A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:
– Have a full TCP connection
– Send a "hello" payload
– Wait for a response
– Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?
A. Run nmap -Pn -sV –script vuln <IP address>.
B. Employ an OpenVAS simple scan against the TCP port of the host.
C. Create a script in the Lua language and use it with NSE.
D. Perform a credentialed scan with Nessus.
– Have a full TCP connection
– Send a "hello" payload
– Wait for a response
– Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?
A. Run nmap -Pn -sV –script vuln <IP address>.
B. Employ an OpenVAS simple scan against the TCP port of the host.
C. Create a script in the Lua language and use it with NSE.
D. Perform a credentialed scan with Nessus.