1

I'm doing an academic work where I have to find vulnerabilities in CentOS and show how to take advantage of those same vulnerabilities.

I'm no hacker and I'm finding this task to be of great difficulty, that is, I see all the security alerts and their descriptions but no explanation of how to take advantage.

Maybe I'm being a little naive but all I want to know is if there is any tool I can use to show that CentOS 5.0 vulnerability XPTO exists and to show it "working".

If possible something like CVE-2007-0001 exploit tool, CVE-2007-0002 payload and so on.

Thanks.

womble
  • 95,029
  • 29
  • 173
  • 228
Joao Heleno
  • 251
  • 1
  • 4
  • 12

2 Answers2

2

script kiddies swear by metasploit

Iraklis
  • 488
  • 1
  • 5
  • 14
  • Well metasploit is a tool like any other tool. Script kiddie tool or not...many professional pen testers use it heavily. In the right hands the metasploit framework is very powerful I wouldn't call it a script kiddie tool. But here's the thing with script kiddie stuff. As a system administrator if you know there's something out there that script kiddies are using and you aren't using it yourself to test your own servers/services/webapps you're asking to be hacked. – 3dinfluence Mar 25 '10 at 14:15
  • Totally agreeing with you. I'm not dissing the tool, actually it has helped us a lot of times (justifying our consultancy fees). I'm just humoring the OP. Penetration testing is not something you do by a HOW-TO basis, you have to have a large skill-set & spend alot of your resources trying to educate yourself. – Iraklis Mar 25 '10 at 14:18
  • Ah gotcha. Yes I agree. Pen testing is definitely an art of it's own that takes quite a bit of knowledge and a lot of thinking outside of the box. Metasploit is a huge topic by itself. SANS has a bunch of courses that can get you up to speed on the type of knowledge and tools you need but they are expensive. – 3dinfluence Mar 25 '10 at 14:57
2

For locating vulnerabilities, I tend to prefer the more classic approach by default. Bugtraq and announcement lists for the particular software. Change logs, et cetera. Scanners such as OpenVAS can be used for automated verification and testing.

With verifying the scope of impact, it depends on the vulnerability. When attempting to verify scope of impact, often I seek out the initial release and any vendor specific releases for the vulnerability in question. At that point, depending upon the nature of the vulnerability, I would be able to verify by manual action or writing my own script.

If full disclosure, sometimes proof of concept code is provided with the initial report. If not, I would search the Internet and common resources such as Bugtraq and Packet Storm Security.

You are going to find it difficult to find professionals to walk you through exploiting a vulnerability due to the dubious nature of the request. Most vulnerabilities do not require a high level of technical skill to take advantage of.

Warner
  • 23,440
  • 2
  • 57
  • 69