Vulnerability Mapping

In computer security, a vulnerability is a weakness which can be exploited by an attacker, to perform unauthorized actions within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness.

In pentesting, vulnerability mapping is a step that follows after the tester or hacker has adequately conducted information gathering and enumeration of the target network or host. The purpose is to identify security flaws which can result in the compromise of a system.

Types of vulnerabilities:

  • Design: Vulnerability found in a software
  • Implementation:  Vulnerability that appeared in a code
  • Operation: Vulnerability that happens because of improper configuration
  • Local: Attacker needs local access to trigger vulnerability in the target.
  • Remote: Attacker does not need local access to trigger and exploits the vulnerability in the target.

Tools for vulnerability mapping:

  • Nessus
  • OpenVAS
  • Fortify
  • Sqlmap
  • W3af
  • Metasploit

WPScan to find username

WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.

Using WPScan allow us to find the username of a wordpress blog with just a single command.  This is the command that is used –> wpscan –url website –enumerate u. This example is using my wordpress account to try WPScan.

 

 

From the image above, we can see that the username has been identified (The real username is hidden).

WPScan to bruteforce password

WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.

Aside from finding usernames, WPScan can also find the password of the wordpress account. The command we use is wpscan -url website -U ‘username’ -P ‘wordlist file’. The wordlist file consists of words that might be the real password.

For this example, I am using the wordpress of my blog to try WPScan.

 

 

 

The image above shows that the password is found (real password is hidden).