Try   HackMD

Nessus

Nessus: Learn how to set up and use Nessus, a popular vulnerability scanner.
Johnny Pan
2020-12-04
https://www.tryhackme.com

Task 1 - Deploy!

Deploy the vulnerable machine! This one, well, it has problems.

Deploy the virtual machine!

No answer needed

Task 2 - Installation

First, create a basic Ubuntu box (or any other system of your choice). Minimum 4 2GHz cores, 4 GB RAM (8 Recommended) and 30 GB of disk space.

No answer needed

Next, go ahead and register for a Nessus Home license. This can be used to scan up to 16 IP addresses at a time. Be sure to keep this license information safe, you'll need it for any manual work. Here's the registration link: https://www.tenable.com/products/nessus-home

No answer needed

Follow the installation instructions on Tenable's website, once Nessus is set up connect the machine that it lives on to the network using your VPN file.

No answer needed

Task 3 - Nessus Quiz

As we log into Nessus, we are greeted with a button to launch a scan, what is the name of this button?

New Scan

Nessus allows us to create custom templates that can be used during the scan selection as additional scan types, what is the name of the menu where we can set these?

Policies

Nessus also allows us to change plugin properties such as hiding them or changing their severity, what menu allows us to change this?

Plugin Rules

Nessus can also be run through multiple 'Scanners' where multiple installations can work together to complete scans or run scans on remote networks, what menu allows us to see all of these installations?

Scanners

Let's move onto the scan types, what scan allows us to see simply what hosts are 'alive'?

Host Discovery

One of the most useful scan types, which is considered to be 'suitable for any host'?

Basic Network Scan

Following a few basic scans, it's often useful to run a scan wherein the scanner can authenticate to systems and evaluate their patching level. What scan allows you to do this?

Credentialed Patch Audit

When performing Web App tests it's often useful to run which scan? This can be incredibly useful when also using nitko, zap, and burp to gain a full picture of an application.

Web Application Tests

Task 4 - Scanning!

Run a basic network scan and learn to read through the results!

Deploy the machine and connect to the network

No answer needed

Create a new 'Basic Network Scan' targeting the deployed VM. What option can we set under 'BASIC' to set a time for this scan to run? This can be very useful when network congestion is an issue.

Schedule

Under discovery set the scan to cover ports 1-65535. What is this type called?

Port scan (all ports)

As we are connected to the network via a VPN, it may be to our benefit to 'tone down' the scan a bit. What scan type can we change to under 'ADVANCED' for this lower bandwidth connection?

Scan low bandwidth links

With these options set (other than the time to run) save and launch the scan.

No answer needed

After the scan completes, which 'Vulnerability' can we view the details of to see the open ports on this host?

Nessus SYN scanner

There seems to be a chat server running on this machine, what port is it on?

6667

Looks like we have a medium level vulnerability relating to SSH, what is this vulnerability named?

SSH Weak Algorithms Supported

What web server type and version is reported by Nessus?

Apache/2.4.99

Task 5 - Wait, there's mail?

Add SMTP functionality into your Nessus install!

An optional but awesome additional step, link your Nessus box up to an SMTP server via the Settings panel. Google provides this for free if you already have a Gmail account. Adding 2-factor authentication on your account and create an app password, then link Nessus to the Gmail SMTP server via these following settings: https://www.siteground.com/kb/google_free_smtp_server/

No answer needed

Task 6 - So you're telling me that's how you set up a web app

Run a Web App scan against a very secure web application that has absolutely no problems!

Run a web application scan against this new box.

No answer needed

What is the plugin id of the plugin that determines the HTTP server type and version?

10107

What authentication page is discovered by the scanner that transmits credentials in cleartext?

login.php

What is the file extension of the config backup?

.bak

Which directory contains example documents? (This will be in a php directory)

/external/phpids/0.6/docs/examples/

What vulnerability is this application susceptible to that is associated with X-Frame-Options?

Clickjacking

What version of php is the server using?

5.5.9-1ubuntu4.26

Last changed by 
Johnny Pan
0
323

Read more

Docker Notes

<i class="fa fa-file-pdf-o" aria-hidden="true"></i> Docker Notes<i class="fa fa-user-circle-o" aria-hidden="true"></i> Johnny Pan (codeskill)<i class="fa fa-clock-o" aria-hidden="true"></i> 2020-09-08

Jul 30, 2024
Workshop | Buffer Overflow

<i class="fa fa-file-pdf-o" aria-hidden="true"></i> Docker como herramienta de entrenamiento y hacking + Labs<i class="fa fa-user-circle-o" aria-hidden="true"></i> Johnny Pan (codeskill)<i class="fa fa-user-circle-o" aria-hidden="true"></i> Fabian Quesada (rocketman)<i class="fa fa-clock-o" aria-hidden="true"></i> 2023-11-04

Jul 29, 2024
Workshop | Wi-Fi Hacking Lab

<i class="fa fa-file-pdf-o" aria-hidden="true"></i> Wi-Fi Hacking Lab<i class="fa fa-user-circle-o" aria-hidden="true"></i> Johnny Pan<i class="fa fa-clock-o" aria-hidden="true"></i> 2022-10-08<i class="fa fa-external-link" aria-hidden="true"></i>

Jul 29, 2024
ctf.synk.io

<i class="fa fa-file-pdf-o" aria-hidden="true"></i> ctf.synk.io<i class="fa fa-user-circle-o" aria-hidden="true"></i> Johnny Pan<i class="fa fa-clock-o" aria-hidden="true"></i> 2021-10-05<i class="fa fa-external-link" aria-hidden="true"></i> https://ctf.snyk.io

Oct 8, 2021
Read more from Johnny Pan
Published on HackMD