Skip to content

Vulnerabilities 101

What are Vulnerabilities?

  • Definition: Weaknesses or flaws in software, hardware, or systems that can be exploited by attackers to compromise security.
  • Importance in Penetration Testing:
    • Identifying and exploiting vulnerabilities is a core part of penetration testing.
    • Understanding vulnerabilities helps organizations improve their security posture.
  • Types of Vulnerabilities:
    • Operating System: Flaws in the OS itself, often leading to privilege escalation.
    • (Mis)Configuration-based: Insecure configurations of applications or services.
    • Weak or Default Credentials: Using easily guessable or default credentials.
    • Application Logic: Flaws in the application's logic or design.
    • Human-Factor: Exploiting human behavior (e.g., phishing).

Vulnerability Management

  • Definition: The process of identifying, evaluating, prioritizing, and remediating vulnerabilities.
  • Importance:
    • Not all vulnerabilities pose the same level of risk.
    • Efficiently allocating resources to address the most critical vulnerabilities.

Vulnerability Scoring

  • Purpose: Quantifying the severity and risk associated with a vulnerability.
  • Common Vulnerability Scoring System (CVSS):
    • Factors: Ease of exploitation, availability of exploits, impact on confidentiality, integrity, and availability (CIA triad).
    • Scoring: 0-10 (None, Low, Medium, High, Critical).
    • Advantages: Widely used, standardized.
    • Disadvantages: May not accurately reflect risk, can be complex.
  • Vulnerability Priority Rating (VPR):
    • Focus: Risk-driven, considers the likelihood and impact of exploitation in a specific context.
    • Scoring: 0-10 (Low, Medium, High, Critical).
    • Advantages: Dynamic scoring, considers organizational context.
    • Disadvantages: Not open-source, requires a commercial platform.

Vulnerability Databases

  • National Vulnerability Database (NVD):
    • Maintained by: NIST (National Institute of Standards and Technology).
    • Content: Publicly known vulnerabilities (CVEs).
    • Search: By CVE ID, keyword, vendor, etc.
  • Exploit-DB:
    • Maintained by: Offensive Security.
    • Content: Exploits, proof-of-concept code, and vulnerability information.
    • Search: By application name, platform, vulnerability type, etc.

Vulnerability Research Process

  1. Identify the target: Determine the application or system you are assessing.
  2. Gather information: Collect details about the target (version, configuration, etc.).
  3. Consult vulnerability databases: Search for known vulnerabilities in the target.
  4. Analyze potential exploits: Evaluate the feasibility and impact of exploiting identified vulnerabilities.
  5. Develop or acquire exploit code: Create your own exploit or use existing PoCs.
  6. Test the exploit: Verify the exploit's effectiveness in a controlled environment.

Example Research Scenario

  1. Identify the target: Apache Tomcat web server.
  2. Gather information: Discover the version number (e.g., 9.0.17).
  3. Consult vulnerability databases: Search Exploit-DB for exploits targeting Apache Tomcat 9.0.17.
  4. Analyze potential exploits: Review the available exploits and choose the most suitable one based on your goals and the target environment.