ComputerSecurityStudent (CSS) [Login] [Join Now]




|SECURITY TOOLS >> NESSUS >> Current Page |Views: 9262

(NESSUS: Lesson 3)

{ Scan with Nessus on BackTrack 5R1 }


Section 0. Background Information
  1. What is the purpose of this lesson?
    • In the previous lessons you use NMAP to determine which services were running, using a methodology known as port scanning.  This lesson will teach you how use Nessus to conduct a vulnerability assessment.

  2. What is NESSUS?
    • Tenable Network Security provides enterprise-class solutions for continuous monitoring and visibility of vulnerabilities, configurations, user activity and system events that impact security and compliance.

    • Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture

  3. Pre-Requisite
  4. Lab Notes
    • In this lab we will do the following:
      1. Scan Damn Vulnerable WXP-SP2 with Nessus
      2. Product Nessus Report
      3. Save Nessus Report

  5. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2013 No content replication of any kind is allowed without express written permission.

 

Section 1: Login to BackTrack
  1. Start Up VMWare Player
    • Instructions:
      1. Click the Start Button
      2. Type Vmplayer in the search box
      3. Click on Vmplayer

     

  2. Open a Virtual Machine
    • Instructions:
      1. Click on Open a Virtual Machine

     

  3. Open the BackTrack5R1 VM
    • Instructions:
      1. Navigate to where the BackTrack5R1 VM is located
      2. Click on on the BackTrack5R1 VM
      3. Click on the Open Button

     

  4. Edit the BackTrack5R1 VM
    • Instructions:
      1. Select BackTrack5R1 VM
      2. Click Edit virtual machine settings

     

  5. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button

     

  6. Play the BackTrack5R1 VM
    • Instructions:
      1. Click on the BackTrack5R1 VM
      2. Click on Play virtual machine

     

  7. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.

     

  8. Bring up the GNOME
    • Instructions:
      1. Type startx

 

Section 2: Login to Damn Vulnerable WXP-SP2 (Victim Machine)
  1. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Edit Virtual Machine Settings
    • Note:
      • This VM is running Windows XP.
      • This is the Victim Machine that we will be scanning with BackTrack5R1.

     

  2. Set Network Adapter
    • Instructions:
      1. Click on Network Adapter
      2. Click on the radio button "Bridged: Connected directly to the physical network".

     

  3. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine

     

  4. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click Administrator
      2. Supply Your Password
      3. Click On

     

  5. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt

     

  6. Obtain the IP Address
    • Instructions:
      1. ipconfig
      2. Record Your IP Address
    • Note(FYI):
      • #1, (ipconfig) displays all current TCP/IP network configuration values.
      • #2, In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.89.

 

Section 3: Bring up a console terminal
  1. Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window

     

  2. Obtain the IP Address
    • Instructions:
      1. ifconfig -a
      2. Record Your IP Address
    • Note(FYI):
      • #1, (ifconfig -a), display all interfaces which are currently available.
      • #2, In my case, my IP address 192.168.1.65.

     

Section 4: Start the Nessus Service
  1. Start Nessus Service
    • Instructions:
      1. /etc/init.d/nessusd start
      2. ps -eaf | grep nessus | grep -v grep
    • Note(FYI):
      • /etc/init.d/nessusd, is the start up script for nessus.
      • ps -eaf: Show me all processes
      • | grep  nessus: Only show me nessus processes.
      • | grep -v grep: Do not show me the actual grep process.

 

Section 5: Login To Nessus
  1. Start Firefox Instance
    • Instructions:
      1. cd /root/firefox/
      2. ./firefox https://127.0.0.1:8834 &
      3. Firefox will soon pop up.
    • Note(FYI):
      • We start Firefox this way, because this is our upgraded instance of Firefox that is compatible with the newest version of Nessus.
     
  2. Invalid Certificate Warning
    • Instructions:
      1. Click the Advanced Button
      2. Click the Add Exception Button
    • Note(FYI):
      • You are receiving this message because Nessus uses a self-signed certificate that is required for the HTTPS protocol. 
      • In other circumstance, it is would be in your best interest to not proceed.

     

  3. Invalid Certificate Warning
    • Instructions:
      1. Check the Permanently store this exception checkbox
      2. Click the Confirm Security Exception Button

     

  4. Login To Nessus
    • Instructions:
      1. Login: admin
      2. Password: Supply Password
      3. Click the Sign In Button
    •  

     

Section 6: Create Nessus Policy
  1. Nessus Policies
    • Instructions:
      1. Click on Policies

     

  2. Create Nessus Policies
    • Instructions:
      1. Click on Create a new policy

     

  3. Policy Wizards
    • Instructions:
      1. Click on Basic Network Scan

     

  4. New Basic Network Scan Policy
    • Instructions:
      1. Policy Name: Damn Vulnerable WXP-SP2
      2. Description: Damn Vulnerable WXP-SP2
      3. Click the Save Button

     

  5. View Saved Policy
    • Note(FYI):
      1. After clicking the save button, you will see your newly saved policy.

     

Section 7: Create Nessus Scan
  1. Nessus Scans
    • Instructions:
      1. Click on Scans

     

  2. Create New Scan
    • Instructions:
      1. Click on New Scan -or- Create a new scan

     

  3. User Defined Scan Templates
    • Instructions:
      1. Click on the User Defined tab
      2. Click on the Damn Vulnerable WXP-SP2 Policy

     

  4. Save Scan
    • Note(FYI):
      1. Replace 192.168.1.89 with Damn Vulnerable WXP-SP2's IP Address obtained from (Section 2, Step 6).
    • Instructions:
      1. Name: Damn Vulnerable WXP-SP2
      2. Description: Damn Vulnerable WXP-SP2
      3. Folder: My Scans
      4. Targets: 192.168.1.89
      5. Click the Save Button

     

  5. Launch Scan
    • Instructions:
      1. Click Launch Triangle

     

  6. View Running Scan
    • Instructions:
      1. Click the running icon to view the active scan
    • Note(FYI):
      • It will take between 3 to 5 minutes for the running icon to turn into a completed icon .

     

  7. See Completed Scan
    • Instructions:
      1. Click on the grey check mark

 

Section 8: View Nessus Results
  1. View Vulnerabilities
    • Instructions:
      1. Click on Vulnerabilities
    • Notes(FYI):
      • Red represents the highest vulnerabilities.  Blue represents the lower vulnerabilities.
      • You will see more vulnerabilities once you complete the following Hac-King-Do lessons: RealVNC, UltraVNC, and TFTPD32.

     

  2. Viewing the Vulnerabilities
    • Instructions:
      1. Click on the Vulnerabilities Tab
      2. Notice the scan indicates how many vulnerabilities were found.
        • In my case, there were 31.
      3. Notice the completed status.
      4. Click on MS08-067
    • Note(FYI):
      • A pen tester will have a big smile on their face, if MS08-067 shows up on the radar.

     

  3. MS08-067 (Description, Solution)
    • Instructions:
      1. Read the Description
      2. Read the Solution
      3. Scroll Down
    • Note(FYI):
      • #2, Notice this affects not only XP, but also W2K, W2K3, Vista and W2K8.

     

  4. MS08-067 (Exploit Tools and Reference Information)
    • Instructions:
      1. Exploitable With: These are the tools that can exploit the vulnerability.
      2. Reference Information: Click on these links if you with to learn more able the exploit.

 

Section 9: Save Nessus Report
  1. Produce Report
    • Instructions:
      1. Click on Export Drop Down Menu
      2. Click on CSV
      3. The Report will be downloaded and saved

     

  2. Save Report
    • Instructions:
      1. Select the Save File radio button
      2. Click on OK button

 

Section 10: Proof of Lab
  1. Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window

     

  2. Proof of Lab
    • Instructions
      1. cd /root/Downloads
      2. ls -lrta
      3. grep -i "ms08-067" *.csv
      4. date
      5. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
    • Proof Of Lab Instructions:
      1. Press the PrtScn key
      2. Paste into a word document
      3. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth