RP:Nessus-泓源视野

RP:Nessus

RP:Nessus插图

[Task 1] Deploy!

[Task 2] Installation
After installation, open nessus

sudo /etc/init.d/nessusd start
RP:Nessus插图1

Open browser and type

https://localhost:8834/

Select Nessus Essentials and click continue

RP:Nessus插图2

Input activation code

RP:Nessus插图3

Create user account

RP:Nessus插图4

After finish installation, login with credential

RP:Nessus插图5

[Task 3] Nessus Quiz

  1. As we log into Nessus, we are greeted with a button to launch a scan, what is the name of this button?
RP:Nessus插图6

New Scan

2. Nessus allows us to create custom templates that can be used during the scan selection as additional scan types, what is the name of the menu where we can set these?

RP:Nessus插图7

Policies

3. Nessus also allows us to change plugin properties such as hiding them or changing their severity, what menu allows us to change this?

RP:Nessus插图8

Plugin Rules

4. Nessus can also be run through multiple ‘Scanners’ where multiple installations can work together to complete scans or run scans on remote networks, what menu allows us to see all of these installations?

RP:Nessus插图9

Scanners

5. Let’s move onto the scan types, what scan allows us to see simply what hosts are ‘alive’?
Click New Scan

RP:Nessus插图10
RP:Nessus插图11

Host Discovery

6. One of the most useful scan types, which is considered to be ‘suitable for any host’?

RP:Nessus插图12

Basic Network Scan

7. Following a few basic scans, it’s often useful to run a scan wherein the scanner can authenticate to systems and evaluate their patching level. What scan allows you to do this?

RP:Nessus插图13

Credential Patch Audit

8. When performing Web App tests it’s often useful to run which scan? This can be incredibly useful when also using nitko, zap, and burp to gain a full picture of an application.

RP:Nessus插图14

Web Application Tests


[Task 4] Scanning!

  1. Deploy the machine and connect to the network
  2. Create a new ‘Basic Network Scan’ targeting the deployed VM. What option can we set under ‘BASIC’ to set a time for this scan to run? This can be very useful when network congestion is an issue.

Click Basic Network Scan, and type the name and target

RP:Nessus插图15

Click Schedule and Enabled

RP:Nessus插图16

Schedule

3. Under discovery set the scan to cover ports 1–65535. What is this type called?
Click Discovery and select scan type

RP:Nessus插图17

Port Scan(all ports) ***attention ()

4. As we are connected to the network via a VPN, it may be to our benefit to ‘tone down’ the scan a bit. What scan type can we change to under ‘ADVANCED’ for this lower bandwidth connection?
Click ADVANCED, select scan type

RP:Nessus插图18

scan low bandwidth links

5. With these options set (other than the time to run) save and launch the scan.
Launch the scan

RP:Nessus插图19
RP:Nessus插图20

Wait the for scan to finish

6. After the scan completes, which ‘Vulnerability’ can we view the details of to see the open ports on this host?

RP:Nessus插图21
RP:Nessus插图22

Nessus SYN scanner

7. There seems to be a chat server running on this machine, what port is it on?

RP:Nessus插图23
RP:Nessus插图24

6667

8. Looks like we have a medium level vulnerability relating to SSH, what is this vulnerability named?

RP:Nessus插图25
RP:Nessus插图26
RP:Nessus插图27

SSH Weak Algorithms Supported

9. What web server type and version is reported by Nessus?

RP:Nessus插图28
RP:Nessus插图29
RP:Nessus插图30

Apache/2.4.99


[Task 5] Wait, there’s mail?

  1. An optional but awesome additional step, link your Nessus box up to an SMTP server via the Settings panel. Google provides this for free if you already have a Gmail account. Adding 2-factor authentication on your account and create an app password, then link Nessus to the Gmail SMTP server via these following settings: https://www.siteground.com/kb/google_free_smtp_server/

Skipped


[Task 6] So you’re telling me that’s how you set up a web app…

  1. Run a web application scan against this new box.
    Click new scan
RP:Nessus插图31

Click Web Application Tests, set up scan settings, and start

RP:Nessus插图32

2. What is the plugin id of the plugin that determines the HTTP server type and version?

RP:Nessus插图33
RP:Nessus插图34

10107

3. What authentication page is discovered by the scanner that transmits credentials in cleartext?

RP:Nessus插图35
RP:Nessus插图36
RP:Nessus插图37

login.php

4. What is the file extension of the config backup?

RP:Nessus插图38
RP:Nessus插图39
RP:Nessus插图40

Follow the path

RP:Nessus插图41

.bak

5. Which directory contains example documents? (This will be in a php directory)

Follow the path

RP:Nessus插图42

/external/phpids/0.6/docs/examples/

6. What vulnerability is this application susceptible to that is associated with X-Frame-Options?

RP:Nessus插图43
RP:Nessus插图44

clickjacking

7. What version of php is the server using?

RP:Nessus插图45
RP:Nessus插图46
RP:Nessus插图47

5.5.9–1ubuntu4.26

本文由 泓源视野 作者:admin 发表,其版权均为 泓源视野 所有,文章内容系作者个人观点,不代表 泓源视野 对观点赞同或支持。如需转载,请注明文章来源。
30

发表评论

Protected with IP Blacklist CloudIP Blacklist Cloud
您是第8238493 位访客, 您的IP是:[34.229.151.93]