Vulnerabilities

OS Processes and services (Exercise 4.3)

Lab duration: 15-30 mins

This lab will demonstrate how to find out what processes and services are active on a computer.

Report:

• What types of information do you see using the ps command?
• what are the different ways to sort information using Top and how can you sort by greatest amount of swap?
• How do you toggle the idle processes?
• Using lsof, what differences do you observe when running commands to open process files as root user and when not root user?

Vulnerability Identification and research (Exercise 4.4)

Duration: 15-30 minutes

This lab demonstrates Finding vulnerabilities and determining whether they pose risks on a computer.

Report:

• What high-priority vulnerabilities do you discover and what is their key information?
• How about medium-priority vulnerabilities?
• What other information do you gain from the scan?

Vulnerability Validation (Exercise 4.5)

Duration: 15-30 minutes

In this lab students validate that a vulnerability exists on a system by attempting to exploit that vulnerability.

Report:

• Write a summary of how you execute the exploit.
• How do you know if your exploit and payload execution was successful?
• What type of access do you have to the remote system?