Remote and Local Exploitation

CompTIA Security+ Domain
Domain 1: Attacks, Threats, and Vulnerabilities
Domain 2: Tools and Technologies
Domain 5: Risk Management

CompTIA Security Objective Mapping
Objective 1.4 Penetration Testing Concepts
Objective 2.2 Security Assessment Tools
Objective 5.4 Incident Response Procedures

CEH Exam Domain
Domain 1: Background
Domain 2: Analysis/Assessments
Domain 4: Tools/Systems/Programs

CEH Objective Mapping
Objective 1.2 Information Security Threats and Attack Vectors
Objective 1.3 Information Security Technologies
Objective 2.2 Information Security Assessment Process
Objective 4.3 Information Security Tools

Overview

In this lab, you will exploit a vulnerable Postgres service on a Linux server, the Metasploit framework on Kali Linux. After getting in as the attacker, you will also leverage the Metasploit framework to do a privileged execution.

outcomes:

In this lab, you will learn to:

Use nmap and OpenVas to scan a system.
Use Greenbone to determine vulnerabilities of a system.
Use Metasploit to exploit a system.
Use Meterpreter to breach a system.

Courses

Ethical Hacking and Systems Defense Skill Lab

Information Security Fundamentals Skill Lab

Key terms and descriptions

nmap

Nmap is used to discover hosts and services on a network.

Metasploit Project

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

Meterpreter

Meterpreter is a Metasploit attack payload that provides an interactive shell from which an attacker can explore the target machine and execute code.

Greenbone

The Greenbone Security Assistant is a web application that
connects to the OpenVAS Manager to provide for a full-featured user interface
for vulnerability management.