Vulnerability Scanning of a Linux Target

profileDcook-tulane.edu
vulnerability-scanning-linux-target.html
Skip to main content

Vulnerability Scanning of a Linux Target

Download Instructions

Before You Begin

IF YOU HAVE ANY ISSUE ACCESSING OR DOING THE LAB, REFER TO BELOW TROUBLESHOOTING TECHNIQUES.
Chrome is the supported browser and should be used.  There is a known issue with Firefox that will cause double typing.

LINK YOUR ACCOUNT TO YOUR INSTRUCTOR

  1. Navigate to the Home Screen, where you will see all of your labs.

image001_3.jpg

  1. Click on the “Link Course to Instructor” button.

image002_1.jpg

  1. From the “Course” drop down menu, select the set of labs you want to link to an instructor.  Type your instructor’s email in the box, and click “Link to Instructor”.

image003_0.jpg

  1. Repeat this step if you are linking multiple sets of labs.
  2. If you would like to change the instructor linked to a set of labs, simply click the “Remove” button and repeat Step #2.

image004_1.jpg

How to use our labs

 

Browsers

Infosec learning supports Google Chrome. There are many complex functions that occur behind the scenes in our virtual environment and we want to make sure you have the best possible experience. Using Google Chrome as the browser will ensure this. Below is a link to download it.

Google Chrome Download

Starting the Environment

Every lab is different and you should familiarize yourself with it first. By clicking the "Start" button we begin creating your virtual environment. While this is happening you can begin looking through any of the information in this pane.  

Once your environment is started, the actual virtual machines (VM) might need another few minutes to finish starting up. You can think about starting our environment just like starting any computer in person, it takes a few minutes to fully power on.
Everything is HTML 5

Our entire environment is built in HTML 5 and doesn't require any plugins, Phewww!!! You will notice the left hand side of the screen has an information panel that can be moved in and out to make the content larger or smaller. In fact, it can actually be closed to make the virtual topology on the right as large as possible.

Clicking on a VM in the Topology

When asked to access a specific VM in the network topology on the right hand side of the screen, click on the needed VM and a window will pop up with that computer's desktop. Again, make sure you give the VMs time to fully start up.

How our Design Helps You

In each of our lab manuals there are a few things that you should keep in mind which will help you navigate through the labs.

  1. Every action such as click, right-click, drag, open, etc., are in bold type.
  2. Any time you have to type something (such as a command) we have highlighted the code in this font.

Common Problems

  1. I can't see my mouse.

Are you using Google Chrome? If not, there are known issues with Firefox where the mouse continues to disappear. Once Firefox fixes this issue, we will all be much happier! In the mean time you should download Google Chrome. We have also found that moving your mouse around quickly, many times brings the mouse back.

  1. The lab is broken because I can't get it to work.

Although the lab environments are computers, we are human and sometimes mistakes happen. With that said, 9 out of 10 times we find something is being typed wrong or a step was missed by the user. Make sure you are typing exactly what you are supposed to type. Even the slightest error will cause a command not to work.

  1. Is there a Help Desk?

Yes! Our help desk is here to provide you with technical support to make sure you can access your labs. What they can't do is take anything away from your instructor by answering questions about the content. With one click you can create a ticket with the help desk. The Help Desk section is located at the end of every lab. It is always helpful to include a screenshot with any issue.

  1. I am completely stuck and I can't find what I did wrong.​

At the end of each lab there is a Help Desk Section, where you can submit a ticket.  Once a ticket is submitted, we will perform the lab from front to back to assure it is working as it should, and report back to you.  If the lab is not working, we will escalate the ticket to the engineering team to fix any problems.  The labs can be tricky at times and each time you start a lab, the steps must be performed front to back for all sections.

  1. My Windows VM is saying there are updates.

Microsoft will periodically push updates and you might see a message regarding these updates. It's okay to disregard the message by closing the update window and completing the lab.

Introduction

Overview: 

In this lab, you will be conducting vulnerability scans using various network scanning tools. You will be performing the following tasks:

  1. Scanning the network for vulnerable systems
  2. Scanning the network using OpenVAS

Scanning the Network for Vulnerable Systems

Scanning the Network Using Nmap
  1. Click on the Kali icon on the topology diagram.

image003.jpg

Kali

  1. On the login screen, select Other.

image005.jpg

Kali

  1. When presented with the username, type root. Press Enter.

image007.jpg

Kali

  1. When prompted for the password, type toor. Press Enter.
Note: The password of toor will not be displayed when you type it for security purposes.

image009.jpg

Kali

  1. While on the Kali system, open a new terminal window.

image011.jpg

Opening a Terminal

  1. View the available options that can be used with Nmap by typing nmap into the terminal followed by pressing Enter.

root@Kali-Attacker:~# nmap

image013.jpg

Available Options

Challenge # Challenge #

Challenge #

In the nmap help under HOST DISCOVERY, what is the option for doing a list scan? Incorrect. Please try again. Answer Submit Skip
  1. Initiate a quick ping scan to identify live hosts with a network ID of 10.1.1.*. Type the following command and press Enter.

root@Kali-Attacker:~# nmap –sP 10.1.1.*

image015.jpg

Quick Scan

You should see two host results: 10.1.1.1 as the DMZ gateway and 10.1.1.10 as the DVL Server.

  1. Initiate a ping scan while spoofing the source MAC address at the same time. Type the following command and press Enter.

root@Kali-Attacker:~# nmap –v –sP –spoof-mac 0 10.1.1.*

Note: this task will take some time to complete

image017.jpg

Ping Scan

  1. When scanning for active systems on a network, Nmap also gives the ability to scan for which IP protocols are supported by the host involved in the scanning process. Type the command below followed by pressing Enter.

root@Kali-Attacker:~# nmap –sO 10.1.1.10

image019.jpg

Scanning of IP Protocols

Note: Let this scan run for about 6 to 7 minutes. Proceed to the next step while the scan runs in the background.
  1. On the terminal window, select File from the top menu pane and click on Open Tab.

image021.jpg

Open Tab

  1. While engaged in the new tab, initiate a Transmission Control Protocol (TCP) scan against the Security Onion system. Type the following command below and press Enter.

root@Kali-Attacker:~# nmap –sT 192.168.1.6

image023.jpg

TCP Scan

  1. Notice the well-known TCP ports that are open.

image025.jpg

TCP Scan

  1. Initiate an operating system scan against the DVL system to help identify what version of Linux it is running on. Type the following command and press Enter.

root@Kali-Attacker:~# nmap –O 10.1.1.10

image027.jpg

Identifying Linux Version

 

  1. Initiate the same scan from the previous step against the Ubuntu system. Type the following command and press Enter.

root@Kali-Attacker:~# nmap –O 192.168.1.50

image029.jpg

Identifying Ubuntu Version

  1. Notice Nmap has a hard time finding the OS information.

image031.jpg

Finding OS Information

  1. To gather more information about the same host, make Nmap take approximate guesses as to what the OS may be by using the command below with an included script. Type the following command and press Enter.

root@Kali-Attacker:~# nmap –O --osscan-guess 192.168.1.50

image033.jpg

Gathering Host Information

Challenge # Challenge #

Challenge #

How many closed ports did nmap report? Incorrect. Please try again. Answer Submit Skip
  1. Initiate a scan specifically for port 80 against the DVL system. Type the following command and press Enter.

root@Kali-Attacker:~# nmap –p 80 10.1.1.10

image035.jpg

Scanning Against DVL System

  1. Initiate a scan specifically for port 80 but, this time, for all hosts on both networks (Internal and DMZ). Type the following command and press Enter.

root@Kali-Attacker:~# nmap –p 80 192.168.1.0/24 10.1.1.0/28

image037.jpg

Scanning Against Both Networks

  1. Scan the DVL system while at the same time displaying all packets being sent and received while initiating the scan. Type the following command and press Enter.

root@Kali-Attacker:~# nmap --packet-trace 10.1.1.10

image039.jpg

DVL Scan

  1. Nmap can also be used to show local host data in relation to which interfaces are up and what the route table looks like. Initiate the command below.

root@Kali-Attacker:~# nmap --iflist

image041.jpg

Nmap Command

  1. To detect remote services, both services and daemons, along with their respective version numbers, initiate the Nmap command below.

root@Kali-Attacker:~# nmap –sV 10.1.1.10

image043.jpg

Detecting Remote Service

  1. While on the Terminal screen, switch back to the first tab by clicking on the tab itself.

image045.jpg

First Tab

  1. View the output given from scanning the IP protocols.

A14.JPG

Output

Scanning the Network Using Zenmap
  1. While on the Kali system, type zenmap followed by pressing Enter in the terminal screen.

root@Kali-Attacker:~# zenmap

A15.JPG

Zenmap

  1. A new Zenmap window appears. Initiate a quick ping scan on the 192.168.1.0/24 network: Type 192.168.1.0/24 in the Target field.

image051.jpg

Target

  1. Choose Ping scan from the Profile drop-down menu.

image053.jpg

Profile

  1. Click Scan.

image055.jpg

Scan

  1. Notice the output.

image057.jpg

Output

  1. Initiate a new Zenmap scan for both networks: 192.168.1.0/24 and 10.1.1.0/28. Type 192.168.1.0/24 10.1.1.0/28 in the Target field.

image059.jpg

Target

  1. In the Command field, remove the -sn option and add the -T5 option so that the entire command reads nmap -T5 192.168.1.0/24 10.1.1.0/28.

image061.jpg

Command

  1. Click Scan.

image063.jpg

Scan

  1. Once the scan is completed, click on the Topology tab and view the content.

image065.jpg

Content

  1. Select the second host from the Hosts menu located on the left.

image066.jpg

Hosts

  1. Once the second host is selected, click on the Ports/Hosts tab and view the specific opened ports for that particular host.

image068.jpg

Ports/Hosts

  1. On the menu to the left, click the Services button. Notice that you may also filter by services when analyzing scan results.

image069.jpg

Services

  1. When doing more in-depth network scans, you may compare results from different scans. To do so, select the Tools menu option and click on Compare Results.

image071.jpg

Comparing Results

  1. A Compare Results window appears. Choose the Ping scan from the drop-down menu as the A Scan.

image073.jpg

Comparing Results

  1. Choose the nmap –T5 scan from the drop-down menu as the B Scan.

image075.jpg

Comparing Results

  1. Notice differences between the scans highlighted in red. This tool can be more useful when using different scan options against the same host/network.

image077.jpg

Comparing Results

  1. Click the Close button.

image079.jpg

Close the Windows

Challenge # Challenge #

Challenge #

On the host details tab, how many open ports are reported? Incorrect. Please try again. Answer Submit Skip
  1. To close Zenmap, select Scan from the top menu pane and then click on Quit.

image081.jpg

Closing Zenmap

  1. Click Close anyway when prompted about saving the scan results.

image083.jpg

Closing Zenmap

Scanning the Network Using OpenVAS

Scanning With OpenVAS
  1. While on the Kali system, in the terminal window, use the ifconfig command to bring the loopback interface to an up state. Type the command below in the terminal and press Enter.

root@Kali-Attacker:~# ifconfig lo up

A16.JPG

Loopback Interface

  1. Verify that the loopback is now active. Type the following command and press Enter.

root@Kali-Attacker:~# ifconfig

image087.jpg

Loopback

Challenge # Challenge #

Challenge #

What is the IP address of the loopback interface? Incorrect. Please try again. Answer Submit Skip
  1. Initiate the openvas_start script to initialize the OpenVAS Network Scanning application. Type the following command and press Enter.

root@Kali-Attacker:~# /home/scripts/openvas_start

image089.jpg

OpenVAS

Note: Ignore the OpenVas Manager error status.
  1. Once you receive the user prompt back, open the Iceweasel Web browser by clicking on the icon located on the top menu pane.

image091.jpg

Opening a Web Browser

  1. Within the Web browser, in the address bar, type https://127.0.0.1:9392. Press Enter..

image093.jpg

Address

  1. Expand I Understand the Risks

A17.JPG

adding exception

  1. Click Add Exception...

image095.jpg

Address

  1. Click Confirm Security Exception

image097.jpg

Address

  1. At the login prompt, type admin as the Username.

image099.jpg

Username

  1. Type admin as the Password.
Note: The password of admin will not be displayed when you type it for security purposes.

image101.jpg

Password

  1. Click Login.

image103.jpg

Login

  1. Upon login, you will be presented with the homepage for the OpenVAS management dashboard. Underneath Quick start, type the IP address 10.1.1.10 and click the Start Scan button to initialize a default quick scan.

image105.jpg

Scan

  1. Notice the page refreshes and a new name Immediate scan of IP 10.1.1.10 listed along with the Status as Requested.

image107.jpg

Scan

  1. Wait for the page to automatically refresh showing a percentage bar underneath the Status column. If the page does not automatically refresh, click on the Greenbone Security Assistant logo in the upper-left corner.

image109.jpg

Scan

Note: The scan will take 3 to 5 minutes to complete. Leave this running in the background and move on to the next step.
  1. While the scan is running, navigate to the SecInfo Management menu option and click on CVEs.

image111.jpg

SecInfo Management

Note: Here you will find different Common Vulnerabilities and Exposures (CVE) loaded into the database. When initializing a network scan, the scan compares results to the stored CVEs and determines which of the known vulnerabilities are found. It is important to update CVEs consistently.

image113.jpg

Common Vulnerabilities and Exposures

Create New Target
  1. Navigate to the Configuration menu option and select Targets.

image115.jpg

Target

  1. To add new known network targets such as systems that are being administered, click the New Target icon.

image117.jpg

New Target

  1. Type Ubuntu for the Name.

image119.jpg

Name

  1. For Hosts, make sure to click the radio button next to Manual and type 192.168.1.50 in the text box as the hosts’ identifier.

image121.jpg

Hosts

  1. Select ICMP Ping in the drop-down menu for the Alive Test.

image123.jpg

Alive Test

  1. Click on the Create Target button.

image125.jpg

Create Target

  1. Navigate to Configuration > Targets.

image127.jpg

Targets

  1. Verify that the new Ubuntu target has been successfully added.

image129.jpg

Ubuntu Target

Create New User
  1. Navigate to Administration > Users.

image131.jpg

Users

  1. Add a new user by clicking on the New User icon.

image133.jpg

New User

  1. Once redirected to the New Task page, type Analyst1 as the Login Name.

image135.jpg

Login Name

  1. Type password as Password.
Note: The password of password will not be displayed when you type it for security purposes.

image137.jpg

Password

  1. Verify User is in the drop-down menu as Roles.

image139.jpg

Roles

  1. In the Host Access, click the radio button next to Deny all and allow.

image141.jpg

Host Access

  1. Type 192.168.1.50 into the text box.

image143.jpg

Host Access

  1. Click Create User.

image145.jpg

Create User

  1. Navigate to Administration > Users

image147.jpg

Users

  1. Verify that the new Analyst1 user has been successfully created.

image149.jpg

Verifying New User

Create New Schedule
  1. Navigate to Configuration > Schedules.

image151.jpg

Schedules

  1. Create a new schedule by clicking on the New Schedule icon.

image153.jpg

New Schedule

  1. On the New Schedule page, type Ubuntu Discovery as Name.

image155.jpg

Name

  1. In the First Time, choose any desired time.

image157.jpg

First Time

  1. Set 1 day as the Period.

image159.jpg

Period

  1. Leave the rest to defaults.

image161.jpg

Defaults

  1. Click Create Schedule.

image163.jpg

Create Schedule

  1. Verify that the daily schedule has been successfully made by navigating to Configuration > Schedules.

image165.jpg

Daily Schedule

image167.jpg

Daily Schedule

Schedule a New Task
  1. Navigate to Scan Management > Tasks.

image169.jpg

Tasks

  1. Click on the New Task icon.

image171.jpg

New Task

  1. Once redirected to the New Task page, type Ubuntu Discovery as Name.

image173.jpg

Name

  1. Verify Discovery is in the drop-down menu as Scan Config.

image175.jpg

Scan Config

  1. Select Ubuntu in the drop-down menu as Scan Targets.

image176.jpg

Scan Targets

  1. Select Ubuntu Discovery in the drop-down menu as Schedule.

image178.jpg

Schedule

  1. Leave the rest with defaults.

image180.jpg

Defaults

  1. Click Create Task.

image182.jpg

Create Task

  1. Verify that the new daily task has been successfully created by navigating to Scan Management > Tasks.

image184.jpg

Verifying Daily Task

image186.jpg

Verifying Daily Task

Analyzing the Scan Report
  1. If your scan is not finished, then periodically refresh the webpage by clicking the icon in the upper left corner.
Note: this may take a few more minutes.

image190.jpg

not finished

  1. If finished, notice the name Immediate scan of IP 10.1.1.10 should have a status of Done.

image188.jpg

finished

  1. Click on the number 1 underneath the Total Reports column to view the scan report for Immediate scan of IP 10.1.1.10.

image192.jpg

Scan Report

  1. Once redirected to the Reports page, notice the Scan Results column. Click on the date given underneath the Date column to view the detailed scan report.

image194.jpg

Scan Report

  1. On the Scan Reports results page, analyze through the vulnerabilities found for host 10.1.1.10.

image196.jpg

Scan Report

Challenge # Challenge #

Challenge #

What is the last item in the scan report? Incorrect. Please try again. Answer Submit Skip Note: Clicking on each vulnerability name will display details about the vulnerability found along with associated CVEs, CERTs, and third-party resources explaining the vulnerability. Click the STOP button when finished.

A18.JPG

References: 

This work by the National Information Security and Geospatial Technologies Consortium (NISGTC), and except where otherwise noted, is licensed under the Creative Commons Attribution 3.0 Unported License.

Development was funded by the Department of Labor (DOL) Trade Adjustment Assistance Community College and Career Training (TAACCCT) Grant No. TC-22525-11-60-A-48; The National Information Security, Geospatial Technologies Consortium (NISGTC) is an entity of Collin College of Texas, Bellevue College of Washington, Bunker Hill Community College of Massachusetts, Del Mar College of Texas, Moraine Valley Community College of Illinois, Rio Salado College of Arizona, and Salt Lake Community College of Utah.

This workforce solution was funded by a grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties or assurances of any kind, express or implied, with respect to such information, including any information on linked sites, and including, but not limited to accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership.

Help Desk

The Infosec Help Desk is available to help with technical issues.  If you have a technical issue, just click the help desk button below and we will investigate.

Create Help Desk Ticket First Name * Last Name Email * Lab Lab Section * Step Number * Describe Issue * Screenshot Upload Submit Back Next View Lab Instructions Start We are doing a ton of things behind the scenes setting up your environment, this might take up to 5 minutes. Your session is about to expire. Extend × Time remaining: Stop +15 minutes Are you sure you want to stop?

SecPlus - V3

Your session has ended.

Please wait...

Your session is currently being stopped.

Please wait...

Your challenge lab will begin shortly. It appears you already have a lab running. Would you like to stop all existing labs and start this lab?