Vulnerability Assessment using Nessus

Similar documents
The Swiss Army Knife netcat

Chapter 5: Vulnerability Analysis

java -jar Xmx2048mb /Applications/burpsuite_pro_v1.5.jar

Lab 4: Metasploit Framework

CS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud

CyberP3i Hands-on Lab Series

Virtual Machines. Module 2

Contents Overview... 2 Part I Connecting to the VPN via Windows OS Accessing the Site with the View Client Installing...

1. Download the latest version of the Kali Linux 64 bit ISO image:

Assignment 2 TCP/IP Vulnerabilities

Cloudamize vcenter Agent Installer

Outlook 2003 Desktop Configuration for Remote Access User Guide

Lab 3: Introduction to Metasploit

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

Network security - basic attacks

SECURITY TESTING: WINDOWS OS

Go to SQA Academy the website address is

Lab 8: Introduction to Pen Testing (HPING)

CSC 5930/9010 Offensive Security: OSINT

Azure for On-Premises Administrators Practice Exercises

CS 161 Computer Security

SaaSaMe Transport Workload Snapshot Export for. Alibaba Cloud

Getting Started Guide. Installation and Setup Instructions. For version Copyright 2009 Code 42 Software, Inc. All rights reserved

Training Module 3 - Creation of a Windows 7 Template for VMware View

GAUTAM SINGH STUDY MATERIAL SOFTWARE QUALITY Unit 17. Metasploit

Lab 2: Creating Secure Architectures

Nessus 6.8 User Guide. Last Updated: November 28, 2017

Your Own Virtual Playground. CS 1585 :: Doug McGeehan

Tenable.io for Thycotic

File Upload Instructions Customer Access To Transcript Bulletin Publishing s FTP Site

Computer Security Coursework Exercise CW1 Web Server and Application Security

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

Nessus 6.5 User Guide. Last Updated: June 04, 2018

202 Lab Introduction Connecting to the Lab Environment

Advanced Vmware Security The Lastest Threats and Tools

Installing Authoring Manager

Once you login, you are taken to your User Profile Page with a few tabs at the top of the page

Deploy and Secure an Internet Facing Application with the Barracuda Web Application Firewall in Amazon Web Services

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018

Hacking Techniques & Intrusion Detection. Ali Al-Shemery arabnix [at] gmail

Advanced Penetration Testing

User Guide. Avigilon Control Center Gateway. Version 5.0. UG-ACCGateway5-A-Rev1

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

Organizing Your Network with Netvibes 2009

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

kurguide Documentation

DIGITCOM DVR System Quick installation MANUAL

CSC 4992 Cyber Security Practice

AUTHOR CONTACT DETAILS

Qualys Release Notes

Network II Lab 03 Part 01: Ping command in simula on mode

UMUC Digital Labs. Contents

How to Register for Training

Faculty Web Page Management System. Help Getting Started

Principles of ICT Systems and Data Security

How To Share Files and Printers Between Windows 7 and Vista

CPTE: Certified Penetration Testing Engineer

1. On Kali, first start the PostgreSQL database management and metasploit services:

Telnet Session Hijack

Qualys Cloud Suite 2.23

Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration

SelfService Portal. Step By Step Documentation. This document will show you how to enroll your user account to the SelfService Portal

Nessus 7.0 User Guide. Last Updated: February 05, 2018

Modern Day Penetration Testing Distribution Open Source Platform - Kali Linux - Study Paper

Nessus 6.11 User Guide. Last Updated: June 13, 2018

Remote Access Instructions. remote.gpmlaw.com

CIS 231 Windows 2012 R2 Server Install Lab #1

Qualys Cloud Platform (VM, PC) v8.x Release Notes

Penetration Testing with Kali Linux

RNDC / NDC MicroStrategy Supplier Web Troubleshooting Guide

ElasterStack 3.2 User Administration Guide - Advanced Zone

How-to Guide: Tenable.io for Lieberman. Last Revised: August 14, 2018

Installation of RHEL 5 for Tenable SecurityCenter Evaluation

TELE3119 Trusted Networks Lab 1(a),(b) Sniffing wireless traffic

CIS 231 Windows 7 Install Lab #2

Offline Scanner Appliance

Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration

UMUC Digital Labs. Contents

Configuring Office Web Apps for SharePoint Hands-On Lab. Lab Manual

Tenable.io Evaluation Workflow. Last Revised: August 22, 2018

Building the Perfect Backtrack 4 USB Thumb Drive

Setting Up U P D AT E D 1 / 3 / 1 6

Qualys Cloud Suite Release Notes

Database and Security: Creating a Secure Database for a Capstone Application Development Project

Computer Security II Lab Network Security

AIMS FREQUENTLY ASKED QUESTIONS: NOTETAKERS

Secure Single Sign On with FingerTec OFIS

OpenStack Lab on VMware Workstation Setting up the All-In-One VM

CS Operating Systems, Fall 2018 Project #0 Description

You can find the lab demo here:

CIS 231 Windows 10 Install Lab # 3

Lab 1: Creating Secure Architectures (Revision)

Ebrary User Guide. Downloading a Book: Reading ebrary books online: Accessing BookShelf: Using the Bookshelf:

Virtualization Device Emulator Testing Technology. Speaker: Qinghao Tang Title 360 Marvel Team Leader

Nessus 7.1 User Guide. Last Updated: July 12, 2018


Quick Lockdown Guide. Firmware 6.4

Your Turn to Hack the OWASP Top 10!

Lab 6: OS Security for the Internet of Things

Transcription:

Vulnerability Assessment using Nessus What you need Computer with VirtualBox. You can use any host OS you like, and if you prefer to use some other virtual machine software like VMware or Xen, that s fine too. KALI Linux virtual machine (recommended). Windows XP SP3 machine on the same network as your Linux machine. The instructions below assume you are using two virtual machines in the Library lab: Linux virtual machine, and a Windows XP target. If you are working at home, you will have to adapt the steps to match your situation. Objectives Lab1 Downloading, Installing and Configuring Nessus Lab2 Creating a Scan Policy Lab3 Performing a Vulnerability Scan Starting the Virtual Machines (KALI and Windows XP) 1. Start the Windows MSF Lab Virtual Machine (VICTIM) IP = 192.168.56.x ( x is the number used for your IP address) 2. Start the Backtrack5R3 Virtual Machine (ATTACKER) IP = 192.168.56.x ( x is the number used for your IP address) 3. Login to KALI 4. Verify connectivity between the both VM using the ping command Nessus works as a Client/Server application that is used for vulnerability assessment and analysis. Dr. Ali Al-Shemery 1/8

Lab1 Downloading, Installing and Configuring Nessus The purpose of this exercise is to practice vulnerability assessment using Nessus. Before we can start we need to download Nessus from the url below: http://www.tenable.com/products/nessus/select-your-operating-system Download the Debian Package and then run the following command: # dpkg i nessus*.deb You ll get a message like the following: [##################################################] All plugins loaded - You can start nessusd by typing /etc/init.d/nessusd start - Then go to https://kali:8834/ to configure your scanner So as the message says, type the command below to start Nessus: # /etc/init.d/nessusd start TASK #1 How can we check that Nessus is running from the command line? After you finish the install we need to register Nessus in order to get the updated plugins used for vulnerability assessment (identify new vulnerabilities). This can be done by visiting the URL below: http://www.tenable.com/products/nessus/nessus-plugins/obtain-an-activation-code Choose the Home activation and wait for their email with the activation code. Dr. Ali Al-Shemery 2/8

TASK #2 Login to Nessus using the following link https://127.0.0.1:8834. Did you succeed and why? Now move to the next page were you will configure the Nessus user. Choose a username and password for the Nessus administrator and then click Next. Dr. Ali Al-Shemery 3/8

By now I assume you ve received the activation code and reached the Plugin Feed Registration just as the snapshot below: Insert the Activation Code you received and move on to the next step. You are supposed to get a successful message: After the click on Next: Download plugins. This would take a couple of minutes depending on your Internet Connection speed. After that Nessus will start to initialize itself. When everything is done and Nessus has successfully initialized itself, you will be presented with the following login page: Dr. Ali Al-Shemery 4/8

Use the Nessus administrator s username and password to login. Challenge #1 BTW, when you first wanted to Login into Nessus, why did the browser ask you to add an exception? Dr. Ali Al-Shemery 5/8

Lab2 Creating a Scan Policy In this part of the lab we want to create a scan policy to be used when performing a vulnerability scan. In the main page on your top left you will find a button; click it to get the menu below then chose Policies: Fill the basic policy requirements just as the snapshot below: Setting Type: Basic Name: WINMACH Description: Windows Machines Scan Profile Allow Post-Scan Report Editing: Enabled Click Save and then move on to the next lab. Dr. Ali Al-Shemery 6/8

Lab3 Performing a Vulnerability Scan After creating a simple and basic Profile, it s time to perform a vulnerability scan. Let s start by creating a new scan and choosing WINMACH as the Policy to be used: After giving the scan a Name and Description, write down the target s IP address (or list of targets) to be scanned and then click Launch. TASK #1 How much vulnerability did Nessus discover in the Windows XP you just finished scanning? What is their severity? TASK #2 Choose one of the vulnerabilities, and write down below the sections that are found for that vulnerability: Challenge #2 How could you export the results? (needed for Metasploit Lab later) Dr. Ali Al-Shemery 7/8

Turning in Your Lab Work Email the JPEG images to me as attachments to a single email message. Send it to: bsc@ashemery.com with a subject line of Vulnerability Assessment using Nessus Lab From Your Name, replacing Your Name with your own first and last name. Send a Cc to yourself. Dr. Ali Al-Shemery 8/8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback