Vulnerability Scanning of a Linux Target
Vulnerability Scanning of a Linux Target
- Before You Begin
- Introduction
- Scanning the Network for Vulnerable Systems
- Scanning the Network Using OpenVAS
- References
- Help Desk
Before You Begin
IF YOU HAVE ANY ISSUE ACCESSING OR DOING THE LAB, REFER TO BELOW TROUBLESHOOTING TECHNIQUES.
Chrome is the supported browser and should be used. There is a known issue with Firefox that will cause double typing.LINK YOUR ACCOUNT TO YOUR INSTRUCTOR
- Navigate to the Home Screen, where you will see all of your labs.
- Click on the “Link Course to Instructor” button.
- From the “Course” drop down menu, select the set of labs you want to link to an instructor. Type your instructor’s email in the box, and click “Link to Instructor”.
- Repeat this step if you are linking multiple sets of labs.
- If you would like to change the instructor linked to a set of labs, simply click the “Remove” button and repeat Step #2.
How to use our labs
Browsers
Infosec learning supports Google Chrome. There are many complex functions that occur behind the scenes in our virtual environment and we want to make sure you have the best possible experience. Using Google Chrome as the browser will ensure this. Below is a link to download it.
Starting the Environment
Every lab is different and you should familiarize yourself with it first. By clicking the "Start" button we begin creating your virtual environment. While this is happening you can begin looking through any of the information in this pane.
Once your environment is started, the actual virtual machines (VM) might need another few minutes to finish starting up. You can think about starting our environment just like starting any computer in person, it takes a few minutes to fully power on.
Everything is HTML 5
Our entire environment is built in HTML 5 and doesn't require any plugins, Phewww!!! You will notice the left hand side of the screen has an information panel that can be moved in and out to make the content larger or smaller. In fact, it can actually be closed to make the virtual topology on the right as large as possible.
Clicking on a VM in the Topology
When asked to access a specific VM in the network topology on the right hand side of the screen, click on the needed VM and a window will pop up with that computer's desktop. Again, make sure you give the VMs time to fully start up.
How our Design Helps You
In each of our lab manuals there are a few things that you should keep in mind which will help you navigate through the labs.
- Every action such as click, right-click, drag, open, etc., are in bold type.
- Any time you have to type something (such as a command) we have highlighted the code in this font.
Common Problems
- I can't see my mouse.
Are you using Google Chrome? If not, there are known issues with Firefox where the mouse continues to disappear. Once Firefox fixes this issue, we will all be much happier! In the mean time you should download Google Chrome. We have also found that moving your mouse around quickly, many times brings the mouse back.
- The lab is broken because I can't get it to work.
Although the lab environments are computers, we are human and sometimes mistakes happen. With that said, 9 out of 10 times we find something is being typed wrong or a step was missed by the user. Make sure you are typing exactly what you are supposed to type. Even the slightest error will cause a command not to work.
- Is there a Help Desk?
Yes! Our help desk is here to provide you with technical support to make sure you can access your labs. What they can't do is take anything away from your instructor by answering questions about the content. With one click you can create a ticket with the help desk. The Help Desk section is located at the end of every lab. It is always helpful to include a screenshot with any issue.
- I am completely stuck and I can't find what I did wrong.
At the end of each lab there is a Help Desk Section, where you can submit a ticket. Once a ticket is submitted, we will perform the lab from front to back to assure it is working as it should, and report back to you. If the lab is not working, we will escalate the ticket to the engineering team to fix any problems. The labs can be tricky at times and each time you start a lab, the steps must be performed front to back for all sections.
- My Windows VM is saying there are updates.
Microsoft will periodically push updates and you might see a message regarding these updates. It's okay to disregard the message by closing the update window and completing the lab.
Introduction
Overview:
In this lab, you will be conducting vulnerability scans using various network scanning tools. You will be performing the following tasks:
- Scanning the network for vulnerable systems
- Scanning the network using OpenVAS
Scanning the Network for Vulnerable Systems
Scanning the Network Using Nmap
- Click on the Kali icon on the topology diagram.
Kali
- On the login screen, select Other.
Kali
- When presented with the username, type root. Press Enter.
Kali
- When prompted for the password, type toor. Press Enter.
Kali
- While on the Kali system, open a new terminal window.
Opening a Terminal
- View the available options that can be used with Nmap by typing nmap into the terminal followed by pressing Enter.
root@Kali-Attacker:~# nmap
Available Options
Challenge # Challenge #
Challenge #
In the nmap help under HOST DISCOVERY, what is the option for doing a list scan? Incorrect. Please try again. Answer Submit Skip- Initiate a quick ping scan to identify live hosts with a network ID of 10.1.1.*. Type the following command and press Enter.
root@Kali-Attacker:~# nmap –sP 10.1.1.*
Quick Scan
You should see two host results: 10.1.1.1 as the DMZ gateway and 10.1.1.10 as the DVL Server.
- Initiate a ping scan while spoofing the source MAC address at the same time. Type the following command and press Enter.
root@Kali-Attacker:~# nmap –v –sP –spoof-mac 0 10.1.1.*
Note: this task will take some time to complete
Ping Scan
- When scanning for active systems on a network, Nmap also gives the ability to scan for which IP protocols are supported by the host involved in the scanning process. Type the command below followed by pressing Enter.
root@Kali-Attacker:~# nmap –sO 10.1.1.10
Scanning of IP Protocols
Note: Let this scan run for about 6 to 7 minutes. Proceed to the next step while the scan runs in the background.- On the terminal window, select File from the top menu pane and click on Open Tab.
Open Tab
- While engaged in the new tab, initiate a Transmission Control Protocol (TCP) scan against the Security Onion system. Type the following command below and press Enter.
root@Kali-Attacker:~# nmap –sT 192.168.1.6
TCP Scan
- Notice the well-known TCP ports that are open.
TCP Scan
- Initiate an operating system scan against the DVL system to help identify what version of Linux it is running on. Type the following command and press Enter.
root@Kali-Attacker:~# nmap –O 10.1.1.10
Identifying Linux Version
- Initiate the same scan from the previous step against the Ubuntu system. Type the following command and press Enter.
root@Kali-Attacker:~# nmap –O 192.168.1.50
Identifying Ubuntu Version
- Notice Nmap has a hard time finding the OS information.
Finding OS Information
- To gather more information about the same host, make Nmap take approximate guesses as to what the OS may be by using the command below with an included script. Type the following command and press Enter.
root@Kali-Attacker:~# nmap –O --osscan-guess 192.168.1.50
Gathering Host Information
Challenge # Challenge #
Challenge #
How many closed ports did nmap report? Incorrect. Please try again. Answer Submit Skip- Initiate a scan specifically for port 80 against the DVL system. Type the following command and press Enter.
root@Kali-Attacker:~# nmap –p 80 10.1.1.10
Scanning Against DVL System
- Initiate a scan specifically for port 80 but, this time, for all hosts on both networks (Internal and DMZ). Type the following command and press Enter.
root@Kali-Attacker:~# nmap –p 80 192.168.1.0/24 10.1.1.0/28
Scanning Against Both Networks
- Scan the DVL system while at the same time displaying all packets being sent and received while initiating the scan. Type the following command and press Enter.
root@Kali-Attacker:~# nmap --packet-trace 10.1.1.10
DVL Scan
- Nmap can also be used to show local host data in relation to which interfaces are up and what the route table looks like. Initiate the command below.
root@Kali-Attacker:~# nmap --iflist
Nmap Command
- To detect remote services, both services and daemons, along with their respective version numbers, initiate the Nmap command below.
root@Kali-Attacker:~# nmap –sV 10.1.1.10
Detecting Remote Service
- While on the Terminal screen, switch back to the first tab by clicking on the tab itself.
First Tab
- View the output given from scanning the IP protocols.
Output
Scanning the Network Using Zenmap
- While on the Kali system, type zenmap followed by pressing Enter in the terminal screen.
root@Kali-Attacker:~# zenmap
Zenmap
- A new Zenmap window appears. Initiate a quick ping scan on the 192.168.1.0/24 network: Type 192.168.1.0/24 in the Target field.
Target
- Choose Ping scan from the Profile drop-down menu.
Profile
- Click Scan.
Scan
- Notice the output.
Output
- Initiate a new Zenmap scan for both networks: 192.168.1.0/24 and 10.1.1.0/28. Type 192.168.1.0/24 10.1.1.0/28 in the Target field.
Target
- In the Command field, remove the -sn option and add the -T5 option so that the entire command reads nmap -T5 192.168.1.0/24 10.1.1.0/28.
Command
- Click Scan.
Scan
- Once the scan is completed, click on the Topology tab and view the content.
Content
- Select the second host from the Hosts menu located on the left.
Hosts
- Once the second host is selected, click on the Ports/Hosts tab and view the specific opened ports for that particular host.
Ports/Hosts
- On the menu to the left, click the Services button. Notice that you may also filter by services when analyzing scan results.
Services
- When doing more in-depth network scans, you may compare results from different scans. To do so, select the Tools menu option and click on Compare Results.
Comparing Results
- A Compare Results window appears. Choose the Ping scan from the drop-down menu as the A Scan.
Comparing Results
- Choose the nmap –T5 scan from the drop-down menu as the B Scan.
Comparing Results
- Notice differences between the scans highlighted in red. This tool can be more useful when using different scan options against the same host/network.
Comparing Results
- Click the Close button.
Close the Windows
Challenge # Challenge #
Challenge #
On the host details tab, how many open ports are reported? Incorrect. Please try again. Answer Submit Skip- To close Zenmap, select Scan from the top menu pane and then click on Quit.
Closing Zenmap
- Click Close anyway when prompted about saving the scan results.
Closing Zenmap
Scanning the Network Using OpenVAS
Scanning With OpenVAS
- While on the Kali system, in the terminal window, use the ifconfig command to bring the loopback interface to an up state. Type the command below in the terminal and press Enter.
root@Kali-Attacker:~# ifconfig lo up
Loopback Interface
- Verify that the loopback is now active. Type the following command and press Enter.
root@Kali-Attacker:~# ifconfig
Loopback
Challenge # Challenge #
Challenge #
What is the IP address of the loopback interface? Incorrect. Please try again. Answer Submit Skip- Initiate the openvas_start script to initialize the OpenVAS Network Scanning application. Type the following command and press Enter.
root@Kali-Attacker:~# /home/scripts/openvas_start
OpenVAS
Note: Ignore the OpenVas Manager error status.- Once you receive the user prompt back, open the Iceweasel Web browser by clicking on the icon located on the top menu pane.
Opening a Web Browser
- Within the Web browser, in the address bar, type https://127.0.0.1:9392. Press Enter..
Address
- Expand I Understand the Risks
adding exception
- Click Add Exception...
Address
- Click Confirm Security Exception
Address
- At the login prompt, type admin as the Username.
Username
- Type admin as the Password.
Password
- Click Login.
Login
- Upon login, you will be presented with the homepage for the OpenVAS management dashboard. Underneath Quick start, type the IP address 10.1.1.10 and click the Start Scan button to initialize a default quick scan.
Scan
- Notice the page refreshes and a new name Immediate scan of IP 10.1.1.10 listed along with the Status as Requested.
Scan
- Wait for the page to automatically refresh showing a percentage bar underneath the Status column. If the page does not automatically refresh, click on the Greenbone Security Assistant logo in the upper-left corner.
Scan
Note: The scan will take 3 to 5 minutes to complete. Leave this running in the background and move on to the next step.- While the scan is running, navigate to the SecInfo Management menu option and click on CVEs.
SecInfo Management
Note: Here you will find different Common Vulnerabilities and Exposures (CVE) loaded into the database. When initializing a network scan, the scan compares results to the stored CVEs and determines which of the known vulnerabilities are found. It is important to update CVEs consistently.
Common Vulnerabilities and Exposures
Create New Target
- Navigate to the Configuration menu option and select Targets.
Target
- To add new known network targets such as systems that are being administered, click the New Target icon.
New Target
- Type Ubuntu for the Name.
Name
- For Hosts, make sure to click the radio button next to Manual and type 192.168.1.50 in the text box as the hosts’ identifier.
Hosts
- Select ICMP Ping in the drop-down menu for the Alive Test.
Alive Test
- Click on the Create Target button.
Create Target
- Navigate to Configuration > Targets.
Targets
- Verify that the new Ubuntu target has been successfully added.
Ubuntu Target
Create New User
- Navigate to Administration > Users.
Users
- Add a new user by clicking on the New User icon.
New User
- Once redirected to the New Task page, type Analyst1 as the Login Name.
Login Name
- Type password as Password.
Password
- Verify User is in the drop-down menu as Roles.
Roles
- In the Host Access, click the radio button next to Deny all and allow.
Host Access
- Type 192.168.1.50 into the text box.
Host Access
- Click Create User.
Create User
- Navigate to Administration > Users
Users
- Verify that the new Analyst1 user has been successfully created.
Verifying New User
Create New Schedule
- Navigate to Configuration > Schedules.
Schedules
- Create a new schedule by clicking on the New Schedule icon.
New Schedule
- On the New Schedule page, type Ubuntu Discovery as Name.
Name
- In the First Time, choose any desired time.
First Time
- Set 1 day as the Period.
Period
- Leave the rest to defaults.
Defaults
- Click Create Schedule.
Create Schedule
- Verify that the daily schedule has been successfully made by navigating to Configuration > Schedules.
Daily Schedule
Daily Schedule
Schedule a New Task
- Navigate to Scan Management > Tasks.
Tasks
- Click on the New Task icon.
New Task
- Once redirected to the New Task page, type Ubuntu Discovery as Name.
Name
- Verify Discovery is in the drop-down menu as Scan Config.
Scan Config
- Select Ubuntu in the drop-down menu as Scan Targets.
Scan Targets
- Select Ubuntu Discovery in the drop-down menu as Schedule.
Schedule
- Leave the rest with defaults.
Defaults
- Click Create Task.
Create Task
- Verify that the new daily task has been successfully created by navigating to Scan Management > Tasks.
Verifying Daily Task
Verifying Daily Task
Analyzing the Scan Report
- If your scan is not finished, then periodically refresh the webpage by clicking the icon in the upper left corner.
not finished
- If finished, notice the name Immediate scan of IP 10.1.1.10 should have a status of Done.
finished
- Click on the number 1 underneath the Total Reports column to view the scan report for Immediate scan of IP 10.1.1.10.
Scan Report
- Once redirected to the Reports page, notice the Scan Results column. Click on the date given underneath the Date column to view the detailed scan report.
Scan Report
- On the Scan Reports results page, analyze through the vulnerabilities found for host 10.1.1.10.
Scan Report
Challenge # Challenge #Challenge #
What is the last item in the scan report? Incorrect. Please try again. Answer Submit Skip Note: Clicking on each vulnerability name will display details about the vulnerability found along with associated CVEs, CERTs, and third-party resources explaining the vulnerability. Click the STOP button when finished.
References:
This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.
Development was funded by the Department of Labor (DOL) Trade Adjustment Assistance Community College and Career Training (TAACCCT) Grant No. TC-22525-11-60-A-48; The National Information Security, Geospatial Technologies Consortium (NISGTC) is an entity of Collin College of Texas, Bellevue College of Washington, Bunker Hill Community College of Massachusetts, Del Mar College of Texas, Moraine Valley Community College of Illinois, Rio Salado College of Arizona, and Salt Lake Community College of Utah.
This workforce solution was funded by a grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties or assurances of any kind, express or implied, with respect to such information, including any information on linked sites, and including, but not limited to accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership.
Help Desk
The Infosec Help Desk is available to help with technical issues. If you have a technical issue, just click the help desk button below and we will investigate.
Create Help Desk Ticket First Name * Last Name Email * Lab Lab Section * Step Number * Describe Issue * Screenshot Upload Submit BackSecPlus - V3
Your session has ended.