`

Summary

In this chapter, we wrapped up our reconnaissance activities by

performing vulnerability scanning and fuzzing. We also verified the

vulnerabilities we discovered, weeding out potential false positives.

Along the way, we used bash scripting to perform several tasks.

We scanned for vulnerabilities, wrote custom scripts that can

perform recursive downloads from misconfigured webservers,

extracted sensitive information from git repositories, and more. We

also created custom wordlists using clever bash scripting and

orchestrated the execution of multiple security tools to generate a

report.

Let’s recap what we’ve identified so far, from a reconnaissance

perspective:

1. Hosts running multiple services (HTTP, FTP, SSH) and their

versions

2. A web server running WordPress with a login page enabled

and a few vulnerabilities, such as user enumeration and an

absence of HTTP security headers

3. A web server with a revealing robots.txt file containing paths

to custom upload forms and a donation page.

4. An anonymous login-enabled FTP server

5. Multiple open git repositories

6. OpenSSH servers that allows password-based logins

In the next chapter, we will use the vulnerabilities identified in

this chapter to establish an initial foothold by exploiting

vulnerabilities and taking over servers.

Black Hat Bash (Early Access) © 2023 by Dolev Farhi and Nick Aleks