[go: up one dir, main page]
Scribd
Upload
2K views16 pages

Cybersecurity Vulnerability Assessment

Vulnerability Assessment

Uploaded by

kjustus901
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views16 pages

Cybersecurity Vulnerability Assessment

Vulnerability Assessment

Uploaded by

kjustus901
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Name: Justus Koech_CS-SA07-24044

Assignment: Vulnerability Assessment (HTB)

Overview

Hack The Box is a popular online platform for cybersecurity enthusiasts and
professionals to practice and enhance their hacking skills in a legal and controlled
environment. Vulnerability assessment on Hack The Box involves systematically
evaluating systems, networks, and applications for weaknesses or vulnerabilities that
attackers could exploit. Here's an overview of how vulnerability assessment
typically works on Hack The Box:

1. Target Selection: Users can select from a wide range of virtual machines (VMs)
representing various operating systems, services, and configurations. Each VM
presents a unique challenge, ranging from beginner to advanced levels.

2. Enumeration: Before attempting to exploit any vulnerabilities, users perform


enumeration to gather information about the target system. This includes identifying
open ports, services running on those ports, and potential entry points.

3. Vulnerability Identification: Once the initial enumeration is complete, users


analyze the gathered information to identify potential vulnerabilities. This involves
comparing the discovered services and versions against known vulnerabilities
documented in public databases like CVE (Common Vulnerabilities and Exposures).

4. Exploitation: After identifying vulnerabilities, users attempt to exploit them to


gain unauthorized access or escalate privileges on the target system. This step
involves leveraging various techniques, such as exploiting software bugs,
misconfigurations, or weak credentials

5. Post-Exploitation: Once access is gained, users may perform post-exploitation


activities, such as further privilege escalation, lateral movement within the network,
data exfiltration, or maintaining persistent access to the system.
Overall, vulnerability assessment on Hack The Box provides a practical and
hands-on approach to learning cybersecurity concepts and techniques in a simulated
environment, helping participants develop the skills necessary to defend against
real-world cyber threats.

After successful scanning, the following are the results as shown in the figure
below

Nessus Skills Assessment


1. What is the name of one of the accessible SMB shares from the authenticated Windows
scan? (One word)
Answer: wsus 2. What were the targets for the authenticated scan?

Answer: 172.16.16.100
3. What is the plugin ID of the highest criticality vulnerability for the Windows authenticated
scan? Apache Log4 with the id 156032 is the most critical

Answer:156032

4. What is the name of the vulnerability with plugin ID 26925 from the Windows authenticated
scan? (Case sensitive)
Use the filter port to scan the vulnerability plugin

Answer: VNC Server Unauthenticated Access

5. What port is the VNC server running on in the authenticated Windows scan?
Answer: 5900

OpenVAS Skills Assessment

OpenVAS, by Greenbone Networks, is a publicly available vulnerability scanner.


Greenbone Networks has an entire Vulnerability Manager, part of which is the OpenVAS
scanner. Greenbone's Vulnerability Manager is also open to the public and free to use.
OpenVAS has the capabilities to perform network scans, including authenticated and
unauthenticated testing.

What type of operating system is the Linux host running? (one word)

After login, set new task and start the vulnerability assessment as shown in the figure
below
Now the scan has started and we have to wait for the scan to complete

After a successful scanning the report will be displayed as shown in the figure below

What type of operating system is the Linux host running? (one word)
Answer: Ubuntu

2. What type of FTP vulnerability is on the Linux host? (Case Sensitive, four words)
Answer: Anonymous FTP Login Reporting

3. What is the IP of the Linux host targeted for the scan?


Answer: 172.16.16.160
4. What vulnerability is associated with the HTTP server? (Case-sensitive)

Answer: Cleartext Transmission of Sensitive Information via HTTP

In conclusion, while Hack The Box offers an immersive and hands-on approach to vulnerability
assessment through its virtual machines and challenges, it's important to note that there are also
dedicated vulnerability assessment tools available in the cybersecurity field, such as Nessus and
OpenVAS.
Nessus is a widely-used vulnerability scanning tool that helps identify vulnerabilities,
misconfigurations, and compliance violations in a variety of systems and applications. It offers
extensive vulnerability checks, reporting capabilities, and integration with other security tools.

OpenVAS, on the other hand, is an open-source vulnerability scanner that provides similar
functionality to Nessus. It is known for its flexibility, scalability, and community-driven
development model. OpenVAS is often preferred by organizations seeking cost-effective
solutions or who require a high degree of customization.

Both Nessus and OpenVAS offer features beyond what's typically available in a Hack The Box
environment, including automated scanning, continuous monitoring, and comprehensive
reporting. Additionally, they can be integrated into broader security workflows and used to
assess vulnerabilities across large-scale networks.

While Hack The Box serves as an excellent platform for hands-on learning and skill
development in cybersecurity, incorporating tools like Nessus and OpenVAS into your toolkit
can enhance your ability to conduct thorough and systematic vulnerability assessments in
real-world environments. By combining practical experience with industry-standard tools,
cybersecurity professionals can better identify and mitigate risks to protect their organizations'
assets and data.
Shareable link:https://academy.hackthebox.com/achievement/327320/108

You might also like