Ethical Hacking Lab - NETLAB+ 05 Vulnerability Scanning with OpenVAS

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello and welcome uh this is barrett from the c4 cyber club here at cypress college in this video today we're going to cover the ethical hacking version 2 lab series this is vulnerability scanning with openvos so what is openvos it stands for the open vulnerability assessment system this is a open source framework of several services and tools offering vulnerability scanning and management it's developed by green bone networks and uses the nessus attack scripting language or nasl for its for its plugins and actually if you look into the history of openvos you'll find that it actually originally began as a fork of nessus which is another widely popular vulnerability scanner we'll also come across nvts or network vulnerability tests so these are daily this is a daily updated feed and it currently holds over 50 000 different nvts so let's go ahead and jump right into the lab i'm already logged into the cali machine here a reminder if you're following along at home you could find the login information for that under the lab settings page so first thing we need to do is start up the openvos services and we could do that we can come to the uh the menu bar up here go to vulnerability analysis and openvos start and essentially this is just launching a command line running a specific command and you can see that this is launching a web ui and that is the green bone security assistant so this is what we're going to be working in it's a web interface and we'll use our own local loopback at the port 9392 so give it a minute or two and it will launch automatically okay great so now that has launched and as you can see in the lab we have our username and password here um obviously not recommended for real world use but it's admin and then password so when we log in we find ourselves at the dashboard we don't have any tasks currently going so that makes sense these are zeroed out but if we look down here at the bottom we have a couple things worth noting so here's the nvts that we were talking about at the beginning or those network vulnerability tests and it's broken up by severity class so we have 59 000 nvts and this is something that gets updated right we currently have over 25 000 nearly 26 000 high vulnerabilities 27 000 in the medium range and a bit lower uh 2600 in the low range and then there's roughly 4 000 that are just related to log analysis and also on the left hand side here this is kind of interesting it's cves by creation time so what is a cve well this is short for common vulnerability and exposures this is these are lists of publicly disclosed security flaws or vulnerabilities so when somebody refers to this a cve they mean a security flaw that's been assigned a specific cve id number and these are broken down by years so um you can see here there's a huge jump in cves in the year 2017. and then still in 2018 2019 and you could imagine in 2020 there's also been quite a lot and even as of this recording in 2021 in february i want to say there's at least been maybe 30 some thousand cves already reported possibly more um so cves are overseen by the mitre corporation it's funded by sisa or the cyber security and infrastructure security agency part of our dhs and there are some other databases where you could find cves nists vulnerability database would be one and also exploit db.com is another very popular source so with that said let's go ahead and hop in the lab let's explore openvos a little bit more so the next part has this go to extras menu here and check out the cvss calculator so cvss this stands for common vulnerability scoring system and this becomes very important if you are pursuing a cisa plus certification exam pass it's definitely covered in good detail there and just in general it's very important to know this information and be comfortable with the various metrics in the security field so if i hit calculate here on just what's set by default you'll notice that the vector populates down here and we have a base score of zero right so it's uh basically no no criticality there's there's no issues whatsoever but if we start to change some of these things like access vector let's say okay this can be this vulnerability exists through the network so it's it's possible for network access access complexity let's change this to medium meaning that okay this vulnerability is not super easy to do but with a little bit of effort and maybe some googling a person could potentially figure out how to exploit this vulnerability authentication maybe it doesn't require any authentication at all which is definitely a big concern and now you notice that it has the confidentiality integrity and availab availability that's part of the cia triad that we often talk about in security so let's say these are all set to partial so there are some risks in all three areas and you notice that the base score gets automatically updated down here we are now at a medium level uh vulnerability so from four to six that's going to be your your medium vulnerability score and you notice that the base vector also changed so that av here relates to the axis vector n is for network if i change this to adjacent for example you would notice that it changes here um access complexity medium so we have the m there let's change this to low maybe um it becomes extremely easy you know for for like a script kitty to to um exploit and then you notice the base score jumps and now we're in a high uh criticality right because it's uh the the access complexity is very easy authentication n for none and the cia triad confidentiality integrity and availability are all set to partial here so you can see how this vector gets set up this is very common you'll find this on most vulnerability scan results so if you are in a position where you need to analyze that understanding the metrics and how they relate to the base vector is very important and this calculator is a great resource so if you're ever in a position where you need to get some more hands-on experience you know fire up openvos and check out the calculator all right so let's move on um and i probably should have got started with this sooner just because the scan takes a minute um much more than a minute probably 10 to 20 minutes but let's get a scan going so if we go to scans and tasks you'll notice we have this pop up here it's going to tell us to click on the scan wizard so we'll click on that purple icon task wizard and let's go ahead and scan we're going to be scanning the owasp bwa machine so this is uh at 192 168 68.12 and of course you could find that in the lab as well so this is just a very quick easy scan to do default settings and we'll start to scan here so you notice a scan has been requested now the way that this um web ui works is that it's going to refresh every 30 seconds i could force refresh as well and then you're going to notice that this the status changes so every 30 seconds this will refresh you could potentially change that and then you'll notice the status will continue to go up now as that continues to scan we'll go ahead and go through other menu options here so that yeah so that we don't just sit here and wait for the scan something i do want to note because because this did happen to me once if you notice an error an authentication error at all during this lab you can either click click where it says assume same state or just refresh and you should be good to go so just wanted to make a note of that because that did happen to me recently okay so i'm going to skip past this part we'll come back to that when the scan is done and let's take a look at scan configs so right now we just did a default scan but if we come to uh configuration scan configs you'll notice that there's different types of configurations already set up i think the one that is we're doing by default is this full and fast and you notice a lot of these are kind of set up the same but you notice here in these columns that you have the families column you have the nvts so these scans are actually set up to scan all of the nvts and within all families so if i click on this one here full and very deep ultimate you notice that it is scanning for all of these items so this is something that you may want to set up your own custom configuration you know obviously you wouldn't want to look for centos local security checks if you're scanning a windows machine for example so some some pretty obvious uh scenarios where you would want to disable or only enable certain types of scans because that will drastically cut down your scan time you don't want to be scanning for something unnecessary but it's definitely good to take a look through this get familiar with all the different testing families what openvos looks for right and now we could also set up very specific targets and in this case what we're going to do we're going to set up a target specifically for this owasp bwa machine and this this lab doesn't necessarily go over it but if you look under administration you could also set up users groups roles so if you are maybe giving permission to um a specific person on your security team and they are in charge of maybe they're in charge of scanning this machine so you'll give them permission to scan only that machine so that's where setting up targets setting up a user role that has access to that target can come and come into play but in this case let's go ahead and we'll go to configuration we'll create a new target and actually sorry we're already in that section in most areas to create something new whether it's a new target a new rule something like that it's going to be this this blue star icon so we'll click on that and it's going a little weird let me try that again there we go okay so let's give it the name o wasp we have to set the ip address here so 192 168 68.12 and we're going to leave most of this stuff except for a live test let's change this to consider alive this is basically saying we know that this machine is is up we don't have to do any kind of host discovery we don't have to ping it or anything like that so we know that it's that it's there so we'll consider it alive and we'll go ahead and create that so now you notice we have a designated um target for that owasp machine and so now that we've created that target we can actually create a new scan a new task and actually specific specifically select that target so let's go to scans tasks and we can see the the scan that we had started previously so on my end here it's actually almost complete but let's go ahead and select the blue star we're going to select new task and we'll give it a name o whoops i could type oh wasp dash scan and you can see scan targets it already has this one selected but you know in a real world you would probably have a lot of different scan targets so in this case we want to select the owasp we're not doing this in this lab but alerts is a really cool feature to be familiar with and know that it's available so if i click on this blue star for example we can create a very specific alert and let's say you know what if it's a medium level vulnerability or higher so we'll add a severity of at least four i want to know about it and you could you could have that automatically send you an email alert for that so or you may want to go a little bit higher and say if it's a high level severity with with seven then definitely send me that email alert i'm gonna go ahead and exit out of the alert area here so we're back to here um i don't think there's anything else we want to change except for the scan config so here you notice that you could set the various different scan configurations here so let's go ahead and select full and very deep ultimate and we'll go ahead and create that so you notice that a new scan has been added here um our other scan completed so that's great perfect timing now we could have also set a schedule for this scan as well but since we didn't we would have to actually press play on here you're welcome to do this i'm not going to press play at this moment but you're welcome to run this additional scan as well compare and contrast the two but um essentially we have reached the end of the lab but i do want to take it a step further and actually look at the results of this lab so if we click on immediate scan of ip oh no i'm sorry let me go back and actually the best place to click is here on the reports and then from here you'll see our scan results we found 21 high severity vulnerabilities 72 medium 9 low and 108 log so obviously this this machine that we're scanning the oauth bwa um it the bwa stands for broken web applications so it's vulnerable by design so obviously yeah it makes sense we found quite a lot and if we click on the date here this is where we get a much more detailed report okay so now it's we see the super high level 10 vulnerabilities at the very top we have a lot of end of life especially with the tiki wiki content management system we see denial service vulnerabilities with the current apache web server version running just all kinds of things cross-site uh forgery vulnerabilities with a web calendar um so yeah you know i encourage you to look through this um get a feel for all these various vulnerabilities you can even click within here and that's going to give you even more details about the vulnerabilities and potential solutions as well right it's going to give you the cve number that we talked about earlier um links you can you can click this link and visit um the website and also um some public um information so i mean here's here's maybe like a post from packet storm security here's the listing in exploit db.com that we talked about earlier as well so just tons of information within here so definitely go through it and yeah that's pretty much it this was a pretty straightforward lab once again we covered vulnerability scanning with openvos we talked about cves nvts [Music] and all of that fun stuff so thank you for watching and i will catch you in the next one
Info
Channel: Cypress College Cyber Club C4
Views: 1,328
Rating: 5 out of 5
Keywords: openvas, ethical hacking, ethical hacking lab, kali linux, kali linux lab, vulnerability scanning, nessus, cypress college, c4cyberclub
Id: uaM6lsQxDoE
Channel Id: undefined
Length: 19min 46sec (1186 seconds)
Published: Mon Feb 15 2021
Related Videos
Vulnerability Analysis With OpenVAS
HackerSploit
97K
CySA+ NETLAB+ 04 - Host Hardening
Cypress College Cyber Club C4
134
Ethical Hacking v2 NETLAB+ 12 - ARP Spoofing and MITM Attacks w/ Ettercap
Cypress College Cyber Club C4
468
CySA+ NETLAB 02 - Web Application Scanning w/ Nikto and OWASP ZAP
Cypress College Cyber Club C4
320
Ethical Hacking v2 NETLAB+ 14 - Understanding SQL Commands and Injections
Cypress College Cyber Club C4
123
CySA+ NETLAB+ 8 - Extracting Data from a Compromised Machine w/ msfvenom, Metasploit, and a RAT
Cypress College Cyber Club C4
155
Assisted Lab Analyzing the Results of a Credentialed Vulnerability Scan
O-Line Security
488
Ethical Hacking NETLAB+ 10 - Web Pentesting w/ Nikto and Burp Suite
Cypress College Cyber Club C4
433
Nessus Vulnerability Scanner Tutorial (Cyber Security Tools)
Jon Good
59K
Find Network Vulnerabilities with Nmap Scripts [Tutorial]
Null Byte
190K
Nessus Vulnerability Scanner Overview | Ethical Hacking for Beginners
Instructor Alton
19K
Metasploitable3 Mock PenTest Part 1
Zanidd
1K
💪How make a vulnerability assessment with GVM Openvas 2020.4 in a domain controller 2019
HACKSHIELD23
761
Grype open source vulnerability scanner demo
Anchore
545
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.