Does a medium vulnerability always mean that a system can easily be exploited?

CYB 362 – Vulnerability Analysis Hands-on Assignment

Objective

The objective of this lab is to gain experience in vulnerability analysis.

Prerequisites

Laptop with internet connectivity

Virtual environment

One metasploitable machine

One Kali machine

Lab Setup

Go to https://www.tenable.com/try and sign up for a nessus trial

Go to the email you signed up with and copy the activation code to a note and click the download link

Download the nessus version that will work on your kali box. (Nessus-x.x.x-debian_amd64.deb)

Be sure you downloaded and installed the VirtualBox extension pack form https://www.virtualbox.org/wiki/Downloads

Go to https://sourceforge.net/projects/metasploitable/files/latest/download and download metasploitable to your host machine

Extract the files to a folder on your desktop

In VirtualBox create a new machine

Set the type to linux and the version to Debian 32bit

Create a new virtual hard disk, VDI

Ensure the disk is dynamically allocated

Set the hard disk size to whatever you like, this will be deleted soon

Open the machines settings

Go to storage

Under Controller:SATA click the “machine_name”.vdi file

Click add hard disk and choose existing disk

Navigate to the folder with the metasploitable files

Choose metasploitable.vmdk

Go to the system tab

In processor, check the extended features box

Save the settings

Lab Procedure

Start the metasploitable machine you downloaded and login

The credentials are msfadmin:msfadmin

Type ifconfig to get the IP address and note it

In kali, go to your downloads folder from command line where you should already have downloaded Nessus-x.x.x-debian6_amd64.deb

Install Nessus. For this example, we are using version 7.2.1

sudo dpkg -i Nessus-7.2.1-debian6_amd64.deb

Start Nessus

sudo /etc/init.d/nessusd start

Open your browser and navigate to 127.0.0.1:8834

Create a username and password for your nessus account

Enter the activation code you were sent from tenable

Wait for plugins to compile (This may take some time)

Create a new scan

Choose advanced scan

Name the scan msf scan

Add the IP address of your msf machine, for example 192.168.1.x

Save the scan

Under my scans, click the run button next to your new scan

The scan will populate in real time so you may see results during the test

Once the scan is complete, take a screenshot of the results

Pick several vulnerabilities and read what they do and how to exploit them

Next, prepare a metasploit scan

Open a console in Kali and start postgresql

service postgresql start

Initialize the metasploit database

sudo msfdb init

Start metasploit

sudo msfconsole

Ensure that the database has been connected

db_status

A positive result will be “postgresql connected to msf”

Next, check the nmap db

db_nmap

Nmap the metasploitable machine from msfconsole

db_nmap 192.168.1.x

Screenshot the results

FTP appears to have an open port on the target, let’s see if it’s vulnerable to anonymous login

Select the FTP scanner is your msfconsole

use auxiliary/scanner/ftp/anonymous

Show the available options for the module

show options

Set the rhost, which is the target you wish to scan, from msfconsole to the metasploitable machine

set RHOSTS 192.168.1.x

Run the module

run

Screenshot the results

Look in the auxiliar/scanner/ are of msfconsole for modules that can scan any services you find interesting

Scan at least 1 other service and screenshot the results

Use Nessus to scan your Ubuntu VM. Discuss the vulnerabilities found. See if you can find any vulnerabilities in your setup that you did not know existed.

Report Questions

What vulnerabilities found by Nessus would you attack? Why?

Why would you want to scan a target using modules in msfconsole?

Does a medium vulnerability always mean that a system can easily be exploited?

Name two vulnerabilities found by Nessus that you would not attack and why.

Explain why Nessus is only one step to finding vulnerabilities and how it may be inaccurate.