Showing posts with the label how to do vulnerability assessment
Vulnerability Assessment is the process of evaluating the weakness of a system or network. It identifies the vulnerabilities in a system or network and helps black hats to devise exploits to get access to a target system or network. For example, imagine I am a black hat who performed a Nmap scan on the target (in this case, Metasploitable). The target has displayed so many banners of the services running. So the first thing I do is perform a Google search for any exploit or vulnerability for the service displayed. Luckily in the example below, we get an exploit for the aforementioned version o -f ftp server and that happens to be a Metasploit exploit. The only thing hacker has to do is download the exploit and run it. Here’s another example for another service. Here we have vulnerabilities listed. So we have to write an exploit for that vulnerability.