Vulnerability Assessment Lab



Similar documents
Vulnerability analysis

Vulnerability Assessment. A. Open Vulnerability Assessment (OpenVAS)

IDS and Penetration Testing Lab II

IDS and Penetration Testing Lab ISA656 (Attacker)

Using Remote Web Workplace Version 1.01

Why do I need a pen test lab? Requirements. Virtual Machine Downloads

Penetration Testing LAB Setup Guide

Lab Configuring Access Policies and DMZ Settings

1 Scope of Assessment

ECE 4893: Internetwork Security Lab 12: Web Security

Installing and Configuring Nessus by Nitesh Dhanjani

Penetration Testing LAB Setup Guide

Lab 9: Pen Testing (NESSUS)

SysAid Remote Discovery Tool

IDS and Penetration Testing Lab ISA 674

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

Introduction to Operating Systems

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

Lab Objectives & Turn In

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection

Lab 8: Configuring Backups

Install and Configure RelayFax

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Lab 2: Secure Network Administration Principles - Log Analysis

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

How to use FTP Commander

Running a Default Vulnerability Scan

Smartphone Pentest Framework v0.1. User Guide

Firewalls and Software Updates

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

Configuring.NET based Applications in Internet Information Server to use Virtual Clocks from Time Machine

Lab Configuring Access Policies and DMZ Settings

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification

Using Microsoft Expression Web to Upload Your Site

Lab 1: Network Devices and Technologies - Capturing Network Traffic

Running a Default Vulnerability Scan SAINTcorporation.com

Managing Qualys Scanners

Browser Client 2.0 Admin Guide

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security

How to Configure Active Directory based User Authentication

CIT 480: Securing Computer Systems. Vulnerability Scanning and Exploitation Frameworks

IEI emerge and Milestone Systems Network Video Recorder. Setup and Integration Guide. Milestone Version 6.5 and emerge Version 3.

Configuring a Windows 2003 Server for IAS

Using Protection Engine for Cloud Services for URL Filtering, Malware Protection and Proxy Integration Hands-On Lab

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

Metasploit Unleashed. Class 2: Information Gathering and Vulnerability Scanning. Georgia Weidman Director of Cyberwarface, Reverse Space

LT Auditor Windows Assessment SP1 Installation & Configuration Guide

WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them)

MFPConnect Monitoring. Monitoring with IPCheck Server Monitor. Integration Manual Version Edition 1

File Transfer with Secure FTP

Configuring Security for FTP Traffic

Windows Vulnerability Assessment

IEI emerge and On-Net Surveillance Systems (OnSSI) Network Video Recorder Setup and Integration Guide

User Manual of the Pre-built Ubuntu 9 Virutal Machine

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

User Manual of the Pre-built Ubuntu Virutal Machine

DC Agent Troubleshooting

Building a Penetration Testing Virtual Computer Laboratory

DocAve Upgrade Guide. From Version 4.1 to 4.5

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

13.1 Backup virtual machines running on VMware ESXi / ESX Server

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

Document Exchange Server 2.5

NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

Armitage. Part 1. Author : r45c4l Mail : infosecpirate@gmail.com.

Introduction to Laboratory Assignment 3 Vulnerability scanning with OpenVAS

Setting Up Sharp MX-Color Imagers To Scan To

Using Internet or Windows Explorer to Upload Your Site

Shellshock Security Patch for X86

Cisco IPS Tuning Overview

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

Nessus Cloud User Registration

Configuring MailArchiva with Insight Server

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Changing Your Cameleon Server IP

IIS, FTP Server and Windows

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

Web attacks and security: SQL injection and cross-site scripting (XSS)

Tutorial: Using HortonWorks Sandbox 2.3 on Amazon Web Services

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Vulnerability Assessment and Penetration Testing

Using Virtual Machines

Virtual Appliance for VMware Server. Getting Started Guide. Revision Warning and Disclaimer

ActiveImage Protector 3.5 for Hyper-V with SHR. User Guide - Back up Hyper-V Server 2012 R2 host and

WECCNET MESSAGING SYSTEM CLIENT DOCUMENTATION

ScanShell.Net Install Guide

Symantec Cyber Readiness Challenge Player s Manual

NETWORK SETUP GLOSSARY

FlexSim LAN License Server

IntraVUE Plug Scanner/Recorder Installation and Start-Up

How To Install & Use Metascan With Policy Patrol

Penetration Testing Lab. Reconnaissance and Mapping Using Samurai-2.0

How to Install Multiple Monitoring Agents on a Microsoft Operating System. Version StoneGate Firewall/VPN 2.6 and SMC 3.2

Transcription:

Vulnerability Assessment Lab Fully assessing a company's security posture is a critical job to maintain intellectual property integrity, and protect customer information. As a security auditor your job is to identify known vulnerabilities and risks that could harm your client's organization. Audits are usually performed in three parts, namely procedure & policy audit, disaster recovery audit, and technical audit. Objective You are tasked with a technical audit of a small group of machines listed below. Part 1 Nessus / OpenVas Scan the Metasploitable VM for vulnerabilities using Nessus and OpenVas vulnerability scanners using the Backtrack5R3 VM (do not run both scans simultaneously). Identify as many vulnerabilities as you can for an audit report. Find proof of concept exploit code for at least two of the vulnerabilities identified for each scanner (four total). Part 2 Nikto Scan the DVWA VM for vulnerabilities using the Nikto Web scanner Turn In Part 1 Nessus / OpenVas A "Technical Report" describing the system's current security posture, risks, and all audit reports. Include answers to the following: How many vulnerabilities did each scanner find? How many open ports /which ones? What services are highly vulnerable? What type of attack is the selected service vulnerable to? What versions of the service are affected by the vulnerability? What security advisories are available for further research on the security bug? Include proof of concept exploits for the four vulnerabilities selected in the objective section. This can be turned in with a link to a site that provides the exploit code. Part 2 Nikto Incorporate the Nikto audit report as part of the write up in part one. Keys to success Read entire lab document Use the Metasploitable, DVWA, and Backtrack5R3 VMs. Use these sites to find exploit code for the vulnerabilities found in the scans: http://www.exploit-db.com http://www.1337day.com http://www.securityfocus.com

Starting the VMs 1) Start Backtrack5R3 VM (Auditor) IP = 10.0.0.10 Login to BT user: root password: toor Start GUI interface: startx 2) Start Metasploitable VM IP = 10.0.0.13 3) Start DVWA VM IP = 10.0.0.12 4) Verify connectivity between the Backtrack VM and Metatsploitable and DVWA VMs. (use 'ping' command) Nessus Nessus is the industry s most widely-deployed vulnerability and configuration assessment product. Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, patch management integration, and vulnerability analysis. It can detect, scan, and profile numerous devices and resources to increase security and compliance across any network. Starting Nessus Open a new terminal, type: /etc/init.d/nessusd start or from the GUI: Application->Backtrack->Vulnerability Assesment->Vulnerability Scanners->Nessus->nessus start To verify nessus service is running you can quickly check what ports are listening on your machine. Nessus daemon operates on port 8834. Verify nessus started up correctly: Using Nessus netstat -ant grep LISTEN (should display port 8834 as LISTENING) Open a browser to https://127.0.0.1:8834 Login to nessus user: password: lab secure? Click on Scans -> Add Name - metasploitable Type - Run Now Policy - Internal Network Scan Scan Targets - 10.0.0.12

Once scan details have been filled in, click on 'Launch' to start scanning the remote system. Once scan finishes click on 'Reports' double-click the completed metasploitable scan or select the scan and click 'Browse' Read through the audit report looking for vulnerabilities and the information needed for the write up in the turn in section.

OpenVAS The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 20,000 in total. All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL). Starting OpenVAS Open a new terminal, and type the startup commands: openvassd (Starts the scanner - will load the signatures available nvts) openvasmd -p 9390 -a 127.0.0.1 (Starts Openvas Manager - runs as daemon) openvasad -a 127.0.0.1 -p 9393 (Starts Openvas Administrator) gsad --http-only --listen=127.0.0.1 -p 9392 (Starts greenbone Security Assistant) Verify openvas service started up correctly: netstat -ant grep LISTEN (ports 9390/9391/9392/9393 should be listening) Using OpenVas Open http://localhost:9392/ user: lab password: secure? Once logged in, you have to create a target to scan against, then create a scan task. Target Creation On the Left hand menu, Click on Targets Enter the name and IP address information. Click Create Target

Task Creation On the Left hand menu, Click on New Task Enter the Name Under Scan Config Select Full and fast Under Scan Targets Select the target created in previous step Click Create Task Task Initialization On the Left hand menu, Click on Tasks Select the task created in previous step Click on play arrow

Scan Report Once the scan has completed. Click on task 'details' or the date of the last completed scan. The scan results should look something like the following diagram. Read through the audit report looking for vulnerabilities and the information needed for the write up in the turn in section.

Nikto Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/cgis, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Installation Nikto is simple a compressed download which when extracted is executable as is. Nikto does not need root access to run. There are many parameters to nikto. To do a simple scan against a web server enter the following command. cd ~/pentest/web/nikto./nikto -host www.example.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information