Vulnerabilities 101
Vulnerability *:A vulnerability is defined as a weakness or flow in the design or behaviors of a system or application.
**Exploit *: It’s an action that utilizes a vulnerability on a system or application.
**Proof of Concept (PoC) : A technique or tool that can show exploitation of a vulnerability. Like proof of attack.
Foothold is referred as an access to the vulnerable machine’s console.
Vulnerability is Hero
So, an attacker can use these vulnerabilities and gain unauthorized access to systems or applications then he can do whatever he wants.
There are mainly 5 categories of vulnerabilities.
*Operating System *: These types of vulnerabilities are found within the Operating Systems results in Privilege Escalation.
(Mis)Configuration-Based : so, vulnerabilities can be occurred from incorrect or wrong configured application or service. Like a shopping website allowing attacker to change price of products.
Weak or Default Credentials : As we know few people use weak passwords like ‘123456789’, ‘password!’, ‘admin:admin’ .
Application Logic : These vulnerabilities are occurring due to poorly designed applications. Like a user can access other users orders or profile by changing id number.
*Human-Factor *: so, different attacker have different techniques few use emails sends as company name and access users data, few uses or share links via sms to get otps lot more…
Scoring Vulnerabilities (CVSS & VPR)
We need to know how much impact of vulnerability cause to company or application.
So, we need to measure it vulnerability by giving it rating or impact.
This rating can be used to pay bug bounty hunter.
For Example, Low priced T-Shirt might have poor design or quality but Medium Rated have slightly better or High rated or prices T-Shirt can be branded and best.
So, based on price or rating we get a impact of it.
Common Vulnerability Scoring System (CVSS)
CVSS is a popular framework for scoring vulnerabilities.
Rating and Scores
None : 0
Low : 0.1–3.9
Medium : 4.0–6.9
High :7.0–8.9
Critical : 9.0 -10.0
Vulnerability Priority Rating (VPR)
VPR is modern framework to score vulnerabilities.
Its risk driven rating it won’t consider impact of vulnerabilities like CVSS.
Rating and Scores
Low : 0.0–3.9
Medium : 4.0 -6.9
High : 7.0–8.9
Critical : 9.0–10.0
Vulnerability Databases
The database which contains information about Vulnerabilities.
Vulnerabilities are classified under “ Common Vulnerability and Exposures” (CVE).
This CVEs have a format like CVE-YEAR-IDNUMBER like in 2017 a vulnerability found we declare it as CVE-2017–0144.
*National Vulnerability Database
*
- It’s a website that lists all publicly available CVEs.
Exploit-DB
- It’s best resource we get all information as well as PoCs about vulnerabilities.
Exploit Vulnerabilities
*Automated Vulnerability Scanner
*
Nessus Scanner we use to find vulnerabilities.
Broken Access Control : attacker can access other parts of applications.
Insecure Deserialization : malicious code or data that can be passed on application.
Injection : input malicious data into application.
*Manual Exploits
*
**Rapid7 **resource we use to search and filter out type of vulnerability. It contains instructions for exploiting using Metasploit.
**GitHub **also best resource to look for exploits.
**Searchsploit **is a tool can be used to search exploits with instructions. It has default in Kali and no need internet for it.
*NOTES :
*
1 . Not all exploits shown in first search works.
Always need to look for more even first one works cause the more we dig we get more information of it.
Finding attacking website information such as version number or more can be hard to find but we need to try out like checking on source code and java script files.
Best to check backend of site with help of few tools like wappalyzer like those can help.
training from tryhackme.
Top comments (0)