Blueprinting The Target Part — 4
Vulnerability Assessment & Management
Although we have presented vulnerability assessment & management as a part of the information gathering phase, it is a more dedicated and critical part of the information gathering, so it was worthwhile to keep it separate in a module.
Information Gathered in previous module
* Network Addresses information
* Operating System Level information
* Open Ports
* Services Information
* Work group level information
What we need now is the vulnerabilities discovery so that we can further move one more level to discover the weaknesses in the network.
To achieve our goal of detecting & discovering vulnerabilities in the network, we need vulnerability scanners so that they can perform the job and further gather information about the vulnerabilities. We already installed two vulnerabilities scanners in our virtual hacking lab environment. Let’s login to our lab and perform the vulnerability assessment activity so that we can proceed in information gathering.
To perform this activity, first note the IP address of the Ubuntu Box. In our lab, it is on 192.168.56.101. Ensure that all machines in our virtual hacking lab environment are up and running. We have shown the snapshot of our Virtual Box.
Next, browse the Ubuntu Box on the following address:
Ubuntu NeXpose Web Access: https://192.168.56.101:3780/.
Next, wait for a while and you will be asked to login, use the credentials you configured at the time of installation. Once logged in, you will see the below screen.
Next, we will now start the vulnerability assessment on the so far discovered live hosts and find out how vulnerable these systems are.
Next, to achieve these, we will now scan this with NeXpose scanner as shown in the following figures. Configure the new site as shown below
Next, configure the general settings for the site and click next.
Next, configure the IP addresses we want to scan as shown below and continue
Next, select the scan template, recommended to use full audit.
Next, for credentials, leave them blank, as shown below, as we don’t have any credentials to be used for the vulnerability scan.
Next, leave the web application settings blank at the moment.
Next, configure the organization contact details you are scanning. This will be reflected in the report.
Next, default settings for access listing and save the site.
Next, once you configured the site, it will appear on the home page as shown below.
Next, click the scan now option to start the scan for the site we have just configured as shown in below snapshot.
Next, you will see the following prompt to start the scan. Now start the scan and sit back and watch the vulnerability assessment on screen.
Next, you will see the following screen with the details of the vulnerability assessment. We will wait until it finishes the scans.
You can see that NeXpose has detected the two Metasploitable machines and is now busy finding vulnerabilities in them. It will take time, as we don’t have enough RAM with our Ubuntu box. However, it will take too long for NeXpose to perform the vulnerability assessment on these two machines.
Next, you can see that after six minutes of vulnerability assessment NeXpose has identified six vulnerabilities in these machines. We will wait for some more time to see the overall results of our vulnerability assessment with NeXpose.
Next, here you go, NeXpose took a total of 10 minutes overall and has discovered 631 vulnerabilities in this vulnerability assessment we have just performed in these two machines.
Next, we will not see the assets in our NeXpose, which will give us the overall results of the assessments.
Next, results of assets by Operating System & applications.
Next, to see the vulnerabilities found in this assessment cycle, click the vulnerability link on the home screen and you will see the following results in a nice presentable manner.
Here you can see the details on vulnerabilities, which have been discovered in the assessment we have just performed. This dashboard also provides details on the vulnerabilities. You can click any one of these vulnerabilities and see more details. We have shown one below, this covered much of details on this vulnerability, its scoring, severity, published date and the available exploits and also the solution to mitigate the risk of this vulnerability. All of these details are shown below.
Now we will present some reporting by which analysis you can easily find out how you want to manage these vulnerabilities. You can generate reports for executive members of the company; you can also generate report on top assets or top vulnerabilities or just the audit reports.
By looking from different angles on these vulnerabilities, you would be able to manage these vulnerabilities much easier. You have more options for looking into these vulnerabilities by means of generating different types of reports.
We have completed the vulnerability assessment & management with NeXpose in our lab, now it’s your task to perform the similar scan with Nessus Vulnerability Scanner we installed in our virtual hacking lab. We also installed the Metasploit framework; this has nothing to do with Information gathering framework.
However, we are now assigning a task where you select two vulnerabilities from the NeXpose scan which are exploitable and try exploiting with Metasploit. It’s not difficult as the NeXpose report will guide you on complete steps for exploiting those vulnerabilities with Metasploit.
Originally published at https://learncybersec.blogspot.com.