Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary...
-
Upload
truongkhanh -
Category
Documents
-
view
219 -
download
2
Transcript of Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary...
![Page 1: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/1.jpg)
Randall Lewis
Zenmap and Nessus Lab
Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable
Network Security. Below are results of an analysis and screen shots
104 Quick Scan
![Page 2: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/2.jpg)
![Page 3: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/3.jpg)
103 Intense Scan
![Page 4: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/4.jpg)
![Page 5: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/5.jpg)
103 Quick Scan
![Page 6: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/6.jpg)
![Page 7: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/7.jpg)
105 Intense scan plus UDP
![Page 8: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/8.jpg)
![Page 9: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/9.jpg)
105 Ping Scan
![Page 10: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/10.jpg)
![Page 11: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/11.jpg)
106 Quick traceroute Scan
![Page 12: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/12.jpg)
![Page 13: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/13.jpg)
106 Regular Scan
![Page 14: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/14.jpg)
![Page 15: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/15.jpg)
A) Ping Sweeping
![Page 16: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/16.jpg)
![Page 17: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/17.jpg)
C) TCP Connect
![Page 18: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/18.jpg)
![Page 19: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/19.jpg)
D) Stealth Scanning
![Page 20: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/20.jpg)
![Page 21: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/21.jpg)
E) UDP Scanning
![Page 22: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/22.jpg)
![Page 23: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/23.jpg)
F) Which OS is Running
![Page 24: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/24.jpg)
![Page 25: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/25.jpg)
G) Other Options
![Page 26: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/26.jpg)
![Page 27: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/27.jpg)
Part A:
1. Several services running on each host:
Echo
Discard
Daytime
Chargen
qotd
ssh
telnet
dsp
unknown
2. Nmap's ability to identify the operating system running on each system:
Nmap is able to identify the Operating System running on each system by containing a large list/database
( nmap-os-db database) of heuristics that act differently when responding to selections of TCP/IP probes.
So depending on the responses determines the type of OS that is operating. So Nmap does let you know
what OS is operating.
Is there any
Nmap feature than can be used to guess the OS of the host? Explain your answer.
![Page 28: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/28.jpg)
Using the ports that are open and the probable services running on those ports,
I determined what operating systems are running on the devices:
The Operating systems that is running is Windows. Certain ports that are open:For Example: 7 - Echo, 21
- tcp, 22- ssh and 110 - pop3 are common ports that are related to Windows.
3. The host that appears most secure and least secure are:
192.168.100.103 is the most secure Host because it has 991 Closed ports which is the least number of open
ports.
192.168.100.106 is the least secure because it has the most open ports.
4. Several uses of Nmap:
NMAP can be used in many different ways. It can let you know the device type and/or which kind of
routers, or printers. The type of operating system, this was a hacker can figure out what tool to use in
exploit a vulnerability.
Nmap can show wish host are up and running. This can be done by doing a ping sweep and the ones that
are connected are the ones that are up.
Stealth Scanning is an option also, some hackers may not want to let the person know that they are being
scanned and in stealth scanning and the TCP 3-way connection is never established.
5. The feature of Nmap that I find the most useful:
![Page 29: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/29.jpg)
I found the Ping Sweeping the most useful. Because knowing which networks are up and connected,. This
is most important because you don't want to attack a host that is not connected.
6. The feature of Nmap that I find the most difficult to use:
I found the OS Fingerprinting the most difficult because it has to be combined with a port scan to be
effective. This just adds one more element which makes it more difficult.
7. A command that I consider important:
NMAP - sW,-sT, -sA, sM is a group of commands that finds the most commonly used TCP ports.
This is important because knowing the most commonly used TCP ports can prepare a hacker to try and
Breach that port using known vulnerabilities for those ports. This actually makes the job easier.
Part B
![Page 30: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/30.jpg)
![Page 31: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/31.jpg)
IP ADDRESS
![Page 32: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/32.jpg)
![Page 33: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/33.jpg)
EXecutive SUmmary
![Page 34: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/34.jpg)
![Page 35: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/35.jpg)
Executive Summary -cont.
![Page 36: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/36.jpg)
![Page 37: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/37.jpg)
-Cont.
![Page 38: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/38.jpg)
![Page 39: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/39.jpg)
Cont
![Page 40: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/40.jpg)
![Page 41: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/41.jpg)
-Cont
![Page 42: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/42.jpg)
![Page 43: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/43.jpg)
-Cont.
![Page 44: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/44.jpg)
![Page 45: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/45.jpg)
-Cont.
![Page 46: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/46.jpg)
![Page 47: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/47.jpg)
1. The operating systems that are running on the different hosts are:
Microsoft Windows XP Service pack 2
Microsoft Windows XP Service pack 3
Linux Kernel
2. What web server (if any) is running on each computer?
Microsoft Web server is running
3. Several services running on each computer:
smb
msrdp
ntp
www
telnet
ftp
4. The host that had the highest number of vulnerabilities and the least number
of vulnerabilities are:
192.168.100.103 had the highest number
![Page 48: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/48.jpg)
192.168.100.105 had the Lowest number
5.Here I will Identify one high severity vulnerability for each computer and describe
the vulnerability and discuss control to minimize the risk from the vulnerability:
52717 had multiple Vulnerabilities. The remote web server uses a version of PHP that is affected by
multiple vulnerabilities
42411 - Microsoft smb shares unprivileged access. It is possible to access a network share.
The Control to minimize this risk is to restrict access under WIndows by going to each share, right clicking
and configure “sharing” on “permissions”. (Microsoft, 2009)
53503 - MS11-020: Vulnerability in SMB server could allow remote code execution. it is possible to
execute arbitrary code on the remote windows host due to flaws in its SMB implementation.
The Control to minimize this risk is a security update and Microsoft recommends that the update Patch is
applied immediately. (Microsoft, 2009)
6. Various uses of Nessus:
Nessus is a vulnerability checker that scans areas a hacker from the outside would face when trying to
infiltrate a network.
Nessus can be used to find misconfigurations in the systems. It can find patches that need to be Patched.
Nessus can also send out an alert if vulnerabilities are discovered during a scan.
7. The feature of Nessus that I find the most useful is:
I find the Pie Chart and section that shows that Highest severity of problems and it is listed in the
Executive summary. This is the most useful because you want to know where a hacker can break in or
easily exploit and this shows it.
8. The differences between using Nessus and Nmap:
Nmap is used mainly for host detection and port discovery while Nessus Scans ports to find open ports to
check security vulnerabilities.
![Page 49: Randall Lewis Zenmap and Nessus Lab - … Lewis Zenmap and Nessus Lab Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Below](https://reader031.fdocuments.us/reader031/viewer/2022022502/5aab63d07f8b9a8d678bc599/html5/thumbnails/49.jpg)
References:
Microsoft. (2009, Jan 13). Microsoft security bulletin ms09-001 - critical. Retrieved from
http://technet.microsoft.com/en-us/security/bulletin/MS09-001