The project aims to provide hands-on experience with deploying and using a vulnerability scanner in a virtualized environment, while also gaining insight into the importance of identifying and addressing potential security risks.
- Virtual Box
- Nessus
- Windows 10
Create a new virtual machine within VirtualBox and configure the necessary settings such as memory, CPU, and network adapters:
Installing Windows 10 operating system as the guest OS within the VirtualBox virtual machine:
In this section, we will outline the essential procedures for preparing your virtual machine (VM) for scanning. This involves optimizing security updates, installing all available updates, and disabling the firewall. These measures are critical to ensure that Nessus can effectively identify any vulnerabilities or weaknesses:
We must ensure that the virtual machine is on the same network as the machine that will be conducting the scan. Navigate to the network adapter option and select "attach to host" on the adapter, we encounter some problems with dhcp server which was off so we eneable it in File > Tools > Network Manager. Now we can ping our virtual machine from host:
After the successful configuration of our Windows machine, we are prepared to proceed with the download and installation of Nessus. Upon entering the required information and activation code, we will wait for the installation process to be finalized:
Next step after successful installation and compilation of plugins, it is time to configure our first scan. From the various options available in Nessus, we will select the basic network scan and configure the name and IP address of our VM with basic settings. While we wait for scan to finish we can observ informations about scan as we can see we Scan already detected one mediom Vulnerabilitie
To conduct a more thorough analysis, you can click on the blue bar beneath the vulnerabilities to access comprehensive details. These vulnerabilities are categorized into different sections based on technology and relevance, facilitating easy navigation through the findings.
Upon selecting the medium vulnerability, Nessus provides detailed information regarding the identified vulnerability. For instance, that SMB Signing is not required, which can be exploited by attackers through man-in-the-middle attacks against the SMB server. Additionally, Nessus offers a solution to address this issue under the "Solution" section.
Let's proceed to the next phase by incorporating credentials into our saved Windows scan to gain more detailed information. Begin by accessing "My Scans" and selecting the saved scan, labeled "first." In the top-right corner, you will find an option to configure. Click on this to proceed. In the credentials section, choose "Windows" as our VM is Windows-based. When conducting a Windows credentials scan, various authentication methods are available, including password, Kerberos, hash, and hash. The password method requires the administrator or user password for authentication, while Kerberos is utilized when the target system is part of a domain. Finally, fill in your username, password, and domain name.
Nessus credential configuration involves setting up authentication credentials to enable Nessus to perform authenticated scans on target systems. This allows Nessus to gather more detailed information about the target, resulting in more accurate and comprehensive vulnerability assessment reports
If an attempt to run the scan results in a notification indicating insufficient privileges for the account used, it is likely due to the non-default administrator account being automatically added to the local group administrators without adequate access rights to system files and settings. To resolve this issue, several additional steps need to be undertaken. To begin, return to the Windows VM and access the "Services" by clicking on the Windows button and searching for the term. Locate the "Remote Registry" and adjust its startup type to "Automatic," enabling remote connection to the system registry database for various operations, such as viewing registry keys and values. Subsequently, locate the "User Account Control" and set the notification level to "Never notify," thereby preventing interruptions to the scan by user account control prompts. Lastly, open the registry editor and navigate to the specific location to create a new DWord value. Expand the registry to the following order: HKEY_LOCAL_MACHINE, Software, Microsoft, Windows, CurrentVersion, Policies, and System. Within the "System" folder, create a new DWord value named "LocalAccountTokenFilterPolicy" ensuring the precise spelling to prevent the value from being disregarded. Edit the properties of the new value by changing the value data field from 0 to 1, thereby enabling the local account token filter policy to grant non-administrator accounts access to administrative resources when using remote procedure call. Upon completing these steps, restart the computer to ensure the changes take effect.
upon completion of the scan, Nessus has detected a total of 42 vulnerabilities, encompassing critical high and medium severities. Of particular concern are the high severity vulnerabilities associated with Microsoft .Net Framework, where Nessus has flagged missing security updates. Further investigation reveals two vulnerabilities, specifically pertaining to denial of service and remote code execution. Additionally, SS provides detailed information, including reference numbers and an extensive array of associated links.
We will introduce vulnerable software into the system. As my current virtual machine lacks internet connectivity, I will access the devices, navigate to network settings, and modify the "attach to" parameter from a host-only adapter to a bridge adapter to establish internet connectivity. Subsequently, we will procure outdated software, exemplified by the installation of a 2020 version of Chrome, an older version of 7zip, and a 2021 version of Minecraft. We will subsequently delve into a detailed discussion regarding these specific software versions. And make another scan.
Upon immediate inspection, Nessus has revealed a multitude of new vulnerabilities present on your Windows machine. Among these vulnerabilities, Nessus has identified issues related to Apache Log Forge that require attention. It is noteworthy that although we did not install the Minecraft server and it is not currently operational, the presence of these vulnerabilities indicates potential security risks that could be exploited by an attacker.
Upon clicking on the identified vulnerability, Nessus has highlighted a remote code execution vulnerability with a severity rating of ten, signifying the highest level of severity. Nexus offers a comprehensive description of the vulnerability, a recommended solution, and an output detailing the paths to the affected file. In this instance, the recommended solution involves upgrading to at least version 2.15 or later, as the vulnerability stems from improper log validation. This assessment aligns with the identified issue.
One of the nessus features is robust reporting capabilities, enabling users to generate comprehensive reports that provide a detailed overview of the identified vulnerabilities and their associated risks. The reporting feature allows for the customization of reports to suit specific requirements, including the selection of specific vulnerabilities, filtering by severity, and tailoring the report format to meet the needs of different stakeholders.
Upon completion of the vulnerability assessment, the next step involves remediation efforts. Prioritizing the installation of the latest security patches is crucial. Subsequently, activating the updates for Google Chrome is essential. To accomplish this, accessing the system configuration and locating the Google Update service is necessary. It is also imperative to eliminate any potential threats from the system. In this instance, removing the Minecraft server file from the downloaded folder and emptying the recycling bin are recommended actions.
