Scaner Nessus

Objectives: Use Nessus, a vulnerability scanner to detect threats and vulnerabilities on a

system.

Required Resources

 Ubuntu VM,
 Metasploitable2 VM - An intentionally vulnerable Linux virtual
machine designed for training, exploit testing, and general
target practice
 Virtual Box
Warning: The free VMware Player products are NOT sufficient
for this class due to the annoying limitation that they will
only run a single virtual machine at a time, but we need
multiple VMs running simultaneously and communicating with
each other.

Networking Configuration

In order to enable network communication between virtual

machines, VirtualBox requires additional configuration.

VirtualBox-specific setup instructions:

In VirtualBox, you want to use the "NAT Network" mode of

operation, not the "NAT" mode of operation.

Create a new shared network that can be used by all or some of

your virtual machines. Go to File->Preferences->Network and click
the "plus" icon to add a new NAT Network. The default network
name of "NatNetwork" is fine. If you click the "gear" icon, you can
see the details for this new network, including its "CIDR" (Classless
InterDomain Routing, i.e. the subnet) and other settings. The default
options (a subnet of 10.0.2.0/24 with DHCP enabled) is fine. OK out
of all the Preferences windows.

Assign each virtual machine to use this new shared NAT network.
For each VM, go to Settings->Network, and for Adaptor 1 (the only
one in use), change the "Attached to" setting from the default of
"NAT" to the new "NAT Network". For the "Name" field directly
below, ensure the name of your new network (e.g. "NatNetwork") is
selected. OK out of all Preferences windows.

Part 1
Download an intentionally vulnerable virtual machine
- Metasploitable 2 - from Sourceforge. Note that this file is
distributed as a complete VMware virtual machine (.vmx / .vmdk
file), not an .iso file like most installers, so you can open it directly
in VMware. Download and extract the .zip file to a convenient place
on your computer.

Important: Never expose this VM to an intrusted network! Use NAT

or Host-only networking mode in your virtual machine configuration.

The default login and password for Metasploitable2

is msfadmin and msfadmin.

After confirming that your Metasploitable2 instance runs and that

you can log into it, shut it down. Then, take a snapshot and give it
a name like "Original Metasploitable2 snapshot". With a snapshot in
place, no matter what happens to this VM, you can always revert it
back to its original condition.

VirtualBox-specific setup instructions:

To use Metasploitable 2 in VirtualBox, first create a new virtual
machine in VirtualBox. The type should be "Linux", the version
should be "Ubuntu (64-bit)", and 512MB of RAM is sufficient. During
the configuration, do not create a new virtual disk, but instead
configure VirtualBox to use the existing Metasploitable vmdk file
that you unzipped from the zip file. After that, you should be able to
directly launch and run Metasploitable 2 - no "intallation" is
neccessary, since it has already been installed to the virtual disk.

In order to enable network communication between virtual

machines, VirtualBox requires additional configuration.

VirtualBox-specific setup instructions:

In VirtualBox, you want to use the "NAT Network" mode of

operation, not the "NAT" mode of operation.

Create a new shared network that can be used by all or some of

your virtual machines. Go to File->Preferences->Network and click
the "plus" icon to add a new NAT Network. The default network
name of "NatNetwork" is fine. If you click the "gear" icon, you can
see the details for this new network, including its "CIDR" (Classless
InterDomain Routing, i.e. the subnet) and other settings. The default
options (a subnet of 10.0.2.0/24 with DHCP enabled) is fine. OK out
of all the Preferences windows.
Assign each virtual machine to use this new shared NAT network.
For each VM, go to Settings->Network, and for Adaptor 1 (the only
one in use), change the "Attached to" setting from the default of
"NAT" to the new "NAT Network". For the "Name" field directly
below, ensure the name of your new network (e.g. "NatNetwork") is
selected. OK out of all Preferences windows.

Part 2
Nessus is a commercial vulnerability assessment scanner.

First, register for a personal activation code

at https://www.tenable.com/tenable-for-education

Second, download a copy of Nessus

from https://www.tenable.com/downloads/nessus. The current
version of Nessus as-of Feb 2024 is 10.7.0.

 Intel/AMD users: Look for the platform Linux - Ubuntu - amd64

 Apple Silicon users: Look for platform Linux - Ubuntu - aarch64

Accept the license agreement, and the download will begin.

To install Nessus:

# First, change directory ('cd') to wherever the .deb installer is.

$ cd ??????

# Then, run the installer you downloaded. Note that file is slightly
different depending on your architecture type:
# For Intel/AMD users:
$ sudo apt install ./Nessus-10.7.0-ubuntu1404_amd64.deb
# For Apple Silicon users:
$ sudo apt install ./Nessus-10.7.0-ubuntu1804-aarch64.deb

# Should see the following message at the end of installation

# - You can start Nessus Scanner by typing /bin/systemctl start
nessusd.service
# - Then go to https://localhost:8834/ to configure your scanner

# Note: 2/1/2024 - Shafer got this error message, but it can be disregarded
# N: Download is performed unsandboxed as root as file
# '/home/shafer/Downloads/Nessus-10.7.0-ubuntu1804_aarch64.deb'
# couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission
denied)

Register Nessus:

Register the program with the "Nessus Essentials" activation code

that was emailed to you. After activation (and only after!) will
Nessus download the current set of vulnerability plugins to scan for.

$ sudo /opt/nessus/sbin/nessuscli fetch --register xxx-xxx-xxxx

Add Nessus User:

$ sudo /opt/nessus/sbin/nessuscli adduser

# Pick your username
# Pick your password
# YES we want this user to be 'system administrator'
# Blank rule set
# YES to confirm

# Note: 2/1/12024 - Shafer got "An error occurred" but the account was
succesfully created, so ... shrug?

Start Nessus:

$ sudo systemctl start nessusd

$ sudo systemctl status nessusd # Verify it's running

Access the Nessus web GUI at https://localhost:8834

 Accept the self-signed certificate.

 Login with the user account you previously created
 Wait (and wait, and wait) while Nessus compiles all the
plugins. You will not be able to start a scan until it tells you
that "Plugins are done compiling"

Nessus External Scan: Tell Nessus to do an "Advanced Scan" of

your Metasploitable2 VM:

 Go to Scans -> New Scan

 On the Scan Templates page under Vulnerabilities, choose the
"Advanced Scan" type
o Provide a name for your scan configuration (e.g.
"External Scan")
 o Provide the target IP address (in this case, the IP
address of the Metasploitable2 VM)
o Save the scan template
 Press the "Play" button on the My Scans page to launch the
scan you just created

Once the scan has finished, answer the Deliverables questions.

Deliverables (External Scan):

 How many vulnerabilities scored as critical, high,

and medium did Nessus discover?
 Submit the Report from Nessus for this scan (PDF format,
Report->Complete List of Vulnerabilities by Host)

Nessus Internal Scan: Tell Nessus to do an "Advanced Scan" of

your Metasploitable2 VM. But this time, we will also give Nessus a
login (credential, in their terminology) to the target system, allowing
it to perform a greater number of tests. Nessus accepts a variety of
credentials, not just to the operating system (i.e. SSH or Windows
login), but also to application servers like databases, virtual
machine managers, etc.

 Go to Scans -> New Scan

 On the Scan Templates page under Vulnerabilities, choose the
"Advanced Scan" type
o Provide a name for your scan (e.g. "Internal Scan")
o Provide the target IP address (in this case, the IP
address of the Metasploitable2 VM)
o Under Credentials -> SSH, change the authentication
method to password and enter the VMs login (msfadmin /
msfadmin). This will allow Nessus to ALSO do a scan
from inside the system (in addition to the default
external scan)
o Save the scan template
 Press the "Play" button on the My Scans page to launch the
scan you just created

Once the scan has finished, answer the Deliverables questions.

When you're finished with the Nessus section of the lab, you can
shut the program down.

$ sudo systemctl stop nessusd

Deliverables (Internal Scan):

 How many vulnerabilities scored as critical, high,

and medium did Nessus discover?
 Submit the Report from Nessus for this scan (PDF format,
Report->Detailed Vulnerabilities by Host).
Observe that there might be a slight difference in the length
of the report, compared to the earlier report type.

Deliverable (Essay):

Pick one of the vulnerabilities scoring as "Critical" by Nessus.

Provide the title Nessus gives and then explain the vulnerability in
your own words, as if you were explaining to another student.
Copying and pasting text from the Nessus report is NOT a sufficient
explanation here. You may need to follow the links Nessus provides
and/or search for additional information on your own.

In your answer, explain:

1. What is the vulnerability?

2. How could it be exploited?
3. How could it be fixed?

Повторите внешнее сканирование виртуальной машины

Windows 10/11, созданной для лабораторной работы 1,
после отключения антивируса, брандмауэра и обновлений
системы на определенный период. Не забудьте
подключить эту виртуальную машину к той же сети, что и
виртуальная машина Ubuntu. Выполните анализ
выявленных уязвимостей.