Project 9: Nmap Scripts, Metasploit Scanner Modules, In Addition To Nikto (15 Points)

What You Need

These virtual machines, which yous railroad train inwards a previous project:

1. Kali Linux 2.0 alongside Nessus too additional software
2. Windows Server 2008 alongside several vulnerable software packages

Launching Kali too Nessus

Start your Kali virtual machine. In a Terminal window, execute this command:

service nessusd kickoff

Open IceWeasel. Go to this URL:

https://kali:8834

In IceWeasel, log inwards alongside the username too password yous chose during installation. You should come across the "Scans" page, every bit shown below.

Troubleshooting If yous forgot your password, yous tin reset it alongside this command: /opt/nessus/sbin/nessuscli chpasswd rootage

Starting your Windows 2008 Machine alongside Vulnerable Software

Start your Windows Server 2008 VM. The default username is Administrator
The default password is P@ssw0rd

Testing Networking

Check your virtual motorcar settings too brand certain both virtual machines are laid to the same form of networking, either NAT or Bridged. Find your Windows machine's IP address too ping it from the Kali machine. Make certain yous tin come across replies, every bit shown below.

If yous don't come across replies, brand certain the firewall is off on the Windows machine.

Scanning the Windows 2008 Machine

On Kali, inwards IceWeasel, at the pump peak of the Nessus page, click Scans. On the left side, click the "New Scan" button.
On the adjacent page, click "Basic Network Scan", every bit shown below.

Fill inwards these values, every bit shown below.

• Name: Win2008 -YOURNAME, replacing "YOUR NAME" alongside your ain advert
• Description: leave blank
• Folder: "My Scans"
• Scanner: "Local Scans"
• Targets: 192.168.119.129 -- supervene upon this alongside the IP address of your Windows 2008 machine

At the bottom of the page, click the Save button.
Influenza A virus subtype H5N1 box pops upward bespeak whether to recall your password. Close it.
The "Scans" page shows your scan running, alongside a lilliputian light-green icon turning, every bit shown below.

The scan should accept 5-6 minutes. When it completes, the light-green rotating icon changes to a light-green checkmark. every bit shown below.

Viewing the Scan Results

Click the light-green checkmark to come across the scan results. Nessus constitute around "Critical" vulnerabilities, shown every bit scarlet regions inwards the charts, every bit shown below.
Click the scarlet percentage of either nautical chart to come across a detailed listing of vulnerabilities, every bit shown below.

Capturing a Screen Image

Make certain the Nessus page is visible, showing these ii required items:

• YOURNAME inwards the championship
• At to the lowest degree 1 CRITICAL vulnerability

Capture a whole-desktop picture too salvage it every bit "Proj 8a". YOU MUST SEND IN Influenza A virus subtype H5N1 WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Evaluating the Results

Click the "CRITICAL" vulnerabilities too read the descriptions of them. When I did it, the Apache too PHP vulnerabilities seemed rather unimpressive--they alone mattered inwards particular unlikely situations. However, the MS09-050 vulnerability is indeed CRITICAL--it tin Pb to consummate compromise of the box alongside Metasploit, every bit demonstrated here:
Simple Take Over of Windows Server 2008 (using MS09-050)
This is an essential business office of whatever vulnerability analysis--an intelligent human must evaluate the results to determine how of import they actually are to the company.
Scanners virtually ever flag a lot of problems every bit CRITICAL when they aren't actually too thence important.

Performing a Credentialed Patch Audit

On Kali, inwards IceWeasel, at the pump peak of the Nessus page, click Scans. On the left side, click the "New Scan" button.
On the adjacent page, click "Credentialed Patch Audit". Fill inwards these values, every bit shown below.

• Name: Win2008 Patches YOURNAME, replacing "YOUR NAME" alongside your ain advert
• Description: leave blank
• Folder: "My Scans"
• Scanner: "Local Scans"
• Targets: 192.168.119.129 -- supervene upon this alongside the IP address of your Windows 2008 machine

At the peak of the page, click the lilliputian bluish tidings Credentials.
On the adjacent page, on the left side, click Windows. On the correct side hold upward into the credentials for your Windows 2008 machine. If yous are using the motorcar provided for this course, the credentials are administrator too P@ssw0rd

At the bottom of the page, click the Save button.
The scan took 10 minutes when I did it. When the scan completes, click the light-green depository fiscal establishment agree mark. Click the scarlet percentage of either nautical chart to come across a detailed listing of vulnerabilities, every bit shown below.

Capturing a Screen Image

Make certain the Nessus page is visible, showing these ii required items:

• YOURNAME inwards the championship
• At to the lowest degree iii CRITICAL vulnerabilities

Capture a whole-desktop picture too salvage it every bit "Proj 8b". YOU MUST SEND IN Influenza A virus subtype H5N1 WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Evaluating the Results

This scan constitute 26 CRITICAL vulnerabilities, many of them Microsoft vulnerabilities. MS08-067 is an interesting case. The Microsoft vulnerability written report says it affects Windows Server 2008, but, every bit nosotros constitute previously, its Metasploit module doesn't run on Windows 2008.

Turning inwards Your Project

Email the images to cnit.124@gmail.com alongside a champaign of study work of "Proj viii From YOUR NAME", replacing "YOUR NAME" alongside your existent name. Send a Cc to yourself.

Sources

Nessus: Forget the administrator password