• Local vulnerabilities require someone to have some sort of authenticated access,
which may make them less critical to some people, but they are still essential to
remediate since they can be used to allow escalation of privileges.
• Network devices are also open to vulnerabilities
and can provide an attacker
access to alter traffic flows. Scanning for vulnerabilities in the network devices
can be done using OpenVAS or other specific tools, including those focused on
Cisco devices.
• Identifying vulnerabilities that don’t
exist can take some work, but tools like fuz‐
zers can be useful in triggering program crashes, which may be vulnerabilities.
Useful Resources
•
Open Web Application Security Project (OWASP) Fuzzing
• Mateusz Jurczyk’s
Black Hat slide deck,
“Effective File Format Fuzzing”
• Michael Sutton and Adam Greene’s Black Hat slide deck,
“The Art of File Format
Fuzzing”
• Hanno Böck’s
tutorial,
“Beginner’s Guide to Fuzzing”
• Deja vu Security’s tutorial,
“Tutorial: File Fuzzing”
Useful Resources | 147
CHAPTER 5
Automated Exploits
Vulnerability scanners provide a data set. They don’t provide a guarantee that the vul‐
nerability exists. They don’t even guarantee that what we find is the complete list of
vulnerabilities that may exist within an organization’s network. A scanner may return
incomplete results for many reasons. The first one is that network segments or sys‐
tems may be excluded from the scanning and information gathering. That’s
common
with performing some security testing. Another may be that the scanner has been
blocked from particular service ports. The scanner can’t get to those ports, and as a
result, it can’t make any determination about the potential
vulnerabilities that may
exist within that service.
The results from the vulnerability scanners we have used are just starting points. Test‐
ing to see whether they are exploitable provides not only veracity to the finding but
on top of that, you will be able to show executives what can be done as a result of that
vulnerability. Demonstrations are a powerful way of getting people’s
attention when it
comes to security concerns. This is especially true if the demonstration leads to a
clear path to destruction or compromise of information resources.
Exploiting vulnerabilities is a way to demonstrate that the vulnerabilities exist.
Exploits can cover a broad range of actions, though you may think that when we talk
about
exploits, we are talking about breaking into running programs and getting
some level of interactive access to a system. That’s not necessarily true. Sometimes, a
vulnerability is simply a weak password. This may give some access to a web interface
that has sensitive data. The vulnerability could be a weakness
that leads to a denial of
service, either of an entire system or just a single application. This means there are a
lot of ways we may run exploits. In this chapter, we’ll start to look at some of these
ways and the tools that are available in Kali.
