Assisted Lab Analyzing the Results of a Credentialed Vulnerability Scan

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] all right welcome back everybody welcome back to our cert blaster labs for security plus 601 our last lab we were using network analyzers to assess the difference between encrypted versus unencrypted traffic to this section here we're going to be setting up a vulnerability scheme we're going to set it up use it and become familiar with the different types of scans that you can take or can create now before we get started please make sure you're subscribed to our youtube channel for more videos and more lab walkthroughs all right so the vulnerability scanner that we're going to play around with today is called open box and we can see the name of here openvos is a pretty cool vulnerability scanner it's similar to the others such as nessus they just have different buttons or different navigations okay so first things first we're going to log into our cali machine we all know our username and password if you don't remember the password remember let me get a little assistance here and once your desktop loads up i want you to open up your terminal remember this shortcut at the top and we're going to type in open box start just like this then we're going to hit enter okay we're going to wait a while what's going to happen open boss is going to start up that service on port 93 92 using our local host all right 127.0.0.1 is an ip that is reserved for our local machine all right there's a joke out there there's no place like 120127.0.0.1 in other words there's no place like home all right so that's going to do its thing give it a few seconds to launch maybe a minute or two but when it does successfully launch firefox this browser here is going to open up a screen for us to actually start using open box so i'm going to select this i'm gonna select this and then we're gonna just give this a few moments or a moment or two to do its thing there we go now the web ui or the web user interface user interface is going to launch now and this is the web user interface here for open box so we're going to log in with the username of admin and the same password we've been using this entire time it's going to allow us to get into this machine once again if you don't remember it it is here on step five i'm going to go ahead and select the next section so here before we go to the next section let's become familiar with what we're looking at we're looking at open boz and just like any other vulnerability scanner typically the first screen that you're going to see is your dashboard we don't have much on our dashboard because we haven't run or successfully done any vulnerability scans as of yet when we actually do run a vulnerability scan and we get some data we will probably get some information here so right now that's blank but you can change these right you can always customize your dashboards maybe you want to see a certain vulnerability or maybe you only want to see certain assets maybe the top 10 vulnerabilities or your top 10 vulnerable systems you can configure these dashboards to show that you can go here to see the rest of your dashboards scans are going to show you all the scans that you have configured whether their credential scans which we're going to set up or non-credential scans your systems or assets that open boss has detected we got security info configuration extras administration to help some pretty simple straightforward tabs you can go through what we're going to do is go ahead and set up our scan so let's go over here to configuration and feel free to hover over these right assets and look at your host your operating systems write some information such as cves which are a list of exploits cpe such as your operating systems we're going to go here under configuration and let's configure some credentials in order to do a credential scan we need to set up credentials and what is a credential scan this is typically when we're using a pair of credentials such as a username and password to scan a system or resource or asset the difference between a credential and a non-credit scan is that the credit scan gives us a lot more information why because it's actually logging into the machine before it does the scan the non-credit scan is not logging into the machine because it has no credentials so it won't be able to see that many weaknesses or vulnerabilities then a credential scan could see all right so now that we're here let's mark our progress scroll down a little bit let's hover over this blue star on our left hand side and select new credentials or just select the blue star you're pretty much going to fill in what they have listed out here so our username is going to be or the name will be 515 support okay it's gonna be username and password and our user is going to be 5.5 support forward slash administrator our password is going to be password all right and that the this forward slash typically what you have before that forward slash is your domain name okay that's the domain we are connecting to all right we're using the administrator account that is assigned to that domain looks like our linux machine timed out for a second here and we'll give it a few for it to come back when it does we are going to enter the username password and then assign this credentials to a scan okay here we go so our username is going to be don't forget the domain you have to tell openbox what domain this credential belongs to hopefully that's about that right administrator and password let's create these credentials now the question here what is the difference between a cred and non-credit scan non-credential scans provide less details than credit scans true non-credit scans use roots or administrator privileges false non-credit scans are performed only by unauthorized hackers false this is also performed by administrators and analysts such as you and me right because we want to understand what hackers can see people with no credentials can see credit scans provide less detail than non-credential scans false credit scans are performed only by authorized pen testers false credit scans use root or administrative privileges cred scans can be performed by anybody other than a pen tester okay let's go ahead and go to the next section all right let's go back to configuration this time we're going to set up the targets what are we scanning we got the the credentials set up now let's select target so we can assign some systems to scan once again we're going to hit this blue button here call this 515 support the host okay we're going to select host we're going to give it a range it's not that big of a range but 10.1.0 whoops ten dot one and one dot zero dot one dash ten.1.0.2 okay [Music] and we're going to come down here to smb all right and select the credentials we just set up so what what what's going on here we have our the name of the scan [Music] we have the targets that we want to scan and we just selected the credentials we want to use we're going to use them via the smb protocol okay smb is a pretty common well-known protocol that we use to share files on our local network we could do the scan through snmp or ssh credentials if we wanted to exclude some host from the scan maybe your organization or your manager said hey don't scan xyz device because it's sensitive and you could potentially [Music] do a denial of service attack so let's go ahead and create this [Music] all right now that we have that done i'm just gonna jump to the number four hit okay we have our target i hit the next over here so let's configure a scan schedule all right let's go down let's go to configurations and then we're going to select schedule or schedules we're going to hit this blue button here at the left [Music] to create a new scan schedule going to call it 515 support daily first time will be set to the current time [Music] and the period will be one day the duration will be one hour [Music] i'll leave this as it is it might be in the future but we'll see all right so we just set it set up a schedule all right let's select these so typically when you set these schedules in a normal environment you want to set this to run during off hours meaning you want it to run or you want it scheduled to run when there aren't that many people using the resources or your targets because vulnerability scans can be disruptive alright a vulnerability scan is literally going to probe your computer for vulnerabilities all right it's going to check to see if it's vulnerable the only way you can check is by assessing it so that assessment could potentially knock your your system offline so let's go here and let's configure a task so let's go to scans let's go to task i'm going to close this out hover over to this star right here select new tasks we're going to enter the information they have on the left okay daily scan targets 505 support scan schedule well i misspelled that scan config will be full and fast it's already set so this task is putting everything we just created together all right this task is pulling everything we just created together we are selecting the schedule we just created the type of scan we want to run a full and fast scan and our targets which is right here and we just created all this the task or also known as a job when we started it it will go to work so let's select all of this [Music] okay and i'm going to select create [Music] [Music] right so we have a task that has been created now let's select our task okay this is our task here and we want to start it so i'm going to hover over this green icon i'll circle it for you we're going to click that to start it while that is starting let's go over to the next section okay now let's go take a look at the report all right so let us select this drop down box here that says no auto refresh and switch this to refresh every 30 seconds okay this is going to refresh our screen every 30 seconds but our scan needs time to run so let's head over to our dashboard and go over a few things so i'm going to hit dashboards this tab here and see we can see that our task is running let's go to scans and then reports this is what upper management cares about directors and people who are trying to remediate the vulnerabilities you find they want reports the reports show them what what's vulnerable what the vulnerabilities are the solutions to the vulnerability all right and we use that to track remediation efforts too and if we tell you that system one needs to be remediated because of a vulnerability 30 days from now we can follow up run another scan to see if that system or the vulnerability has been removed from our report okay so we're on the reports now under the date column here it says select the task with today's date to view the results you see ours isn't done yet but we can go ahead and click it we may have something right so it's empty we're gonna give it some time to finish let's go back to the dashboard let's go back to scans and then reports that's still running i want to check something okay yeah let's give this a minute to run i'm gonna go back to reports i'm gonna wait here i'm gonna wait here for a few let's make sure we mark our progress this is probably going to take some time so while it's running let's go ahead and let's click this report and then let us let's do step six okay once the report is done once the vulnerability scan is done you'll see a list of cves aka vulnerabilities and they'll show us what we're vulnerable to but let's go ahead and see what host see if we can view this up wrong button we're gonna there's a small triangle button right here let's go ahead and hover over this and select report host all right this is going to show us the hosts that have been discovered see there are 14 vulnerabilities there too oh okay we're getting data now see we have one medium vulnerability okay we have one medium vulnerability the scan isn't finished but let's see if it shows us let's hover over this triangle again and go to vulnerabilities let's go let's refresh the page let's refresh this okay now we can see a list of vulnerabilities here we have some microsoft vulnerabilities some oracle vulnerabilities open as a cell vulnerabilities let's look at this one severity is pretty high if we drill down into it it gives us a summary of what's wrong the operating systems that are affected the score a little bit more details here most importantly we get the solution all right we get a solution how do you fix it so let's go back to reports i'm going to go to scans reports you know step seven what we are going to do before we do that we need to go back to our report you see it's at 17 we're getting more vulnerabilities let's click this [Music] i'm going to refresh this page if you see this error message just refresh and once the page is refreshed let's go over up here where it says anonymous xml hit this drop down and let's switch it to a html format and let's download this with this green button [Music] and it's going to download this report in an html format uh did i open it or save it here let's see i'm going gonna click this download option open up this file i think it's still downloading so you want to make sure you don't you save it in your downloads section or your downloads folder i'm going to drag it over there i'm going to drag it over to root first go to root and then drag it over to downloads okay let's go to downloads i want to open this file this is going to take a lot of load while it's loading i'm going to go ahead and select this button uh we're supposed to score something oh yeah let's score i think that's why we wanted to make sure that the file was in our download section the script is going to run to see if it's there so make sure you drag it over to your downloads folder okay and the report is just going to be a nice pretty synopsis of what we're looking at now something we could send to other people and i think this might be it here yep this is it here if you click into this it shows you the report well no that's not it it's just how to download the file but the report is going to be a nice representation of what we're looking at here other than that let's go on to the next section and answer these questions question number one which of the following answers best describes the process during this activity created and scheduled a credential vulnerability scan task and save the results use windows defender no we didn't use a network mapper and protocol analyzer no we didn't register discovered vulnerabilities no we did not number two which of the following answers best describes a cbe microsoft's online repository of known vulnerabilities a reference for publicly known vulnerabilities a specific ransomware attack an open source scanning utility okay so let me give you all a chance to try to guess this i'm not going to give you the answer all right so if you figured it out it is not microsoft's online repository let's make sure we mark our progress grade your lab that's it y'all we have successfully used a vulnerability scanner now there are nessus is a little bit easier to use than openvos okay but we were successfully able to set up a credential scan right assess or analyze the our report to see what vulnerabilities are present as you can see the scan is still running you can see where vulnerabilities are present understand the solutions understand the reporting format and please please please go over this again and make sure you become very familiar with how vulnerability scans are conducted and the difference between authenticated scans such as credential schemes unauthenticated scans such as non-credential scans if you like this video please give us a thumbs up and i will see you on the next section thank you

Info

Channel: O-Line Security

Views: 488

Rating: 5 out of 5

Keywords:

Id: dRpeiJ6UE7w

Channel Id: undefined

Length: 26min 38sec (1598 seconds)

Published: Sun Jan 24 2021