3.3 KiB
draft, title, author, date, tags, categories, series, toc, toc_start_level, toc_end_level
| draft | title | author | date | tags | categories | series | toc | toc_start_level | toc_end_level | |||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| yes | Preventing Hacks | Hyperling | TBD |
|
|
|
true | 3 | 5 |
How to check for system vulnerabilities.
A few of these tools can be used offensively. It is bad etiquette to use them on systems which you do not own. Please respect others and do not attempt to cause harm.
Lynis
Local testing suite which not only tests for security weaknesses, but also that best practices are being used in a POSIX environment (UNIX/Linux type standard).
Install
$ sudo su -
# git clone https://github.com/CISOfy/lynis lynis
# chmod -R 644 lynis
# chmod 755 lynis/lynis
Testing
# /root/lynis/lynis audit system
If placing the contents into a file, you'll want to disable the colors.
# lynis audit system --no-colors > /root/lynix_results.txt 2>&1
NMap
This tool can be considered aggressive and should not be used against any systems you do not own or have explicit permission to test against.
Setup
Install nmap from your package manager.
- Debian Distros
$ sudo apt update && sudo apt install -y nmap - Fedora Distros
$ sudo dnf install -y nmap - Arch Distros
$ sudo pacman -Syq nmap
Testing
Never run the -A parameter against an unsuspecting system.
Run this command to get a good summary of ports with an attackable surface.
$ nmap -A -p- --script=vuln server_or_IP
To simply see the open ports on a device, you may use the --open parameter.
$ nmap --open server_or_IP
This program executes more quickly if run from the local machine by using localhost, 127.0.0.1, 0.0.0.0, etc.
If you'd like the output saved into a file, pipe it with > to your desired directory.
For example, to place a local vulnerability scan into your Downloads directory:
$ nmap -A -p- --script=vuln localhost > ~/Downloads/nmap_report.txt 2>&1
Resolving Discoveries
If any vulnerabilities show up they usually come with a CVE which can be researched, such as CVE-2007-6750.
There are many reputable sites which come up when placing this in a search engine. cve.org is also supposed to be a centralized repository,
Here's an example for the provided ID.
Most vulnerabilities are fixed by upgrading software, migrating to safer software, and by following best practices such as not exposing databases to the Internet.
Metasploit
This tool IS aggressive and should NEVER be used against any systems you do not own or have explicit permission to test against. Thank you.
I recommend playing with Metasploit if you have extra time so that you can learn how easy it is to penetrate an exploit once it is found with NMap.
Please be sure to test against your own machines, such as setting up a VM running an old Ubuntu LTS, starting up some services like CUPS, SSH, Apache, etc.
There are also VMs available such as Metasplotable 2 and 3 which come with the attack surfaces already set up for you.