Friday, January 27, 2012

Vulnerability Assessment using Nessus

Lets try to do a Vulnerability Assessment using Nessus.
For those who haven't installed Nessus on the system, you can follow this tutorial.

Get started.

1. Start nessus service
# /etc/init.d/nessusd service
2. Open your browser and type in "https://localhost:8834" (remember that to connect to nessus you must use ssl and port 8834). 

3. Login with your account.
4. To start a new Scanning Task click "Scan" then "Add"


5. Fill out the required fields.
Name : (up to you)
Type : Run now
Policy : Internal network scan.
Scan Targets : 192.168.0.10/24
(I use the above address because I want to scan all host in the network, ip above is the gateway of the network)
When all done, click "Launch Scan"

6. Wait until the scanning completed, it will take some time.
7. When the scanning is finished. Go to "Reports".
8. There will be a list of your Scanning Task that you created before. Just click which reports you want to see.

9. When you click the task, there will appear a list of IP addresses captured, Total exploits along with its security level and total opened ports. Choose what level of vulnerabilities that would be shown by clicking the number from the relevant level.
10. There will appear a table showing opened ports, and the vulner protocols along with the level of risk.
11. Click again, and there will appear a list of software that have a vulnerability to be attacked, along with where it is running and the level of the risk.
12. Click one of the vulnerability. Will appear a description of the vulnerability, along with the solution.
13. Analyze each vulnerabilites found by nessus to create a good attack vector.

You can also download the report for later analyze. At the "Reports" page just Click "Download" or "Download reports". Then select the type of the reports that you want to be downloaded. Click "Download".
Ok, that is an activity that called Vulnerability Assessment. 
The step after you found the attack vector is searching for an exploit to attack the target system. 
In backtrack there is a database for that. Go to Application > Backtrack > Exploitation Tools > Open Source Exploitation > Exploit DB > exploitdb search.
And there you go, you can search an exploit for the exploitation use.
Hope this helps..  :)

3 comments:

Unknown said...

finally what i needed... thank you so much!!!

dragon_master said...

glad to hear it.. :)

sanket9022 said...

Very Good tutorial bro.

Post a Comment