4 Question: How to perform a normal scan with OpenVAS? EC521: Cybersecurity OpenVAS
5 How to find the command set? Solution: #openvas ‘double tab’OpenVAS-Scanner: openvassdopenvas-mkcertopenvas-nvt-syncOpenVAS-Manager: openvasmdOpenVAS-Client: openvas-cliGreenbone-Security-Assistant: gsadEC521: Cybersecurity OpenVAS
6 EC521: Cybersecurity OpenVAS How to find the command set?openvas-setupopenvas-check-setupopenvas-nvt-syncopenvas-naslReference:http: //www.openvas.org/setup-and-start.htmlhttps://www.digitalocean.com/community/tutorials/how-to-use-openvas-to-audit-the-security-of-remote-systems-on-ubuntu-12-04EC521: Cybersecurity OpenVAS
7 EC521: Cybersecurity OpenVAS Target -- XAMPPXAMPP's name is an acronym for:X (to be read as "cross", meaning cross-platform)Apache HTTP ServerMySQLPHPPerlIt is a completely free, easy to install Apache distribution containing MySQL, PHP, and Perl.Reference: https://www.apachefriends.org/index.htmlEC521: Cybersecurity OpenVAS
8 EC521: Cybersecurity OpenVAS Set a targetEC521: Cybersecurity OpenVAS
9 EC521: Cybersecurity OpenVAS Create a taskEC521: Cybersecurity OpenVAS
10 EC521: Cybersecurity OpenVAS Get the resultEC521: Cybersecurity OpenVAS
11 Question: How to insert plugins into OpenVAS? EC521: Cybersecurity OpenVAS
15 Network Vulnerability Tests NVTsThe OpenVAS project maintains a public feed of more than 35,000 NVTs (as of April 2014)Command openvas-nvt-sync for online-synchronisation from the feed service.Based on NASL scripts(Nessus Attack Scripting Language)EC521: Cybersecurity OpenVAS
30 Question: How to understand NASL Script language? EC521: Cybersecurity OpenVAS
31 EC521: Cybersecurity OpenVAS NASL LanguageNASL is a scripting language designed for the Nessus security scanner. Its aim is to allow anyone to write a test for a given security hole in a few minutes, to allow people to share their tests without having to worry about their operating system, and to guarantee everyone that a NASL script can not do anything nasty except performing a given security test against a given target.Reference:EC521: Cybersecurity OpenVAS
32 NVT Structure # OpenVAS Vulnerability Test // # $Id$ // # Description: [one-line-description] //(copyright and writer information)if(description) //script_oid(FIXME); # see //script_version("$Revision$"); # leave as is, SVN will update this //…include("FIXME.inc"); # in case you want to use a NASL library# FIXME: the code. //
33 Metasploitable 2 Designed by HD Moore, Now owned by Rapid 7 (To test their well-known tool metasploit, for free)A special version of Ubuntu Linux 8.0.4A target machine with many built-in vulnerabilitiesA good platform to conduct security training, test security tools, and practice common penetration testing techniques.
37 OpenVAS Scan ReportSadly not as much result as it should be. (Using the full ultimate scan) .Some NVTs don’t have the full function as the original program or CVE.
38 A Brief ExampleWe can use this vulnerability to remote login into the target as the root, and execute shell commands using the rsh-client servise.( In Kali Linux, apt-get install rsh-client.)
39 Nmap NVT port scanNo result in the Openvas NVT Nmap feed. It can’t list all the open ports while using the nmap in kali, we can get the full result.All the open ports are printed out in nmap as well as their protocol or function. NVT can’t take the place of the original program.
40 Is vulnerability working? Remote LoginTCP ports 512 is known as "r" services, and have been misconfigured to allow remote access from any host (a standard ".rhosts + +" situation).Fisrt, install rsh-client. Then type in rlogin -l root , so…
41 Do something badSince we are SSH with the remote target, why not generate the SSH (as we did in homework), so next time we can access unlimitedly!
42 Question: How to use OID to get NVT’s feed? Use OID To look for the NVT and more information with it
44 Summary 1. Our purpose of the lab generation 2. Completely use of the penetration tool3. Practical use of OpenVASFor attacker: Exploit, SniffFor defender: Assess, Patch4. Brief assessment of OpenVASOpen sourceClient-server structureExtended and flexible NVT feedSecurity and authentication