I used two scanning tools called Zenmap and OpenVAS that are free to the public, so anyone can use them even a hacker to scan anything that he or she wants to with just an IP address. In addition, the hacker can exploit these vulnerabilities on these systems and do some serious amount of damage to the college’s security. The results that I got back from the Zenmap scan were many open ports, such as one them being port number twenty-three, which runs a service called Telnet, it is used to enable a user to connect to a remote host using a Telnet client. If this port stays open, then hacker just need to access the port and brute-force the user’s username and password then they will have access to your whole machine. Furthermore, I found port number one thousand ninety-nine was open, this service is called Remote Administration Tool and this port could be used by hackers to produce Trojans by performing remote access to the tool crafting packets and requests upon the college’s server to infect all systems on campus. On the results of the OpenVAS scan there were many high severity vulnerabilities that can create tons of attacks towards the campuses database systems. I found a vulnerability named distcc that was found on port number three thousand thirty-two and when this is not configured properly to restrict access to the server port it will allow many remote hackers to execute arbitrary code and will execute by the server without any authorization checks. Another found open port was from the FTP port twenty-one it is a vsftpd backdoor vulnerability that can affect the source package of the application, but on this port, there is also a proFTPD server vulnerability that attacker can security bypass an authentication point because the application fails to validate the domain name in a signed certificate
I used two scanning tools called Zenmap and OpenVAS that are free to the public, so anyone can use them even a hacker to scan anything that he or she wants to with just an IP address. In addition, the hacker can exploit these vulnerabilities on these systems and do some serious amount of damage to the college’s security. The results that I got back from the Zenmap scan were many open ports, such as one them being port number twenty-three, which runs a service called Telnet, it is used to enable a user to connect to a remote host using a Telnet client. If this port stays open, then hacker just need to access the port and brute-force the user’s username and password then they will have access to your whole machine. Furthermore, I found port number one thousand ninety-nine was open, this service is called Remote Administration Tool and this port could be used by hackers to produce Trojans by performing remote access to the tool crafting packets and requests upon the college’s server to infect all systems on campus. On the results of the OpenVAS scan there were many high severity vulnerabilities that can create tons of attacks towards the campuses database systems. I found a vulnerability named distcc that was found on port number three thousand thirty-two and when this is not configured properly to restrict access to the server port it will allow many remote hackers to execute arbitrary code and will execute by the server without any authorization checks. Another found open port was from the FTP port twenty-one it is a vsftpd backdoor vulnerability that can affect the source package of the application, but on this port, there is also a proFTPD server vulnerability that attacker can security bypass an authentication point because the application fails to validate the domain name in a signed certificate