ethical hacking - vulnerability assessment · ethical hacking - vulnerability assessment blossom...
TRANSCRIPT
Blossom—Hands-on exercises for computer forensics and security
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/.
Ethical Hacking - Vulnerability Assessment
BLOSSOM Manchester Metropolitan University
(Funded by Higher Education Academy) [email protected]
Blossom—Hands-on exercises for computer forensics and security
1. Learning Objectives
This lab aims to understand and learn how to assess vulnerabilities using OpenVAS
2. Preparation
1) Under Linux environment
2) Some files that you will need from /home/user/BlossomFiles/EthicalHackingVulnAssessment:
• 'OpenVAS.sh’
3) Some documents that you may need to refer to:
• 'Virtual-MachineGuide.pdf' • ‘Linux-Guide.pdf’ • ‘BLOSSOM-UserGuide.pdf’
3. Tasks
Setup & Installation: • Start two virtual machines as you have done with previous exercises
(see Virtual Machine Guide), except make sure that the memory of the first virtual machine is set to 1520mb using the following command during the VM initialisation: # kvm -cdrom /var/tmp/BlossomFiles/blossom-0.98.iso -m 1520 -net nic,macaddr=52:54:00:12:34:57 -net vde -name node-one # kvm -cdrom /var/tmp/BlossomFiles/blossom-0.98.iso -m 512 -net nic,macaddr=52:54:00:12:34:58 -net vde -name node-two
• On the first VM, open up a root terminal and run the following
commands in order to set up OpenVAS: # chmod 4755 OpenVAS.sh # ./OpenVAS.sh NOTE: After the script finishes, a password must be set for the user ‘admin’.
• After each of previous script has finished, we can then log in to OpenVAS as the user "admin" by using the following command in a NON-ROOT terminal: $ gsd
Blossom—Hands-on exercises for computer forensics and security
We are now presented with a login screen. Change the "Serveraddress" field to '127.0.0.1', the "Username" field to 'admin' and the "Password" field to the password that you entered after the script finished of the installation.
Task 1 Vulnerability Assessment 1.1 Now that we have installed OpenVAS and the GUI Greenbone Security
Desktop and have successfully logged in to the service, we can now begin to create scans to assess any vulnerability that may be present on each virtual machine. First of all, we select the option 'New' from the dropdown menu 'Task' which will open up a window allowing us to set up a vulnerability scan. Choose a suitable name for this first scan and then select the dropdown menu 'Scan Config' and choose the option 'Full and very deep ultimate'. Now we want to select the target of the scan, for which we will choose the 2nd Debian Virtual Machine. We select this machine by clicking on the blue star icon next to the 'Scan Targets' dropdown menu which will open up a new window where we can set the name of the target to something appropriate, and also enter the IP address of the target machine into the 'Hosts' field. With all the previous options set, select 'Create' in the new task window and we should see the task appear in the 'Tasks' section of Greenbone Security Desktop, alongside some statistics in the 'Dashboard' section. To start the task, select the task in the 'Tasks' section and select the play button in the toolbar just above, or right click and select 'Start'. NOTE: This scan can take a while to complete, so in the meantime, proceed on to the next section of the exercise whilst the scanner is assessing vulnerabilities.
1.2 The previous scan we have just started is a very comprehensive scan and will take a while to complete, but will also show us most of the vulnerabilities present in the virtual machine; however, what if we wanted to perform a quick scan? Using the knowledge gained from the previous part of the exercise, start a 'Full and fast' scan on the virtual machine that we are running Greenbone & OpenVAS from (localhost). After each scan has finished, we can view a report of the results found by double clicking on the task in the 'Tasks' window, selecting the 'Reports' tab that appears in the new window that will appear, and then double clicking on the report. This will open a report in the bottom right hand corner of Greenbone which can then be dragged out and viewed in full screen.
Blossom—Hands-on exercises for computer forensics and security
NOTE: The full and fast scan of the localhost should just reveal a couple of low risk threats which are not displayed by default, to view them you must select the 'Low' threats checkbox on the left hand side of the report box. The full and very deep ultimate scan should display a medium risk threat which will appear by default. Once the 'Full and very deep ultimate' scan has finished, look at the report that is generated. We will be able to read a comprehensive explanation of the potential vulnerability, as well as information pertaining to how the vulnerability could be exploited, as well as references for how the vulnerability can be fixed. Software like this provides us with ways in which we can strengthen the security of a network or computer against the significant amount of threats in today's society.