Vulnerability assessment is a process of identifying weaknesses and security gaps in a system or network that could be exploited by attackers. It involves scanning, testing and analysing the system to find vulnerabilities and prioritize them based on their severity to take actions to address them.
A bug in code or a flaw in software design can be exploited via an authenticate or unauthenticated attacker.
A gap in security procedures or weakness in internal controls can also be exploited causing a security breach.
In this tutorial, we will conduct credentials vulnerability assessment using Nessus on a Vm Windows Host and remediate identified vulnerabilities.
Nessus is a vulnerability scanner that operates as a web application to scan for vulnerabilities in networking devices and systems.
In most cases as an ethical hacker, when performing vulnerability scans, you won’t be given remote sharing privileges, to gain remote access to the device to perform in depth scans - credential scans.
This tutorial will walk you through the process of enabling remote sharing services and creating a key in the VM’s registry to perform a thorough (credentials) scan.
Prerequisites
To follow up , I assume you have Oracle VM Virtualbox installed.
Windows 10 ISO file lauched on your VM.
Nessus Essentials account set up and verified.
Familiar with networking concepts and operating systems.
Familiar with Windows Powershell
So, Let’s Start
Step 1
Boot your Windows 10 in your VM , run a command to get the ipv4 address.
Running ipconfig on the command prompt returns all ip information available.
You may ping the IP address on your local computer to see if you will get a response.
ping -t 192.168.0.105
-t means to loop the ping.
Ctrl + c cuts this loop.
For this sake of this tutorial, we will make some administrative changes to the Vm windows to make it more vulnerable and expand the scope of the scan.
We will ;
disable the firewall profiles
enable remote sharing service to allow Nessus gain remote access
alter the user control settings to further reduce the security notifications on the VM
add a special key to the VMware registry for Nessus to perform Credentials scans
NOTES: When configuring your windows 10 iso, be sure to set the network adapter to bridged. Bridged brings the VM to the same network as your local computer.
If you don’t get Ping command, read up on common protocols and ports.
Ping is an ICMP protocol.
Step 2: Go to start and run wf.msc
This is a shortcut to get to the windows defender firewall settings.
To disable firewall, you want to disable the domain, public and private profile.
Pinging the IP again from your local computer should return a better response at this point.
Step 3: Go to start and run services, navigate to Remote Registry Properties and enable this.
Step 4: Search user account control. Bring this down to the very least.
Step 5: Search registry editor and open the application
Navigate to Local machine > software > microsoft > windows > current version > policies > system > open this path.
Your screen should look like this
We are creating a new Dword here and naming it LocalAccountTokenFilterPolicy.
Edit the DWord ValueData to 1 and leave the rest as default.
This should restart the VM.
Step 6: Go to your web browser and log into your Nessus essentials account
Navigate to new scan and choose Basic Network scan.
Settings, target is the IP of the Vm
Go to credentials and tap on Windows.
Username : Go to the VM command prompt and run whoami to be sure of this.
password and save this
Go to my scan and launch the scan..
Give this time to complete and you’ll see your vulnerabilities in order of severities.
Note: While reporting your finding as an ethical hacker, you may not report on all of the vulnerabilities. Most organizations focus on the critical and high vulnerabilities.
Nessus also provides solutions on how to remediate identified vulnerabilities.
In most cases, these vulnerabilities exists around outdated security patches so be sure to keep this automated in your organization.
You may install deprecated software in the VM that poses high security threats and rescan.
Compare the vulnerabilities before you installed the software ( for instance, a really old version of Firefox ) and after the installation.
You’ll notice a high number of critical and high vulnerabilities and an expected remediation to update Firefox.
Top comments (0)