Previously, we covered the discovery of live servers over the network along with service enumeration. Here, we will discuss what a vulnerability assessment is. A vulnerability assessment is a process in which a tester aims to determine the services running on the ports and check if they are vulnerable. Vulnerabilities when exploited can lead us to have unauthenticated access, denial of service, or information leakage. Vulnerability assessment is essential as it gives us a holistic picture of the security of the network being tested.

In this chapter, we will be checking whether services running on open ports have vulnerabilities. It is vital to know the operating system on which the service is running since it is one of the crucial factors in reconnaissance for vulnerability discovery where remote code execution is involved. The reason is that the same services on different operating systems will have different exploits due to architecture difference. Let's talk about one vulnerability: the SMB service, which is vulnerable as per MS08-067 netapi vulnerability. This vulnerability persists on old Windows systems, but not on the new ones. For example, Windows XP is vulnerable to this attack; however, Windows Vista is not because it got patched. Hence, it is really important to have the map of what OS and service pack version the system is running, along with the service on the open port, if you are to find any vulnerabilities. In this chapter, we will be learning different ways in which we can detect vulnerabilities over target IPs.