A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running.
Which of the following would BEST support this task?
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running.
Which of the following would BEST support this task?
To identify CVEs that can be leveraged to gain execution on a Linux server with an SSHD running, using nmap with the --script vulners option is the most effective approach. This specific nmap script is designed to query vulnerability databases and return a list of known CVEs associated with the detected services, making it the best suited for identifying exploitable vulnerabilities directly.
Vulners is the correct answer https://nmap.org/nsedoc/scripts/vulners.html
sidonpc is correct A lot of this discussion thread is not helpful. People need to answer without copy/pasting ChatGPT (unreliable). MY OPINION: The answer is [C] because the desired outcome is CVEs, and [C] is the only option that will yield CVEs. The tricky part of the question is that [C] needs output from an initial scan. So you may think that you must run something like [A] or [B] first, then run [C], and this is sometimes the case. BUT, you can run [C] with other nmap options within the same command, and this is the depth of knowledge that you are expected to know to be a penetration tester. In order for [C] to run correctly, the command would need to look something like this: nmap --script vulners -sV [target IP] another hot take: A. Specific (incorrect) B. Specific (incorrect) C. General (correct) D. Specific (incorrect)
A does everything you need it to in one command. -O (what OS) -p22 (SSH) -sC (look for common vulnerabilities) It's A bro.
-O (Operating System Detection) helps identify the OS, but doesn't directly scan for vulnerabilities. -p22 (Scan port 22) is useful, but limited to just SSH. -sC (Standard service scripts) can identify some vulnerabilities, but may not be as comprehensive as vulners.
The correct answer is C. Run nmap with the --script vulners option set against the target. The --script vulners option will scan the target for vulnerabilities associated with Common Vulnerabilities and Exposures (CVEs). It can be used to identify potential CVEs that can be leveraged to gain execution on the Linux server. Example: nmap --script vulners -p 22 10.1.1.1 The other choices are incorrect because they do not include the --script vulners option which is necessary to identify CVEs. Option A includes the -O and -sC options which can be used to identify the operating system and services running on the target, however, it does not include the --script vulners option. Option B includes the -sV and -p22 options which can be used to identify the service versions running on the target and the port number, however, it does not include the --script vulner option. Option D includes the -sA option which can be used to perform an ACK scan, however, it does not include the --script vulners option.
I always like to find corroborating data from external searches, especially when the answers are so divided. Out of yours and githubs mouth, almost verbatim.
King ChatGPT says B so its B
I just put this question into ChatGPT and this was the output: To identify CVEs that can be leveraged to gain execution on a Linux server running SSHD, the best option among the given choices is: C. Run nmap with the --script vulners option set against the target. Explanation: Nmap is a network scanning tool that can be used to identify open ports and services on a target system. The --script vulners option in Nmap is used to scan for known vulnerabilities (CVEs) in the target system by using the Vulners NSE script. Vulners is a script that searches for known vulnerabilities in the National Vulnerability Database (NVD) and other sources. Using this script helps identify vulnerabilities related to SSHD or any other services running on the target system, which can be leveraged for gaining unauthorized access or execution. Options A and B do not specifically focus on identifying vulnerabilities or CVEs related to SSHD. Option D (-sA) is used for identifying hosts that are alive, but it is not specifically designed for vulnerability scanning or identification. The answer is C
GPT-4 says its C
ChatGPT answer will change as the AI does. It's not B.
--script vulners cannot be the right answer do to the fact that the argument -sV is missing so the scan will not get any valid results. Don’t forget to pass “-sV” argument while using NSE scripts. Nmap-vulners will be unable to access the Vulners exploit database if it does not receive any version information from Nmap. So, the -sV parameter is required all the time.
Opening two tabs in Kali and put the analogue commands in it to find the version specific of port 22 in metasploitable I took more info from -sV than --script vulners even that I have updated it's db first. So I go with B in this.
C answer is correct
C is correct Script --Vulner
B = best bet
Can't be C because it will scan all ports on the host, we need the specific port -p22
Option C which uses --vulners can be helpful for identifying vulnerabilities using the nmap scripts, however its usually more effective when applied to specific services or ports rathern than SSHD. Option B on the other hand will help you find the software and version running on port 22 SSHD, which is essential for finding potential CVEs.
Option B (-sV and -p22) is still the best option for identifying CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running, even if we add the -p22 option to Option C (--script vulners -p22). Option B includes version detection, which helps identify specific vulnerabilities that may be present in the version of SSH running on port 22. It also enables Nmap to identify the exact service running on port 22, which is important if there are multiple services running on the same port. Option C with the -p22 option is more targeted than the original option, but it is not as comprehensive or specific as Option B. Therefore, Option B is still the most appropriate option for this task.
It is mentioning access via running SSHd, so specifiying port 22 will speed up the process and -sV is required.
C. Run nmap with the –script vulners option set against the target. Explanation: Using Nmap with the --script vulners option will leverage the vulners script, which checks for vulnerabilities on the target system based on the services running and their versions. This script will directly provide information about known vulnerabilities (CVEs) related to the detected services, including SSH.
This option specifically uses the "vulners" script which is designed to identify common vulnerabilities in various services, including SSH. It's the most focused and effective option for finding exploitable CVEs.
-O (detect the OS) -p22 (SSH) -sC (initiates a script scan that probes for common vulnerabilities, services, and other useful information)
i will be changing to C
CORRECT ANSWER = Option C Option C, utilizing the Vulners script, directly targets CVEs associated with the services running on the target. This script is tailored to identify known vulnerabilities, which may not necessarily rely solely on the version of the service. It searches for vulnerabilities based on various parameters, such as service banners, responses, and other characteristics, providing a more comprehensive approach. Option A focuses on general reconnaissance, including determining the operating system and version of services. While knowing the service version can be valuable for understanding potential vulnerabilities, it doesn't guarantee the identification of specific CVEs. Also, in the context of SSH, many vulnerabilities are not version-specific but are instead based on configuration issues, authentication mechanisms, or other factors.
Agree with option C, although I can't make it work without the -A option. Thoughts anyone?
The -script vulners is the only option that presents the user with CVEs.
C. Run nmap with the --script vulners option set against the target. The --script vulners option will run Nmap's Vulners script, which enumerates vulnerabilities associated with open ports and services identified during scanning. This would help the penetration tester identify potential CVEs related to the SSH service that could be leveraged to gain execution. Options A and B would scan and enumerate versions but not correlate to CVEs. Option D (-sA) is not particularly useful here as it does a TCP ACK scan which is less common for initial enumeration.
A because -sS -p 22 -O -A tell SERVICE VERSION
In the context of identifying Common Vulnerabilities and Exposures (CVEs) that can be leveraged against a specific service, you would typically want to identify the version of the service running and then search for known vulnerabilities associated with that version. Nmap offers several options for scanning, and among the choices presented, the option that would be best for identifying the version of the SSH daemon (SSHD) running on the target, and then cross-referencing known vulnerabilities, would be: C. Run nmap with the `--script vulners` option set against the target. This option would leverage the "vulners" NSE script to query the Vulners CVE Database and provide information about known vulnerabilities for the identified versions of services running on the target. So the correct answer to this question is: C. Run nmap with the `--script vulners` option set against the target.
ANSWER IS C= --scrips vulners.The Nmap option -sC enables script scan mode, which tells Nmap to select the default scripts and execute them if the host or port rule matches. THEREFOR THIS SWITCH JUST ACTIVATES GENERALSCRIPTS. It does not scan for CVE vulnerbilities specifically. The (--script vulners) SPECIFIVALLY IDENTIFIES THE CVE VULNERABILITIES AND WILL OUT PUT ON NMAP SCAN SCREEN THE ABREVIATION CVE ALONG SIDE ITS CVE VULNERABILITY.
The correct answer i here : https://nmap.org/nsedoc/scripts/vulners.html
To identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running, the penetration tester should use Nmap with the -sV and -p22 options set against the target. The -sV option tells Nmap to perform service version detection, which can identify the version of the SSH service running on the target. The -p22 option tells Nmap to scan only the port 22, which is the default port for SSH. By using these options, the penetration tester can identify the SSH version running on the target, which can be cross-referenced against known vulnerabilities in the National Vulnerability Database (NVD) or other sources. Therefore, the correct answer is B. Run nmap with the -sV and -p22 options set against the target.