Project 8: Nessus (15 points)

What You Need

These virtual machines, which you set up in a previous project:
  1. A Kali linux virtual machine. These instructions assume you are using a 32-bit version.
  2. Windows Server 2008 with several vulnerable software packages

Installing Nessus

In Kali, open Firefox and go to:
http://www.tenable.com/products/nessus-home
Fill in the form with a name and email address, as shown below, and click Next.

Click the Download button.

On the next page, download the 32-bit version for Kali, as outlined in green in the image below.

Notice that it refers to "Kali 1," which has beel obsolete since Aug., 2015, and that it also provides only an md5 hash for download verification, which is certainly not a best practice.

Download the file. When you see the message below, close it and close Firefox.

In a Terminal window, execute these commands: 

cd 
cd Downloads
md5sum Nessus-6.11.1-debian6_i386.deb
For what it's worth, the MD5 matches the value on the Nessus page, as shown below.

In a Terminal window, execute this command: 

dpkg -i Nessus-6.11.1-debian6_i386.deb
Nessus installs, as shown below.

In a Terminal window, execute this command: 

/etc/init.d/nessusd start
Open Firefox and go to:
https://kali:8834
A warning says the connection is not secure. Click Advanced. Click "Add Exception...". Click "Confirm Security Exception".

A "Welcome to Nessus" page appears. Click Continue.

In the "Account Setup" screen, choose a username and password, as shown below. Note the message at the bottom "..this account also has the ability to execute commands on hosts being scanned." Very strange.

Troubleshooting

If you forgot your password, you can reset it with this command:
/opt/nessus/sbin/nessuscli chpasswd username

Click Continue.

The Registration page asks for an Activation Code. Read your email to get it. Enter the code and click Continue.

Wait while Nessus updates.

Starting your Windows 2008 Machine with Vulnerable Software

Start your Windows Server 2008 VM.

Testing Networking

Check your virtual machine settings and make sure both virtual machines are set to the same sort of networking, either NAT or Bridged.

Find your Windows machine's IP address and ping it from the Kali machine. Make sure you can see replies.

If you don't see replies, make sure both VMs are using NAT networking mode.

Scanning the Windows 2008 Machine

On Kali, in Firefox, sign in to Nessus.

At the top right of the "My Scans" page, click "Create a new scan".

On the next page, click "Basic Network Scan", as shown below.

Fill in these values, as shown below.

At the bottom of the page, click the Save button.

Your scan appears in the middle of the page. On the right side, click the arrow icon to start the scan, as shown below.

The "Scans" page shows your scan running, with a little green icon turning, as shown below.

The scan should take 5-6 minutes. When it completes, the green rotating icon changes to a green checkmark. as shown below.

Viewing the Scan Results

Click the green checkmark to see the scan results. Nessus found some "Critical" vulnerabilities, shown as red regions in the charts, as shown below.

Click the red portion of either chart to see a detailed list of vulnerabilities, as shown below.

Capturing a Screen Image

Make sure the Nessus page is visible, showing these two required items: Capture a whole-desktop image and save it as "Proj 8a".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Evaluating the Results

Click the "CRITICAL" vulnerabilities and read the descriptions of them. When I did it, the Apache and PHP vulnerabilities seemed rather unimpressive--they only mattered in special unlikely situations.

However, the MS09-050 vulnerability is indeed CRITICAL--it can lead to complete compromise of the box with Metasploit, as demonstrated here:

Simple Take Over of Windows Server 2008 (using MS09-050)

This is an essential part of any vulnerability analysis--an intelligent human must evaluate the results to decide how important they really are to the company.

Scanners almost always flag a lot of problems as CRITICAL when they aren't really so important.

Performing a Credentialed Patch Audit

On Kali, in Firefox, at the center top of the Nessus page, click Scans.

On the top right, click the "New Scan" button.

On the next page, click "Credentialed Patch Audit". Fill in these values, as shown below.

At the top of the page, click the Credentials tab.

On the next page, on the left side, click Windows. On the right side enter the credentials for your Windows 2008 machine. If you are using the machine provided for this course, the credentials are administrator and P@ssw0rd

At the bottom of the page, click the Save button.

In the "Win2008 Patches YOURNAME" row, click the right-pointing arrow to start the scan.

The scan took 10 minutes when I did it. When the scan completes, click the green check mark. Click the red portion of either chart to see a detailed list of vulnerabilities, as shown below.

Capturing a Screen Image

Make sure the Nessus page is visible, showing these two required items: Capture a whole-desktop image and save it as "Proj 8b".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Evaluating the Results

This scan found 26 CRITICAL vulnerabilities, many of them Microsoft vulnerabilities.

MS08-067 is an interesting case. The Microsoft vulnerability report says it affects Windows Server 2008, but, as we found previously, its Metasploit module doesn't work on Windows 2008.

Turning in Your Project

Email the images to cnit.124@gmail.com with a subject line of "Proj 8 From YOUR NAME", replacing "YOUR NAME" with your real name.

Send a Cc to yourself.

Sources

Nessus: Forget the administrator password

Last Modified: 9-28-17