Nessus
INE
Penetration Testing Basics
INSTRUCTOR
Lukasz Mikula
COURSE DURATION
16h 58m
DIFFICULTY LEVEL
COURSE FILES
Course
Introduction - Study Guide
Open-Source Intelligence - Study Guide
Subdomain Enumeration - Study Guide
Subdomain Enumeration
The Importance of Information Gathering - Study Guide
Disclaimer - Study Guide
Mapping a Network - Study Guide
NMAP OS Fingerprinting
Port Scanning - Study Guide
NMAP Port Scanning
Basic Masscan Usage
Scanning and OS Fingerprinting
Vulnerability Assessment - Study Guide
Nessus - Study Guide
Nessus
Nessus
Description
In this lab you will have to use and configure Nessus in order to perform a vulnerability scan against the target machine. However you are not told where the target machine is in the network. You only know it is in the same lab network you are connected to.
Goal
The goal of this lab is to learn how to properly configure Nessus depending on the services running on the target machine.
Tools
The best tools for this lab are:
Nmap
Nessus
Metasploit
Steps
Find a target in the network
Since we do not have any information about our lab network and the hosts attached to it, the first step is to find our target!
Identify the target role
Now that we know there is a host on the target network, let us scan the host and gather as much information as we can in order to properly configure the Nessus scan.
Configure Nessus and run the scan
You should have identified few services running on the machine. Configure a new Nessus policy and scan depending on the scan results of the previous step.
Analyze and export the scan results
Once the scan completes, open the results and analyze them. You will find something very interesting! Moreover export the scan results, you may need them!
[OPTIONAL] Exploit the machine
The target machine has few critical vulnerabilities. Once you finish studying the Metasploit module, start the lab over again and try to exploit the machine.
SOLUTIONS
Please go ahead ONLY if you have COMPLETED the lab or you are stuck! Checking the solutions before actually trying the concepts and techniques you studied in the course, will dramatically reduce the benefits of a hands-on lab!
Solutions steps
Find a target in the network
We first need to verify which the remote network is. We can do it by running ifconfig and check the IP address of our tap0 interface.
As we can see the target network is 192.168.99.0/24. Let\'s run nmap -sn in order to discover alive hosts on the network:
The previous screenshot shows that the only host alive in the network is 192.168.99.50 (besides our host: 192.168.99.13).
Identify the target role
Let us run nmap in order to gather as much information as we can about our target. To do this we will run a -A scan as follows:
As we can see in the previous output there are just few services enabled. Moreover, the machine is a Windows machine. Armed with this knowledge we can start configuring our new Nessus policy and scan.
Configure Nessus and run the scan
From the previous scans we can guess that the machine is a client (there are no services such as FTP, SSH, Apache or so). Moreover we know its OS is Windows XP, so we can create a new scan policy that will use only specific plugins such as Windows plugins.
In order to run the scan, we need to visit Nessus's web interface on http://localhost:8834/ first.
Then we should navigate to Scans and choose New Scan -> Advanced scan.
We only need to specify the target and the desired name of the scan. Now, we are ready to launch the scan.
After the scan finishes, we can see the results:
Clicking the first critical vulnerability provides us with a detailed list of the detected issues:
Note: If we wanted to use Windows plugins only, so that a faster and a more specific scan is performed, this can be done as follows.
Policy -> New Policy -> Advanced Scan and configure the below.
Then navigate to My Scans -> New Scan -> User Defined and launch the scan.
Analyze and export the scan results
From the scan results obtained in the previous step we can see that the machine has some critical vulnerabilities.
The most interesting one is the MS08-067:
This vulnerability allows attackers to execute code remotely! Keep it in mind if you want to exploit the machine!
[OPTIONAL] Exploit the machine
In the previous step we found a very interesting vulnerability. Once you finish studying the Metasploit section of the course, come back in this lab and try to exploit it!
STATUS
Lab Not Running
LAB NOT RUNNING
Start the lab and you’ll be able to download a VPN File and connect.
Introduction - Study Guide
Web Server Fingerprinting - Study Guide
HTTP Verbs - Study Guide
Netcat
Directories and Files Enumeration - Study Guide
Dirbuster
Dirb
Dirbuster
Google Hacking - Study Guide
Cross Site Scripting - Study Guide
XSS
Cross site scripting
SQL Injections - Study Guide
SQL Injection
Sqlmap
SQL Injection
Malware - Study Guide
Backdoor
Password Attacks - Study Guide
John the Ripper
Hashcat
Buffer Overflow Attacks - Study Guide
Authentication Cracking - Study Guide
Hydra: Authentication Cracking
Bruteforce and Password cracking
Windows Shares - Study Guide
Null Sessions - Study Guide
Null Session
Null Session
ARP Poisoning - Study Guide
ARP Spoofing
ARP Poisoning
Metasploit - Study Guide
Metasploit
Metasploit
Meterpreter - Study Guide
Meterpreter
Beyond Remote Code Execution
Shells
What to do Next - Study Guide
Black-box Penetration Test 1
Black-box Penetration Test 2
Black-box Penetration Test 3
Penetration Testing Approach - Study Guide
Career Paths - Study Guide
Comments
Post a Comment