声明：禁止用作非法目的，谢绝一切形式的转载。

在这里对OpenVas进行了简单的介绍。这篇文章着重介绍通过OpenVas扫描出来漏洞之后，如何利用这些漏洞达到获取被入侵机器"肉鸡"的shell(也就是控制权)。

OpenVas

GSM协议

NTP – Time synchronization • Connecting to 123/udp • Mandatory • Not encrypted • May use internal NTP server Feeds (see below) • Direct

Connecting to 24/tcp or 443/tcp
Direct internet access required

• Via proxy

Connecting to internal HTTP proxy supporting CONNECT method on configurable port

• Connecting to apt.greenbone.net and feed.greenbone.net • Mandatory on stand-alone and master Appliances • Used protocol is SSH • Encrypted and bidirectionally authenticated via SSH

Server: public key
Client: public key

术语

Alert: An alert is an action which can be triggered by certain events. In most cases, this means the output of a notification, e.g., an e-mail in case of new found vulnerabilities.

CVE: Common Vulnerabilities and Exposures (CVE) is a dictionary of publicly known information security vulnerabilities and exposures.

QoD: The Quality of Detection (QoD) is a value between 0 % and 100 % describing the reliability of the executed vulnerability detection or product detection.