Vulnerability Assessment Fundamentals

Vulnerability Assessment Fundamentals

Navigation

Sections in This Note


Vulnerability

A weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, or availability.

Auditing Fundamentals

Cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. Also known as information technology security or electronic information security.

CIA Triad

Compliance Regulations

Frameworks and Maturity


Host Based Attacks

System/Host based attacks target a specific system or host running a specific operating system (Windows or Linux). These attacks usually come into play after gaining access to a target network, whereby you exploit servers, workstations, or laptops on the internal network. They focus on exploiting inherent vulnerabilities in the target OS.


Windows Vulnerabilities

Exploiting Bash CVE-2014-6271 Vulnerability (Shellshock)

Shellshock (CVE-2014-6271) is the name given to a family of vulnerabilities in the Bash shell (since v1.3) that allow an attacker to execute remote arbitrary commands via Bash, consequently allowing remote access via a reverse shell.

The vulnerability is caused by Bash mistakenly executing trailing commands after a series of characters: () { :; };

Burp Suite can be used: after forwarding to Repeater, change the User-Agent value to, e.g.:

() { :;}; echo; echo; /bin/bash -c 'cat /etc/passwd'

https://github.com/opsxcq/exploit-CVE-2014-6271

External Sources

Powered by Forestry.md