Changes between Version 1 and Version 2 of NspwUprouse/Agenda/pentest


Ignore:
Timestamp:
Sep 9, 2021, 8:40:43 PM (3 years ago)
Author:
admin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • NspwUprouse/Agenda/pentest

    v1 v2  
    1919 - To install OpenVAS on  kali,
    2020{{{
    21 apt-get install openvas
     21sudo apt-get install openvas
    2222}}}
    2323
    24  - Once the installation is finished, type '''openvas-setup''' on the terminal to do the initial setup. At the end of the setup, it will give you a long password for the default user ‘admin’. '''Please note it somewhere'''.
     24 - Once the installation is finished, type '''sudo gvm-setup''' on the terminal to do the initial setup. At the end of the setup, it will give you a long password for the default user ‘admin’. '''Please note it somewhere'''.
    2525
    2626 - When the OpenVAS setup process is finished the OpenVAS manager, scanner and services are listening on ports 9390, 9391, 9392, and on port 80. You can use the following netstat command to check if these services are listening:
    2727{{{
    28 netstat –antp
     28sudo netstat –antp
    2929}}}
    3030
     
    3939 - If the OpenVAS services are not running then use the following command to start these services:
    4040{{{
    41 openvas-start
     41sudo gvm-start
    4242}}}
    4343
     
    6666OPENVAS is a whole set of tools in detecting vulnerabilities, reporting, and scheduling tasks. Due to our limited environment, you may refer youtube and google for further usages.
    6767
    68  - Use openvas-stop to terminate OpenVAS service.
     68 - Use gvm-stop to terminate OpenVAS service.
    6969
    70 === Port Scanner – Zenmap ===
    7170
    72 Zenmap is a nmap based port scanner. It has a basic GUI and will help testers to find open blocked or filtered ports of a target easily. In addition to showing Nmap's normal output, Zenmap can arrange its display to show all ports on a host or all hosts running a particular service. It summarizes details about a single host or a complete scan in a convenient display. Zenmap can even draw a topology map of discovered networks. The results of several scans may be combined together and viewed at once.
    73 
    74  - Open Zenmap from Applications -- > Information Gathering zenmap.
    75 
    76  - You can specify your Target and select a required profile and Scan.
    77 
    78  - The '''Intense scan''' in the profile list is just one of several scan profiles that come with Zenmap. Choose a profile by selecting it from the '''Profile''' combo box. Profiles exist for several common scans. After selecting a profile the Nmap command-line associated with it is displayed on the screen. Of course, it is possible to edit these profiles or create new ones.
    79 
    80  - Once a scan is finished you can check the results on,
    81 {{{
    82 Nmap Output – which is the default view of all results
    83 Ports/ Hosts – All port statuses will be presented in a user-friendly way
    84 Topology – This will show your target/s and the traceroutes
    85 Host Details – All details on the target device
    86 Scans – this will list down the previous scans
    87 }}}
    88 
    89 In a controlled system if you find any unknown ports that are open, then it might be a potential risk or a vulnerability that the target is having.
    9071
    9172=== Distributed Denial of Service Pentest ===
    9273
    93 Form Wikipedia
     74From Wikipedia
    9475
    9576A denial-of-service attack (DoS attack) is a cyber-attack where the attacker looks to make a machine or network resource unavailable to its deliberated users by temporarily or indefinitely services of disturbing a host connected to the Internet. Denial of service is usually accomplished by flooding the targeted machine or resource with excessive requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.