Vulnerability Mapping with Kali Linux

Introduction

Vulnerability mapping is an activity carried out to identify security flaws which can result in the compromise of a system. Sometimes researchers will use the term “vulnerability assessment” instead of “vulnerability mapping.” They are, however, the same thing.

In pentesting and malicious hacking, vulnerability mapping is a step that follows after the tester or hacker has adequately conducted information gathering and enumeration of the target network or host.

In this article, we will look at how various tools within the Kali Linux Operating System can be implemented to discover vulnerabilities that could lead to compromising targets and thus result in the hacker or penetration tester violating the confidentiality, integrity and availability of a business system.

Vulnerability Types

Today, three main classes of vulnerabilities exist from which a clear distinction can be made. The three classes are:

• Design vulnerabilities: These will be discovered via weaknesses that result from software specifications. These are by far the most cumbersome to resolve, since they require patches to be applied based on security requirements given by the pentester
• Implementation vulnerabilities: Whenever glitches within software code are discovered, they are classified here.
• Operational vulnerabilities: These vulnerabilities will result from improper configuration and deployment of software.

The classes of vulnerabilities above will either occur locally or remotely within the target environment.

Local vulnerabilities will require the tester or attacker to have local access to the target system in order to exploit them. A good example of this is the CVE-2013-0232, otherwise known as GP Trap Handler nt!KiTrap0D, which would allow an attacker or tester with access to a vulnerable Windows Server 2008 machine to gain escalated privileged access.

Remote vulnerabilities allow for exploitation to occur without physical access to the target system. These could occur from the Internet or within the network on (Read more...)