StC Pentesting Fundamentals Study Group — Week #5 Recap

Today we had our fifth session of the Pentesting Fundamentals Study Group.

We covered Chapter 5 Analyzing Vulnerability Scans of the CompTIA PenTest+ Study Guide and learned about the following topics:

• How to interpret scan reports.
• How to understand the Common Vulnerability Scoring System (CVSS) and how to use it to assess the severity of vulnerabilities.
• The things to look out for when validating scan results.
• The common vulnerabilities found by scanners.

We also watched IppSec’s videos on how to get system/root level access on the Arctic and Shocker Hack The Box (HTB) machines.

Next week, we’ll cover Ch-6 of the CompTIA Pentest+ book and work on the Nibbles & Valentine (both Linux) HTB boxes.

Additional Resources

• ShellShock: All you need to know about the Bash Bug vulnerability
• Hack The Box — Arctic Writeup w/o Metasploit
• Hack The Box — Shocker Writeup w/o Metasploit
• Exploiting ShellShock getting a reverse shell