{"id":14032,"date":"2022-05-13T18:17:30","date_gmt":"2022-05-13T18:17:30","guid":{"rendered":"https:\/\/www.securedyou.com\/?p=14032"},"modified":"2022-05-13T18:27:47","modified_gmt":"2022-05-13T18:27:47","slug":"practice-vulnerability-scanning","status":"publish","type":"post","link":"https:\/\/www.securedyou.com\/practice-vulnerability-scanning\/","title":{"rendered":"How to practice vulnerability scanning against real machines"},"content":{"rendered":"\n

As a security professional, you need to know how attackers will exploit system vulnerabilities to gain unauthorized access to your company’s network. The best way to learn hacking techniques is to try them yourself. This method provides a deep understanding of how networked computer systems behave and how best to protect them from attack.

But how can you “practice” breaking into real systems without risking real damage to someone else’s property and potential repercussions for your career? The last thing you want is to have your learning activities mischaracterized as black-hat hacking or to cause real data loss for a reputable organization. <\/p>\n\n\n\n

A Safe Playground for Learning Ethical Hacking<\/h2>\n\n\n\n

Fortunately, ethical hacking professionals can take advantage of a library of downloadable virtual machines that are ripe for attacking, and 100% safe from those risks. The idea is simple: you run your own copy of a virtual machine that contains some vulnerabilities and then deploy your knowledge and tools to try to gain root access. You can find a catalog of such machines at VulnHub<\/a>.<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

What is VulnHub?<\/h2>\n\n\n\n

VulnHub’s stated goal is to “provide materials that allow anyone to gain practical hands-on experience in digital security, computer software & network administration.” They do this by making virtual machines available to download for free which contain one or more known vulnerabilities that could be exploited by an attacker. <\/p>\n\n\n\n

\"HulnHub.com
Example of virtual machines available for download from VulnHub<\/figcaption><\/figure><\/div>\n\n\n\n

When you download and run one of VulnHub’s virtual machines on your VMWare or VirtualBox host, it becomes available to you as a “black box” for probing and testing. Machines are vulnerable by design and available in a variety of difficulty levels, so there is something for everyone regardless of your experience in penetration testing. Your goal is to find the vulnerability and exploit it to gain root access.<\/p>\n\n\n\n

Difficulty Levels<\/h2>\n\n\n\n

VulnHub describes their varying degrees of difficulty–from ‘very easy’ to ‘very hard’–according to the types of attacks that would need to be deployed in order to gain root access:<\/p>\n\n\n\n

Very Easy<\/span><\/p>\n\n\n\n

Vulnerability types:<\/p>\n\n\n\n