Vulnerability Assessment with Kali Linux Tools & Techniques

Vulnerability Assessment with Kali Linux Tools & Techniques

OpenVAS – finding Linux-specific vulnerabilities

OpenVAS – finding Windows-specific vulnerabilities

OpenVAS – finding local vulnerabilities

OpenVAS – finding network vulnerabilities

Nessus – finding Windows-specific vulnerabilities

Installing, configuring, and starting OpenVAS

• In this Session, we will use OpenVAS to scan for Windows vulnerabilities. These are vulnerabilities specific to Windows machines operating on our targeted network.

• To complete this session, you will need a virtual machine(s) to test against:

• Windows XP
• Windows 7

• So lets configure Policies

• In this session, we will use OpenVAS to scan for network vulnerabilities. These are vulnerabilities specific to devices on our targeted network.

• To complete this Session, you will need a virtual machine(s) to test against:

• Windows XP
• Windows 7
• Metasploitable 2.0
• Any other flavor of Linux

• So let's go for configure our policies

• In this Session, we will use OpenVAS to scan for Linux vulnerabilities. These are vulnerabilities specific to Linux machines operating on our targeted network.

• To complete this Session, you will need a virtual machine(s) to test against:

• ff Metasploitable 2.0
• ff Any other flavor of Linux

• So let's go for configure our policies

• OpenVAS allows us to attack a wide range of vulnerabilities, and we will confine our list of assessing the vulnerabilities of our target to those specific to the type of information we seek to gain from the assessment.
• In this recipe, we will use OpenVAS to scan for local vulnerabilities on our target. These are vulnerabilities specific to our local machine.
• Let's begin the process of finding local vulnerabilities with OpenVAS by opening the web browser:

1. Go to http://127.0.0.1:9392 and log in to OpenVAS.

2. Go to Configuration | Scan Configs

• In this recipe, we will explore how to find Windows-specific vulnerabilities using Nessus. These are vulnerabilities specific to the machines that run Windows on our network.

• To complete this session, you will need a virtual machine(s) to test against:
• Windows XP
• Windows 7

• We need to configure new policies in policies tab.

• Now will start the OpenVAS Scanner and load all plugins (approximately 36275), so this may take some time.

#openvassd

• Next we rebuild and create a backup of the database.

#openvasmd --rebuild

#openvasmd --backup

• Now Execute the following command to create your administrative user.

#openvasad -c 'add_user' -n admin -r Admin

• Now we will create a regular user:

#openvas-adduser

• Next we configure the ports that OpenVAS will interact with:

#openvasmd -p 9390 -a 127.0.0.1

#openvasad -a 127.0.0.1 -p 9393

#gsad --http-only --listen=127.0.0.1 -p 9392

• you could perform the same steps via the OpenVAS Desktop. The OpenVAS Desktop is a GUI-based application. #

• OpenVAS, the Open Vulnerability Assessment System, is an excellent framework that can be used to assess the vulnerabilities of our target. It is a fork of the Nessus project.
• OpenVAS offers its feeds completely free of charge. As OpenVAS comes standard in Kali Linux, we will begin with configuration.
• What we are performing in this step is creating the SSL certificate for the OpenVAS program:

#openvas-mkcert

• Now we will sync the OpenVAS NVT database with the current NVT Feed. It will also update you with the latest vulnerability checks

#openvas-nvt-sync

• We will generate a client certificate and rebuild the database respectively.

#openvas-mkcert-client -n Mr-X -i

#openvasmd --rebuild

Nessus – finding Linux-specific vulnerabilities

• In this session, we will explore how to find Linux-specific vulnerabilities using Nessus. These are vulnerabilities specific to the machines that run Linux on our network.

• To complete this session, you will need a virtual machine(s) to test against:
• Metasploitable 2.0
• Any other flavor of Linux

• Let's begin the process of finding Linux-specific vulnerabilities with Nessus by opening the web browser.

#http://127.0.0.1:8834

#

Nessus – finding network vulnerabilities

• Nessus allows us to attack a wide range of vulnerabilities depending on our feed, and we will confine our list of assessing the vulnerabilities of our target to those specific to the type of information we seek to gain from the assessment.
• In this recipe, we will configure Nessus to find network vulnerabilities on our targets. These are vulnerabilities specific to the machines or protocols on our network.
• To complete this session, you will need a virtual machine(s) to test against:
• Windows XP
• Windows 7
• Metasploitable 2.0
• A network firewall or router
• Any other flavor of Linux
• We cover Firewall part later during that course. #

Nessus – finding local vulnerabilities

• Now that we have Nessus installed and configured, we will be able to begin testing of our first set of vulnerabilities.

• Nessus allows us to attack a wide range of vulnerabilities depending on our feed, and we will confine our list of assessing the vulnerabilities of our target to those specific to the type of information we seek to gain from the assessment.

• Now we will begin by finding local vulnerabilities. These are vulnerabilities specific to the operating system we are using. #

Let's begin the installation, configuring, and starting of Nessus by opening a terminal window:

• Open the IceWeasel web browser and navigate to the following URL: http://www.tenable.com/products/nessus/select-your-operating-system
• After downloading and save file Open a terminal window and Execute the following command to install Nessus.

#dpkg -i Nessus-5.2.7-debian6_i386.deb

• Nessus will be installed under the /opt/nessus directory.
• Before you can begin using Nessus, you must have a registration code. You can get from http://www.tenable.com/products/nessus-home
• Now enter the following command in the terminal:

#/opt/nessus/sbin/nessus-adduser

• Once complete, you can run Nessus by typing the following command (it won't work without a user account):

#/etc/init.d/nessusd start

• Log in to Nessus at https://127.0.0.1:8834
• Enable your Nessus install by executing the following command:

#/opt/nessus/bin/nessus-fetch --register XXXX-XXXX-XXXX-XXXXXXXX

• In this step, we will also grab the latest plugins from http://plugins.nessus.org.

Installing, configuring, and starting Nessus in Kali Linux

• In this session, we will install, configure, and start Nessus.
• Nessus depends on vulnerability checks in the form of feeds in order to locate vulnerabilities on our chosen target.
• Nessus comes in two flavors of feeds: Home and Professional.
• Home Feed: The Home Feed is for noncommercial/personal usage. Using Nessus in a professional environment for any reason requires the use of the Professional Feed.
• Professional Feed: The Professional Feed is for commercial usage. It includes support and additional features such as unlimited concurrent connections and so on.
• The following requirements need to be fulfilled:

1. A connection to the Internet is required.

2. A valid license for the Nessus Home Feed.

Introduction

• Scanning and identifying vulnerabilities on our targets is often considered one of the more tedious tasks by most penetration testers and ethical hackers.
• Vulnerability identification allows you to do your homework. You will learn about what vulnerabilities your target is susceptible to so you can make a more polished set of attacks.
• Both Nessus and OpenVAS have similar sets of vulnerabilities that they can scan for on a target host. These vulnerabilities include:

• Linux vulnerabilities
• Windows vulnerabilities
• Local security checks
• Network service vulnerabilities

Covered Topics

By - Bhargav Tandel

In this video we will cover bellow topics:

• Installing, configuring, and starting Nessus
• Nessus – finding local vulnerabilities
• Nessus – finding network vulnerabilities
• Nessus – finding Linux-specific vulnerabilities
• Nessus – finding Windows-specific vulnerabilities
• Installing, configuring, and starting OpenVAS
• OpenVAS – finding local vulnerabilities
• OpenVAS – finding network vulnerabilities
• OpenVAS – finding Linux-specific vulnerabilities
• OpenVAS – finding Windows-specific vulnerabilities