Module 05 - Practical
Last updated
Last updated
Those are the steps that I took to complete the flag-hunting session, in the current module of the CEH v12 Practical Course.
Search the Common Weakness Enumeration (CWE) list and find the name of the vulnerability with the CWE ID 591.
Open your browser and go to:
Search for “591” at ID Lookup (Top-right of the page)
A: Sensitive Data Storage in Improperly Locked Memory
Search the Common Weakness Enumeration (CWE) list and find the top weakness in the list “Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors.”
In the navigator, click on CWE List
Go down to Obsolete Views and click on CWE Top 25 (2019)
A: Improper Restriction of Operations within the Bounds of a Memory Buffer
Search the Common Vulnerabilities and Exposures (CVE) list and find the name of the vulnerability with the CVE ID CVE-2020-17140.
Go to Search CVE List
Search for “CVE-2020-17140”
A: Windows SMB Information Disclosure Vulnerability
Search the National Vulnerability Database (NVD) and find the Common Weakness Enumeration (CWE) ID for CVE-2021-23125.
Go to Search and then Vulnerabilities – CVE
Search for “CVE-2021-23125”
Click on the name
Bellow, you can find the ID
A: CWE-79
Search the National Vulnerability Database (NVD) and find the base score rating for CVE-2021-1723 according to CVSS Version 3.x.
Search for “CVE-2021-1723”
Click on the name.
Check the score
A: 7.5
Search the National Vulnerability Database (NVD) and find the base score range for High Severity in CVSS v3.0 ratings.
Go to Vulnerability Metrics and go bellow
A: 7.0-8.9
Search the National Vulnerability Database (NVD) and find the base score range for High Severity in CVSS v2.0 ratings.
From the previous flag, check the CVSS v2.0 Ratings table.
A: 7.0-10.0
Perform vulnerability analysis for the target machine (10.10.1.22) using OpenVAS and find the number of vulnerabilities in the system. Flag submission is not required for this task, enter “No flag” as the answer.
Using Parrot, go from Applications to Pentesting –> Vulnerability Analysis –> Openvas – Greenbone –> Start Greenbone Vulnerability Manager Service
Using the Task Wizard (The star-rod) on Scans, scan the following IP: 10.10.1.22
After a long wait, you get the following result
A: No flag
What is the default port used by Nessus to run vulnerability scans?
A: 8834
Perform vulnerability scanning for the host at 10.10.1.22 using Nessus and find the Nessus plugin ID that detects the vulnerability “SNMP Agent Default Community Name (Public)” in the machine.
After scanning again using the created policy from the Module 05, you get the following result
You can see that the ID is 41028
A: 41028
Perform vulnerability scanning for the host 10.10.1.22 using GFI LanGuard and find the number of vulnerabilities with the severity level “Critical/High.” Hint: This flag is optional. You need to download a trial version of the GFI LanGuard tool to attempt this flag.
The Trial version of GFI Languard is not working
Perform vulnerability scanning for the host at 10.10.1.22 using GFI LanGuard and find the machine’s vulnerability level. Hint: This flag is optional. You need to download a trial version of the GFI LanGuard tool to attempt this flag
The Trial version of GFI Languard is not working
Scan web servers and application vulnerabilities for www.certifiedhacker.com using CGI Scanner Nikto with reverse tuning options and identify the uncommon header “host-header” found on the target webserver.
A: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Scan web servers and application vulnerabilities for www.certifiedhacker.com using CGI Scanner Nikto and find the OSVDB ID for the finding “/cpanel/: Web-based control panel.”
ParrotTerm: Nikto -h www.certifiedhacker.com -o NiktoScanResult -F txt
Tip, -o and -F are just settings to save the output, for this flag you only need to wait until the normal Nikto Scan is finished. And, if you do this now, you will no longer find the answer
A: OSVDB-2117
Open your browser and go to:
Open your browser and go to:
Open your browser and go to:
You will be at
Open your browser and go to:
Open your browser and go to:
When you are going to Nessus, you have to go to , so the default port is 8834
