SEC602 – Lab 3 / Using Vulnerability Assessment Tools

This lab is designed to test our understanding and ability to apply content examples in the following CompTIA Security+ objectives:
– Vulnerability scanning concepts.
– Given a scenario, use appropriate software tools to assess the security posture of an
organization.

 

 

In this Lab we would be using WIN2016-DC, Kali Linux, WIN2016-MS, WIN10-WS & WIN07-WS Systems.

Exercise 1 – SettingUp OpenVAS

We have to run OpenVAS scanner from Kali Linux VM. So, going into KALI VM:

Making sure that it connects to the VLAN by checking the Network Adapter:

then logging into the machine using root and default password as the login credentials. Now we have to configure the adapter using the DHCP server on the LAN Network in Kali:

It mentions to go into IPv4 and select Automatic IP Address and delete any present DNS Servers.

Then we should be able to see an IP address in the range of 10.1.0.000 (and we got here 10.1.0.100)

After getting the IP address in that range, we have to open Terminal and run OpenVAS -start to run that program which is pre installed in Kali Linux VM. then Exit the terminal.

Exercise 2 – Configuring OpenVAS

In this exercise, we have to configure target groups and scanning options in the OpenVAS scanner in Kali Linux.

We have to then open Firefox and go to 127.0.0.1:9392 and log on with the Kali login credentials.

Then we have to go into the Credentials and open new credentials and create one classroom\Administrator credentials to login.

Now, after we finish that we have to go into Configuration menu and select Target. Again star icon and add a new target.

After that then we have to go into Configuration menu again and select Scan Configs.

Now from Configuration menu we have to select Schedules and same as before click on Blue star to open the New Schedule web dialog.

From Scans Menu we have to select Tasks and add a new task:

So after creating that Task you have to go into the task and run it. When we will click on start button the run the scan manually the next scheduled task would be tomorrow.

Exercise 3 – Using MBSA

In this excersise we have to run Microsoft Baseline Security Analayzer in Windows 10 VM.

Log in into classroom/Administrator in WIN10-WS, then we have to run MBSA from the command line to use an offline updates catalog as VM is not connected to the outside world in the VM. Entered the following commands as show in images below.

 When the second scan finishes open MBSA from desktop app and then click on View existing security scan reports.

WIN10-WS

I can clearly see from the logs that Windows Automatic Updates failed! and then the lab mentions to click on Result details link for the Windows Security Security Updates category. but we don’t have it further it talks about if we could have a Internet access on the HOST, and then do a quick search on the Knowledge base article for the missing patch and identify the CVE ie. addresses.

WIN2016-DC

The DC also has a serious security policy failing by allowing guest account access. This
facilitates remote scans by unauthorized hosts and provides potentially exploitable access to the file system, which is completely unacceptable on a server running a service as
critical as Active Directory.

Exit WIN10-WS. 🙂

Exercise 4 – Analyzing OpenVAS Scans

We will go back in KALI-VM and refresh the browser and go back to greenbone web app Dashboard.

We will go to Scans > Reports. Open the Task.

Then we will filter it down only for hosts=10.1.0.1 and the results can be seen below;

 

we can identify that the 445/tcp SMB/NetBIOS Null Session Authentication Bypass vulnerability this is a result of the guest access / anonymous logon configuration identified by MBSA. also there is one “general/tcp” type critical vulnerabilities.

After that, now lets filter it down for cve-201-0199 as the labs mention we couldn’t find any vulnerabilities.

CT&A

Through this Lab we have identified multiple ways to find out whats happening on the network, through CMD and advance tool such as Zenmap & OpenVAS in KALI Linux environment but we can do it Windows environment easily.

Problems

None