Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Vulnerability Assessment with Kali Linux Tools & Techniques

No description
by

Bhargav Tandel

on 24 September 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Vulnerability Assessment with Kali Linux Tools & Techniques

Vulnerability Assessment with Kali Linux Tools & Techniques
Introduction
Scanning and identifying vulnerabilities on our targets is often considered one of the more tedious tasks by most penetration testers and ethical hackers.
Vulnerability identification allows you to do your homework. You will learn about what vulnerabilities your target is susceptible to so you can make a more polished set of attacks.
Both Nessus and OpenVAS have similar sets of vulnerabilities that they can scan for on a target host. These vulnerabilities include:

Linux vulnerabilities
Windows vulnerabilities
Local security checks
Network service vulnerabilities
Installing, configuring, and starting Nessus in Kali Linux
In this session, we will install, configure, and start Nessus.
Nessus depends on vulnerability checks in the form of feeds in order to locate vulnerabilities on our chosen target.
Nessus comes in two flavors of feeds:
Home
and
Professional
.
Home Feed:
The Home Feed is for noncommercial/personal usage. Using Nessus in a professional environment for any reason requires the use of the Professional Feed.
Professional Feed:
The Professional Feed is for commercial usage. It includes support and additional features such as unlimited concurrent connections and so on.
The following requirements need to be fulfilled:
1. A connection to the Internet is required.
2. A valid license for the Nessus Home Feed.
Let's begin the installation, configuring, and starting of Nessus by opening a terminal window:
Open the IceWeasel web browser and navigate to the following URL:
http://www.tenable.com/products/nessus/select-your-operating-system
After downloading and save file Open a terminal window and Execute the following command to install Nessus.
#dpkg -i Nessus-5.2.7-debian6_i386.deb

Nessus will be installed under the /opt/nessus directory.
Before you can begin using Nessus, you must have a registration code. You can get from
http://www.tenable.com/products/nessus-home
Now enter the following command in the terminal:
#/opt/nessus/sbin/nessus-adduser
Once complete, you can run Nessus by typing the following command (it won't work without a user account):
#/etc/init.d/nessusd start
Log in to Nessus at
https://127.0.0.1:8834
Enable your Nessus install by executing the following command:
#/opt/nessus/bin/nessus-fetch --register XXXX-XXXX-XXXX-XXXXXXXX
In this step, we will also grab the latest plugins from http://plugins.nessus.org.
Covered Topics
In this video we will cover bellow topics:

Installing, configuring, and starting Nessus
Nessus – finding local vulnerabilities
Nessus – finding network vulnerabilities
Nessus – finding Linux-specific vulnerabilities
Nessus – finding Windows-specific vulnerabilities
Installing, configuring, and starting OpenVAS
OpenVAS – finding local vulnerabilities
OpenVAS – finding network vulnerabilities
OpenVAS – finding Linux-specific vulnerabilities
OpenVAS – finding Windows-specific vulnerabilities
Nessus – finding local vulnerabilities
Now that we have Nessus installed and configured, we will be able to begin testing of our first set of vulnerabilities.

Nessus allows us to attack a wide range of vulnerabilities depending on our feed, and we will confine our list of assessing the vulnerabilities of our target to those specific to the type of information we seek to gain from the assessment.

Now we will begin by finding local vulnerabilities. These are vulnerabilities specific to the operating system we are using. #
Nessus – finding network vulnerabilities
Nessus allows us to attack a wide range of vulnerabilities depending on our feed, and we will confine our list of assessing the vulnerabilities of our target to those specific to the type of information we seek to gain from the assessment.
In this recipe, we will configure Nessus to find network vulnerabilities on our targets. These are vulnerabilities specific to the machines or protocols on our network.
To complete this session, you will need a virtual machine(s) to test against:
Windows XP
Windows 7
Metasploitable 2.0
A network firewall or router
Any other flavor of Linux
We cover Firewall part later during that course. #
Nessus – finding Linux-specific vulnerabilities
In this session, we will explore how to find Linux-specific vulnerabilities using Nessus. These are vulnerabilities specific to the machines that run Linux on our network.

To complete this session, you will need a virtual machine(s) to test against:
Metasploitable 2.0
Any other flavor of Linux

Let's begin the process of finding Linux-specific vulnerabilities with Nessus by opening the web browser.
#http://127.0.0.1:8834
#

Nessus – finding Windows-specific vulnerabilities
In this recipe, we will explore how to find Windows-specific vulnerabilities using Nessus. These are vulnerabilities specific to the machines that run Windows on our network.

To complete this session, you will need a virtual machine(s) to test against:
Windows XP
Windows 7

We need to configure new policies in policies tab.
Installing, configuring, and starting OpenVAS
OpenVAS, the Open Vulnerability Assessment System, is an excellent framework that can be used to assess the vulnerabilities of our target. It is a fork of the Nessus project.
OpenVAS offers its feeds completely free of charge. As OpenVAS comes standard in Kali Linux, we will begin with configuration.
What we are performing in this step is creating the SSL certificate for the OpenVAS program:
#openvas-mkcert
Now we will sync the OpenVAS NVT database with the current NVT Feed. It will also update you with the latest vulnerability checks
#openvas-nvt-sync
We will generate a client certificate and rebuild the database respectively.
#openvas-mkcert-client -n Mr-X -i
#openvasmd --rebuild

Now will start the OpenVAS Scanner and load all plugins (approximately 36275), so this may take some time.
#openvassd
Next we rebuild and create a backup of the database.
#openvasmd --rebuild
#openvasmd --backup
Now Execute the following command to create your administrative user.
#openvasad -c 'add_user' -n admin -r Admin
Now we will create a regular user:
#openvas-adduser
Next we configure the ports that OpenVAS will interact with:
#openvasmd -p 9390 -a 127.0.0.1
#openvasad -a 127.0.0.1 -p 9393
#gsad --http-only --listen=127.0.0.1 -p 9392
you could perform the same steps via the OpenVAS Desktop. The OpenVAS Desktop is a GUI-based application. #

OpenVAS – finding local vulnerabilities
OpenVAS allows us to attack a wide range of vulnerabilities, and we will confine our list of assessing the vulnerabilities of our target to those specific to the type of information we seek to gain from the assessment.
In this recipe, we will use OpenVAS to scan for local vulnerabilities on our target. These are vulnerabilities specific to our local machine.
Let's begin the process of finding local vulnerabilities with OpenVAS by opening the web browser:

1. Go to
http://127.0.0.1:9392
and log in to OpenVAS.
2. Go to
Configuration
|
Scan Configs

OpenVAS – finding network vulnerabilities
In this session, we will use OpenVAS to scan for network vulnerabilities. These are vulnerabilities specific to devices on our targeted network.

To complete this Session, you will need a virtual machine(s) to test against:

Windows XP
Windows 7
Metasploitable 2.0
Any other flavor of Linux

So let's go for configure our policies
OpenVAS – finding Linux-specific vulnerabilities
In this Session, we will use OpenVAS to scan for Linux vulnerabilities. These are vulnerabilities specific to Linux machines operating on our targeted network.

To complete this Session, you will need a virtual machine(s) to test against:

ff Metasploitable 2.0
ff Any other flavor of Linux

So let's go for configure our policies
OpenVAS – finding Windows-specific vulnerabilities
In this Session, we will use OpenVAS to scan for Windows vulnerabilities. These are vulnerabilities specific to Windows machines operating on our targeted network.

To complete this session, you will need a virtual machine(s) to test against:

Windows XP
Windows 7

So lets configure Policies
By - Bhargav Tandel
Full transcript