CYB 362 – Vulnerability Analysis Hands-on Assignment
Objective
The objective of this lab is to gain experience in vulnerability analysis.
Prerequisites
Laptop with internet connectivity
Virtual environment
One metasploitable machine
One Kali machine
Lab Setup
Go to https://www.tenable.com/try and sign up for a nessus trial
Go to the email you signed up with and copy the activation code to a note and click the download link
Download the nessus version that will work on your kali box. (Nessus-x.x.x-debian_amd64.deb)
Be sure you downloaded and installed the VirtualBox extension pack form https://www.virtualbox.org/wiki/Downloads
Go to https://sourceforge.net/projects/metasploitable/files/latest/download and download metasploitable to your host machine
Extract the files to a folder on your desktop
In VirtualBox create a new machine
Set the type to linux and the version to Debian 32bit
Create a new virtual hard disk, VDI
Ensure the disk is dynamically allocated
Set the hard disk size to whatever you like, this will be deleted soon
Open the machines settings
Go to storage
Under Controller:SATA click the “machine_name”.vdi file
Click add hard disk and choose existing disk
Navigate to the folder with the metasploitable files
Choose metasploitable.vmdk
Go to the system tab
In processor, check the extended features box
Save the settings
Lab Procedure
Start the metasploitable machine you downloaded and login
The credentials are msfadmin:msfadmin
Type ifconfig to get the IP address and note it
In kali, go to your downloads folder from command line where you should already have downloaded Nessus-x.x.x-debian6_amd64.deb
Install Nessus. For this example, we are using version 7.2.1
sudo dpkg -i Nessus-7.2.1-debian6_amd64.deb
Start Nessus
sudo /etc/init.d/nessusd start
Open your browser and navigate to 127.0.0.1:8834
Create a username and password for your nessus account
Enter the activation code you were sent from tenable
Wait for plugins to compile (This may take some time)
Create a new scan
Choose advanced scan
Name the scan msf scan
Add the IP address of your msf machine, for example 192.168.1.x
Save the scan
Under my scans, click the run button next to your new scan
The scan will populate in real time so you may see results during the test
Once the scan is complete, take a screenshot of the results
Pick several vulnerabilities and read what they do and how to exploit them
Next, prepare a metasploit scan
Open a console in Kali and start postgresql
service postgresql start
Initialize the metasploit database
sudo msfdb init
Start metasploit
sudo msfconsole
Ensure that the database has been connected
db_status
A positive result will be “postgresql connected to msf”
Next, check the nmap db
db_nmap
Nmap the metasploitable machine from msfconsole
db_nmap 192.168.1.x
Screenshot the results
FTP appears to have an open port on the target, let’s see if it’s vulnerable to anonymous login
Select the FTP scanner is your msfconsole
use auxiliary/scanner/ftp/anonymous
Show the available options for the module
show options
Set the rhost, which is the target you wish to scan, from msfconsole to the metasploitable machine
set RHOSTS 192.168.1.x
Run the module
run
Screenshot the results
Look in the auxiliar/scanner/ are of msfconsole for modules that can scan any services you find interesting
Scan at least 1 other service and screenshot the results
Use Nessus to scan your Ubuntu VM. Discuss the vulnerabilities found. See if you can find any vulnerabilities in your setup that you did not know existed.
Report Questions
What vulnerabilities found by Nessus would you attack? Why?
Why would you want to scan a target using modules in msfconsole?
Does a medium vulnerability always mean that a system can easily be exploited?
Name two vulnerabilities found by Nessus that you would not attack and why.
Explain why Nessus is only one step to finding vulnerabilities and how it may be inaccurate.