    commonly called 
    CIDR notation
    , which is the Classless Inter-Domain Routing nota‐
    tion.
    Figure 4-7. Task Wizard
    130 | Chapter 4: Looking for Vulnerabilities

    Once you have entered your target or targets, all you need to do is click Start Scan,
    and OpenVAS is off to the races, so to speak. You have started your very first vulnera‐
    bility scan.
    It may be useful to have some vulnerable systems around when you
    are running your scans. Although you can get various systems (and
    a simple web search for vulnerable operating systems will turn
    them up) one is really useful. Metasploitable 2 is a deliberately vul‐
    nerable Linux installation. Metasploitable 3 is the updated version
    based on Windows Server 2008. Metasploitable 2 is a straight-up
    download. Metasploitable 3 is a build-it-on-your-own-system
    operating system. It requires VirtualBox and additional software.
    We’ll get into doing a scan from end to end, but let’s take a look at the Advanced Scan
    Wizard, shown in 
    Figure 4-8
    . This will give you a quick look ahead to what we will be
    working with on a larger scale when we move to creating scans from start to finish.
    Figure 4-8. Advanced Scan Wizard

    Download 22,59 Mb.
    1   ...   121   122   123   124   125   126   127   128   ...   225




    Download 22,59 Mb.
    Pdf ko'rish