{"id":182,"date":"2020-06-08T08:27:44","date_gmt":"2020-06-08T00:27:44","guid":{"rendered":"https:\/\/byy3.com\/?p=182"},"modified":"2020-06-09T05:28:38","modified_gmt":"2020-06-08T21:28:38","slug":"rpnessus","status":"publish","type":"post","link":"https:\/\/byy3.com\/?p=182","title":{"rendered":"RP:Nessus"},"content":{"rendered":"\n
\"RP:Nessus\u63d2\u56fe\"<\/figure>\n\n\n\n

[Task 1] Deploy!<\/strong><\/p>\n\n\n\n

[Task 2] Installation
<\/strong>After installation, open nessus<\/p>\n\n\n\n

sudo \/etc\/init.d\/nessusd start<\/pre>\n\n\n\n
\"RP:Nessus\u63d2\u56fe1\"<\/figure>\n\n\n\n
Open browser and type<\/p>\n\n\n\n
https:\/\/localhost:8834\/<\/a><\/pre>\n\n\n\n
Select Nessus Essentials and click continue<\/p>\n\n\n\n
\"RP:Nessus\u63d2\u56fe2\"<\/figure>\n\n\n\n
Input activation code<\/p>\n\n\n\n
\"RP:Nessus\u63d2\u56fe3\"<\/figure>\n\n\n\n
Create user account<\/p>\n\n\n\n
\"RP:Nessus\u63d2\u56fe4\"<\/figure>\n\n\n\n
After finish installation, login with credential<\/p>\n\n\n\n
\"RP:Nessus\u63d2\u56fe5\"<\/figure>\n\n\n\n
\n\n\n\n
[Task 3] Nessus Quiz<\/strong><\/p>\n\n\n\n
  1. As we log into Nessus, we are greeted with a button to launch a scan, what is the name of this button?<\/li><\/ol>\n\n\n\n
    \"RP:Nessus\u63d2\u56fe6\"<\/figure>\n\n\n\n
    New Scan<\/strong><\/p>\n\n\n\n
    2. Nessus allows us to create custom templates that can be used during the scan selection as additional scan types, what is the name of the menu where we can set these?<\/p>\n\n\n\n
    \"RP:Nessus\u63d2\u56fe7\"<\/figure>\n\n\n\n
    Policies<\/strong><\/p>\n\n\n\n
    3. Nessus also allows us to change plugin properties such as hiding them or changing their severity, what menu allows us to change this?<\/p>\n\n\n\n
    \"RP:Nessus\u63d2\u56fe8\"<\/figure>\n\n\n\n
    Plugin Rules<\/strong><\/p>\n\n\n\n
    4. Nessus can also be run through multiple \u2018Scanners\u2019 where multiple installations can work together to complete scans or run scans on remote networks, what menu allows us to see all of these installations?<\/p>\n\n\n\n
    \"RP:Nessus\u63d2\u56fe9\"<\/figure>\n\n\n\n
    Scanners<\/strong><\/p>\n\n\n\n
    5. Let\u2019s move onto the scan types, what scan allows us to see simply what hosts are \u2018alive\u2019?
    Click New Scan<\/p>\n\n\n\n
    \"RP:Nessus\u63d2\u56fe10\"<\/figure>\n\n\n\n
    \"RP:Nessus\u63d2\u56fe11\"<\/figure>\n\n\n\n
    Host Discovery<\/strong><\/p>\n\n\n\n
    6. One of the most useful scan types, which is considered to be \u2018suitable for any host\u2019?<\/p>\n\n\n\n
    \"RP:Nessus\u63d2\u56fe12\"<\/figure>\n\n\n\n
    Basic Network Scan<\/strong><\/p>\n\n\n\n
    7. Following a few basic scans, it\u2019s often useful to run a scan wherein the scanner can authenticate to systems and evaluate their patching level. What scan allows you to do this?<\/p>\n\n\n\n
    \"RP:Nessus\u63d2\u56fe13\"<\/figure>\n\n\n\n
    Credential Patch Audit<\/strong><\/p>\n\n\n\n
    8. When performing Web App tests it\u2019s often useful to run which scan? This can be incredibly useful when also using nitko, zap, and burp to gain a full picture of an application.<\/p>\n\n\n\n
    \"RP:Nessus\u63d2\u56fe14\"<\/figure>\n\n\n\n
    Web Application Tests<\/strong><\/p>\n\n\n\n
    \n\n\n\n
    [Task 4] Scanning!<\/strong><\/p>\n\n\n\n
    1. Deploy the machine and connect to the network<\/li>
    2. Create a new \u2018Basic Network Scan\u2019 targeting the deployed VM. What option can we set under \u2018BASIC\u2019 to set a time for this scan to run? This can be very useful when network congestion is an issue.<\/li><\/ol>\n\n\n\n
      Click Basic Network Scan, and type the name and target<\/p>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe15\"<\/figure>\n\n\n\n
      Click Schedule and Enabled<\/p>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe16\"<\/figure>\n\n\n\n
      Schedule<\/strong><\/p>\n\n\n\n
      3. Under discovery set the scan to cover ports 1\u201365535. What is this type called?
      Click Discovery and select scan type<\/p>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe17\"<\/figure>\n\n\n\n
      Port Scan\uff08all ports\uff09<\/strong> ***attention ()<\/p>\n\n\n\n
      4. As we are connected to the network via a VPN, it may be to our benefit to \u2018tone down\u2019 the scan a bit. What scan type can we change to under \u2018ADVANCED\u2019 for this lower bandwidth connection?
      Click ADVANCED, select scan type<\/p>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe18\"<\/figure>\n\n\n\n
      scan low bandwidth links<\/strong><\/p>\n\n\n\n
      5. With these options set (other than the time to run) save and launch the scan.
      Launch the scan<\/p>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe19\"<\/figure>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe20\"<\/figure>\n\n\n\n
      Wait the for scan to finish<\/p>\n\n\n\n
      6. After the scan completes, which \u2018Vulnerability\u2019 can we view the details of to see the open ports on this host?<\/p>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe21\"<\/figure>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe22\"<\/figure>\n\n\n\n
      Nessus SYN scanner<\/strong><\/p>\n\n\n\n
      7. There seems to be a chat server running on this machine, what port is it on?<\/p>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe23\"<\/figure>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe24\"<\/figure>\n\n\n\n
      6667<\/strong><\/p>\n\n\n\n
      8. Looks like we have a medium level vulnerability relating to SSH, what is this vulnerability named?<\/p>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe25\"<\/figure>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe26\"<\/figure>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe27\"<\/figure>\n\n\n\n
      SSH Weak Algorithms Supported<\/strong><\/p>\n\n\n\n
      9. What web server type and version is reported by Nessus?<\/p>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe28\"<\/figure>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe29\"<\/figure>\n\n\n\n
      \"RP:Nessus\u63d2\u56fe30\"<\/figure>\n\n\n\n
      Apache\/2.4.99<\/strong><\/p>\n\n\n\n
      \n\n\n\n
      [Task 5] Wait, there\u2019s mail?<\/strong><\/p>\n\n\n\n
      1. An optional but awesome additional step, link your Nessus box up to an SMTP server via the Settings panel. Google provides this for free if you already have a Gmail account. Adding 2-factor authentication on your account and create an app password, then link Nessus to the Gmail SMTP server via these following settings: https:\/\/www.siteground.com\/kb\/google_free_smtp_server\/<\/a><\/li><\/ol>\n\n\n\n
        Skipped<\/strong><\/p>\n\n\n\n
        \n\n\n\n
        [Task 6] So you\u2019re telling me that\u2019s how you set up a web app\u2026<\/strong><\/p>\n\n\n\n
        1. Run a web application scan against this new box.
          Click new scan<\/li><\/ol>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe31\"<\/figure>\n\n\n\n
          Click Web Application Tests, set up scan settings, and start<\/p>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe32\"<\/figure>\n\n\n\n
          2. What is the plugin id of the plugin that determines the HTTP server type and version?<\/p>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe33\"<\/figure>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe34\"<\/figure>\n\n\n\n
          10107<\/strong><\/p>\n\n\n\n
          3. What authentication page is discovered by the scanner that transmits credentials in cleartext?<\/p>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe35\"<\/figure>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe36\"<\/figure>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe37\"<\/figure>\n\n\n\n
          login.php<\/strong><\/p>\n\n\n\n
          4. What is the file extension of the config backup?<\/p>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe38\"<\/figure>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe39\"<\/figure>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe40\"<\/figure>\n\n\n\n
          Follow the path<\/p>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe41\"<\/figure>\n\n\n\n
          .bak<\/strong><\/p>\n\n\n\n
          5. Which directory contains example documents? (This will be in a php directory)<\/p>\n\n\n\n
          Follow the path<\/p>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe42\"<\/figure>\n\n\n\n
          \/external\/phpids\/0.6\/docs\/examples\/<\/strong><\/p>\n\n\n\n
          6. What vulnerability is this application susceptible to that is associated with X-Frame-Options?<\/p>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe43\"<\/figure>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe44\"<\/figure>\n\n\n\n
          clickjacking<\/strong><\/p>\n\n\n\n
          7. What version of php is the server using?<\/p>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe45\"<\/figure>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe46\"<\/figure>\n\n\n\n
          \"RP:Nessus\u63d2\u56fe47\"<\/figure>\n\n\n\n
          5.5.9\u20131ubuntu4.26<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
          [Task 1] Deploy! [Task 2] InstallationAfter installatio […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-182","post","type-post","status-publish","format-standard","hentry","category-net-security"],"_links":{"self":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/182","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=182"}],"version-history":[{"count":0,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/182\/revisions"}],"wp:attachment":[{"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=182"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=182"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=182"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}