Vulnerability Assessment using Nessus What you need Computer with VirtualBox. You can use any host OS you like, and if you prefer to use some other virtual machine software like VMware or Xen, that s fine too. KALI Linux virtual machine (recommended). Windows XP SP3 machine on the same network as your Linux machine. The instructions below assume you are using two virtual machines in the Library lab: Linux virtual machine, and a Windows XP target. If you are working at home, you will have to adapt the steps to match your situation. Objectives Lab1 Downloading, Installing and Configuring Nessus Lab2 Creating a Scan Policy Lab3 Performing a Vulnerability Scan Starting the Virtual Machines (KALI and Windows XP) 1. Start the Windows MSF Lab Virtual Machine (VICTIM) IP = 192.168.56.x ( x is the number used for your IP address) 2. Start the Backtrack5R3 Virtual Machine (ATTACKER) IP = 192.168.56.x ( x is the number used for your IP address) 3. Login to KALI 4. Verify connectivity between the both VM using the ping command Nessus works as a Client/Server application that is used for vulnerability assessment and analysis. Dr. Ali Al-Shemery 1/8
Lab1 Downloading, Installing and Configuring Nessus The purpose of this exercise is to practice vulnerability assessment using Nessus. Before we can start we need to download Nessus from the url below: http://www.tenable.com/products/nessus/select-your-operating-system Download the Debian Package and then run the following command: # dpkg i nessus*.deb You ll get a message like the following: [##################################################] All plugins loaded - You can start nessusd by typing /etc/init.d/nessusd start - Then go to https://kali:8834/ to configure your scanner So as the message says, type the command below to start Nessus: # /etc/init.d/nessusd start TASK #1 How can we check that Nessus is running from the command line? After you finish the install we need to register Nessus in order to get the updated plugins used for vulnerability assessment (identify new vulnerabilities). This can be done by visiting the URL below: http://www.tenable.com/products/nessus/nessus-plugins/obtain-an-activation-code Choose the Home activation and wait for their email with the activation code. Dr. Ali Al-Shemery 2/8
TASK #2 Login to Nessus using the following link https://127.0.0.1:8834. Did you succeed and why? Now move to the next page were you will configure the Nessus user. Choose a username and password for the Nessus administrator and then click Next. Dr. Ali Al-Shemery 3/8
By now I assume you ve received the activation code and reached the Plugin Feed Registration just as the snapshot below: Insert the Activation Code you received and move on to the next step. You are supposed to get a successful message: After the click on Next: Download plugins. This would take a couple of minutes depending on your Internet Connection speed. After that Nessus will start to initialize itself. When everything is done and Nessus has successfully initialized itself, you will be presented with the following login page: Dr. Ali Al-Shemery 4/8
Use the Nessus administrator s username and password to login. Challenge #1 BTW, when you first wanted to Login into Nessus, why did the browser ask you to add an exception? Dr. Ali Al-Shemery 5/8
Lab2 Creating a Scan Policy In this part of the lab we want to create a scan policy to be used when performing a vulnerability scan. In the main page on your top left you will find a button; click it to get the menu below then chose Policies: Fill the basic policy requirements just as the snapshot below: Setting Type: Basic Name: WINMACH Description: Windows Machines Scan Profile Allow Post-Scan Report Editing: Enabled Click Save and then move on to the next lab. Dr. Ali Al-Shemery 6/8
Lab3 Performing a Vulnerability Scan After creating a simple and basic Profile, it s time to perform a vulnerability scan. Let s start by creating a new scan and choosing WINMACH as the Policy to be used: After giving the scan a Name and Description, write down the target s IP address (or list of targets) to be scanned and then click Launch. TASK #1 How much vulnerability did Nessus discover in the Windows XP you just finished scanning? What is their severity? TASK #2 Choose one of the vulnerabilities, and write down below the sections that are found for that vulnerability: Challenge #2 How could you export the results? (needed for Metasploit Lab later) Dr. Ali Al-Shemery 7/8
Turning in Your Lab Work Email the JPEG images to me as attachments to a single email message. Send it to: bsc@ashemery.com with a subject line of Vulnerability Assessment using Nessus Lab From Your Name, replacing Your Name with your own first and last name. Send a Cc to yourself. Dr. Ali Al-Shemery 8/8