Penetration Test Report Demo
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Difficulty
Intermediate
Video Transcription
00:00
>> I want to do a demo
00:00
describing a bit more on what a CVE is,
00:00
a CWE and CVSS,
00:00
a lot of C's in there,
00:00
but let's break this down a bit more.
00:00
I love this website CVE details.
00:00
It provides a whole lot of
00:00
information and you can see off
00:00
the bat if we're looking for a particular vulnerability,
00:00
in this case, CDE 2009,
00:00
3023, which came out in the year 2009.
00:00
We can already see there's two public exploits
00:00
available for this in one Metasploit module.
00:00
I'll go into that a little bit later.
00:00
But a descriptions here that is
00:00
a buffer overflow and FTP in
00:00
Microsoft IIS versions 5.0 through
00:00
6.0 and if you look down here at the CVSS score,
00:00
it's a 9.3, the highest being a 10.
00:00
This is a pretty severe vulnerability.
00:00
Now I also spoke about CWEs.
00:00
This is a CVE here describing
00:00
a specific type of software
00:00
and a specific type of vulnerability.
00:00
If we look at the CWE,
00:00
we can see it's attached to CWE119
00:00
failure constraint operations within
00:00
the bounds of memory buffer.
00:00
This is more of a general description
00:00
of what the vulnerability class is,
00:00
rather than a specific vulnerability for that software.
00:00
I think it's good to know what a CWE is.
00:00
You'll have a CWE,
00:00
that's more of a general vulnerability and
00:00
then a more specific CVE for
00:00
that piece of software or service.
00:00
Now, if we go down here,
00:00
we'll see that there's references to the Exploit.
00:00
It's nice that it's in red right here.
00:00
We can actually go to exploit DB,
00:00
which we'll do later in our labs.
00:00
We can then go to exploit DB and look at this
00:00
particular exploit and then
00:00
modify it for our environment,
00:00
and then hope that it works.
00:00
The other thing is we have
00:00
a Metasploit module attached to
00:00
it so you can use Metasploit once and OSEP.
00:00
If we wanted to use it,
00:00
if we found this particular vulnerability,
00:00
then we know based on this website that there is
00:00
a Metasploit module that we could
00:00
use to exploit that vulnerability.
00:00
The other thing I want to delve into
00:00
a bit more CVSS score.
00:00
If we have a custom application
00:00
that doesn't have a CVE attached to it,
00:00
we could use CVSS to
00:00
score or rank how severe that vulnerability is.
00:00
For example, let's think that we've found
00:00
a stored cross-site scripting
00:00
vulnerability in custom application.
00:00
We'll go into this more in
00:00
the web attack section of this course.
00:00
But let's say anyone on the Internet
00:00
can reach this website,
00:00
which will be network.
00:00
Attack complexity is low.
00:00
You just have to use some JavaScript to
00:00
execute the cross-site scripting exploit.
00:00
There are no privileges required.
00:00
Anybody on the Internet can access the website.
00:00
There's no authentication.
00:00
User interaction is required.
00:00
Someone who actually has to go to that website,
00:00
you have to entice them to go there or maybe
00:00
they're on unwittingly go into that website.
00:00
Scope is unchanged.
00:00
It's simply affects that specific website or domain.
00:00
Confidentiality is high because I, as an attacker,
00:00
I could craft my exploits so that I could steal
00:00
somebody's cookie or read sensitive information.
00:00
Integrity is high because maybe I
00:00
can redirect them to a phishing page that looks
00:00
exactly like a legitimate page and they
00:00
could give me some sensitive information there.
00:00
Availability is high because I could,
00:00
again redirect somebody so there's
00:00
no ability for them to actually reach that domain,
00:00
which all this calculated and I wouldn't worry
00:00
about these other scores down
00:00
here, temporal or environmental.
00:00
It's just stick to the base score,
00:00
comes out to be high.
00:00
When you write your report,
00:00
you can put the numerical score.
00:00
You could say it's an 8.8,
00:00
it's a high and then read.
00:00
They typically will have different colors
00:00
associated with different vulnerabilities.
00:00
Let's say attack complexity is
00:00
high and we modify these scores here.
00:00
It changes it to a medium it goes from
00:00
a red to an orange there.
00:00
Hopefully that makes sense or
00:00
more sense as far as what a CVE is,
00:00
a CWE and CVSS scoring.
Up Next
Note Taking and Mind Mapping
Finding Resources to Prepare for the Offensive Penetration Testing
Setting up the Kali Linux VM
Overview of Tools in Kali Linux
Understanding the Command Line
Instructed By
Similar Content
