CYB 362 – Vulnerability Analysis Hands-on Assignment

Objective

The objective of this lab is to gain experience in vulnerability analysis.

Prerequisites

  1. Laptop with internet connectivity
  2. Virtual environment
  3. One metasploitable machine
  4. One Kali machine

Lab Setup

  1. Go to https://www.tenable.com/try and sign up for a nessus trial
  2. Go to the email you signed up with and copy the activation code to a note and click the download link
  3. Download the nessus version that will work on your kali box. (Nessus-x.x.x-debian_amd64.deb)
  4. Be sure you downloaded and installed the VirtualBox extension pack form https://www.virtualbox.org/wiki/Downloads
  5. Go to https://sourceforge.net/projects/metasploitable/files/latest/download and download metasploitable to your host machine
  6. Extract the files to a folder on your desktop
  7. In VirtualBox create a new machine
  8. Set the type to linux and the version to Debian 32bit
  9. Create a new virtual hard disk, VDI
  10. Ensure the disk is dynamically allocated
  11. Set the hard disk size to whatever you like, this will be deleted soon
  12. Open the machines settings
  13. Go to storage
  14. Under Controller:SATA click the “machine_name”.vdi file
  15. Click add hard disk and choose existing disk
  16. Navigate to the folder with the metasploitable files
  17. Choose metasploitable.vmdk
  18. Go to the system tab
  19. In processor, check the extended features box
  20. Save the settings

Lab Procedure

  1.  Start the metasploitable machine you downloaded and login
    1. The credentials are msfadmin:msfadmin
    2. Type ifconfig to get the IP address and note it
  2. In kali, go to your downloads folder from command line where you should already have downloaded Nessus-x.x.x-debian6_amd64.deb
  3. Install Nessus. For this example, we are using version 7.2.1
    1. sudo dpkg -i Nessus-7.2.1-debian6_amd64.deb
  4. Start Nessus
  5. sudo /etc/init.d/nessusd start
  6. Open your browser and navigate to 127.0.0.1:8834
  7. Create a username and password for your nessus account
  8. Enter the activation code you were sent from tenable
  9. Wait for plugins to compile (This may take some time)
  10. Create a new scan
  11. Choose advanced scan
  12. Name the scan msf scan
  13. Add the IP address of your msf machine, for example 192.168.1.x
  14. Save the scan
  15. Under my scans, click the run button next to your new scan
    1. The scan will populate in real time so you may see results during the test
  16. Once the scan is complete, take a screenshot of the results
  17. Pick several vulnerabilities and read what they do and how to exploit them
  18. Next, prepare a metasploit scan
  19. Open a console in Kali and start postgresql
    1. service postgresql start
  20. Initialize the metasploit database
    1. sudo msfdb init
  21. Start metasploit
    1. sudo msfconsole
  22. Ensure that the database has been connected
    1. db_status
    2. A positive result will be “postgresql connected to msf”
  23. Next, check the nmap db
    1. db_nmap
  24. Nmap the metasploitable machine from msfconsole
    1. db_nmap 192.168.1.x
  25. Screenshot the results
  26. FTP appears to have an open port on the target, let’s see if it’s vulnerable to anonymous login
  27. Select the FTP scanner is your msfconsole
    1. use auxiliary/scanner/ftp/anonymous
  28. Show the available options for the module
    1. show options
  29. Set the rhost, which is the target you wish to scan, from msfconsole to the metasploitable machine
    1. set RHOSTS 192.168.1.x
  30. Run the module
    1. run
  31. Screenshot the results
  32. Look in the auxiliar/scanner/ are of msfconsole for modules that can scan any services you find interesting
  33. Scan at least 1 other service and screenshot the results
  34. Use Nessus to scan your Ubuntu VM. Discuss the vulnerabilities found. See if you can find any vulnerabilities in your setup that you did not know existed.

 

Report Questions

  1. What vulnerabilities found by Nessus would you attack? Why?
  2. Why would you want to scan a target using modules in msfconsole?
  3. Does a medium vulnerability always mean that a system can easily be exploited?
  4. Name two vulnerabilities found by Nessus that you would not attack and why.
  5. Explain why Nessus is only one step to finding vulnerabilities and how it may be inaccurate.