Module 06: Network Penetration Testing Methodology-Internal /8

Exercise 8: Vulnerability Scanning with OpenVAS

Scenario

While it is debatable how much a vulnerability scanner can do for a professional security tester, it is an important tool for helping us gather data and identify known vulnerabilities. When doing a penetration test we use a vulnerability scanner to provide us with a quick look at the state of the machines we are building in our target database.
The objective of this lab is to help students learn how to:

• Perform Vulnerability Assessment with the OpenVAS tool
• Analyze the output of the scan
• Add information to the target database

Lab Duration: 25 Minutes

1. Click Kali Linux (Internal Network).
   If the Kali Linux lock screen appears, click on the screen and press Enter. If it does not appear, skip to the next task.
   
2. Type root in the Username field and click Next.
   
3. Type toor in the password field and click Sign In.
   
4. Navigate to Applications --> 02 - Vulnerability Analysis --> openvas start (third option from below).
   In this lab, we are going to perform a vulnerability assessment on 172.20.20.9 (Advertisement Dept. Subnet D machine), which was discovered during ping sweep scan in the previous exercise.
   
5. Wait until all the services are started. Minimize the command terminal window.
   

   It takes some time for the OpenVas Scanner to start.
   Ignore the error returned by OpenVAS Security Manager.

   
6. Launch Firefox ESR web browser, type https://127.0.0.1:9392 in the address bar and press Enter.
   
7. OpenVAS web GUI login page appears; enter the following credentials and click Login:
   Username: admin
   Password: qwerty@123
   
8. OpenVAS Dashboard appears as shown in the screenshot.
   

   Ignore the password remembering pop-up

   
9. Hover the mouse cursor on Configuration and select Targets.
   
10. Click the star icon in order to add a new target.
    
11. New Target window appears; enter the target name (Advertisement Dept. Subnet D in this lab) in the Name text field, select Manual radio button under hosts section and enter the IP address of the target machine in the text field adjacent to the Manual radio button. The IP address of Advertisement Dept. Subnet D is 172.20.20.9.
    Select All IANA assigned TCP 2012-02-10option from the Port List drop-down list.
    Leave the other options set to default and click Create.
    
12. Once you click the Create button, OpenVas will add the target and it will display the Target Details as shown in the screenshot.
    
13. Hover the mouse cursor on Scans and click Tasksto add a new task.
    
14. Welcome to the scan task management! notification appears for 10 seconds and disappears.
    Wait for the notification to disappear.
    
15. Tasks wizard appears; since we haven't added any tasks to OpenVas, it will be empty. Now, we need to create a new task. To do this, click on the Staricon near Tasks (total: 1).
    
16. Hover the mouse cursor on the Task (Star) icon on the left side and click New Task in the context menu.
    
17. New Task window appears; enter the name of the task (here, Advertisement Dept. Subnet D Scan), choose Advertisement Dept. Subnet Dfrom the Scan Targets drop-down list and choose Full and very deep scan from the Scan Config drop-down list.
    Set the value of Maximum concurrently executed NVTs per host to 4.
    Leave the other options set to default, and scroll to down to click Create.
    This creates a task which will be performed in the forthcoming steps.
    
18. The task named Advertisement Dept. Subnet D Scan has been successfully added to OpenVAS as shown in the screenshot. Begin the vulnerability scan by clicking the Start (Play) icon in green color, in Task Details.
    
19. A vulnerability scan has been initiated successfully. Select Refresh every 30 Sec. option from the No auto-refresh drop-down list.
    By doing this, the scan status displayed under the status section will be updated every 30 seconds.
    
20. Wait until the scan is completed. It will take approximately 5 to 10 Minutes to complete the scan.
    
21. On completion of the scan, the status of the scan changes to Done as shown in the screenshot. Once done, change Refresh every 30 Sec to No auto refresh.
    
22. Click on the date link in the Reports section in Task Details. The date (Jan 25 2018) displayed in this lab will vary from your lab environment.
    

    The date link may vary as you perform the lab.

    
23. The Report: Results window appears as shown in the screenshot, where OpenVas will display all the Vulnerability list and its Severity levels.
    
24. Select HTML from the drop-down list as shown in the screenshot, and click the download button (down arrow button). This downloads the report in HTML format.
    
25. Opening report pop-up appears, select Open with radio button, choose Firefox ESR browser from the drop-down menu and click OK.
    
26. The report appears in the web browser. Scroll down the report and examine all the vulnerabilities that are detected during the scan.
    
27. After examining the vulnerability report, Logout and close the web browser and all the windows that were opened.

In this lab, you have learned how to:

• Perform Vulnerability Assessment with the OpenVAS tool
• Analyze the output of the scan
• Add information to the target database