Vulnerability Analysis With OpenVAS Video Lecture | Get to know Ethical Hacking (English) - Software Development

[Laughter]
hello of Nan welcome to this video in
this video we're going to be looking at
performing vulnerability scanning and
analysis with open vs now I did make a
video it is probably in this section in
regards to installing open vs so what
you can do is you can check that out
first to make sure that you know how to
install it and how to get it configured
if you do choose to use another
vulnerability analysis tool by all means
go ahead but the reason I'm using open
vs is it's completely open-source and
has the functionality of paid or
commercial commercial editions or
commercial alternatives that exist out
there like Nice's for example so make
sure you start the open vs service you
can do that by going into vulnerability
analysis once you have it installed and
configured and hitting on and clicking
the open vs start service command right
here which will start it for you and
then you want to browse to your
localhost and you want to go to the port
93 92 now of course when you had
configured it it gives you a username
and password in this case the username
is admin and I changed my password for
myself so I'm gonna log in and once it
locks me in I'll give you a brief
overview of the interface and I'll be
showing you how to get a scan started up
alright so we have logged in and the
first thing that you'll see is it's it's
quite a good interface in terms of
navigation but the most important thing
that you want to take a look at here is
the refresh the refresh button that has
a drop-down that essentially allows you
to auto refresh the page every 30
seconds 60 seconds two minutes and five
minutes for now just make sure that is
on no auto refresh because if you're not
waiting for a scan to compare to
complete that may become really annoying
okay so on your dashboard this is
essentially it will show you all the
tasks by severity I'll explain what a
task is the tasks by status now I've
already performed a few tasks on my open
vs installation and that's because I do
use open vs for my work and other and
other types of projects by here right
down here you have a graph that allows
to view the CVS by creation time the
topology and you have your env T's
sorted by severity so nothing really
important there in regards to performing
the scan we are going to be taking a
look at only the scans section here
because the other section is it gets
really advanced into open vs but as I
mentioned this course is not going to be
targeted up at open vs I'm going to be
showing you everything you need to know
in regards to using open vs for for
performing vulnerability analysis all
right so let's say we wanted to perform
a scan on our met exploitable to virtual
machine how would we do that well it's
really very simple we would go into the
scans tab and you want to go into your
task alright so your task is essentially
going to be your scan on the target and
it's going to ask you to go through a
wizard I would recommend not doing that
because it it actually does a lot for
you and it really doesn't help you
understand what's going on exactly so
what you want to do inside the tasks
inside the tasks page you want to go to
this little star here that that brings
up this little drop down menu that
allows you to perform a new task or a
new container task you want to click on
new task
alright wait for that to load and in
years we specify your your-your-your
targets now I'm gonna call this task
Metasploit Metasploit able to scan i'm
just gonna call it metal Metasploit able
to scan and now in your targets you can
see that plate able to scan and now in
your targets you can see that I already
have a target if this is your first time
running this you will not have a target
so what you want to do is you want to
click on the star here to create a new
target and I'm gonna call this
Metasploit abort - like so and you can
leave a comment in regards to giving a
description about it
you then specify the IP address of the
target in this case it is 192 point one
sixty eight point one point 107 okay you
can also specify a host from a file that
if you want to scan multi multiple hosts
as for all the other settings do not
touch anything else and just hit create
alright and make sure you've selected
the targets now in here you can go to
the scanner here where it says open vs
default if you want to perform
CVE scan you can perform that as well
but leave it as open vs default that
will scan for vulnerabilities and will
display them in terms of severity and
what type of vulnerabilities they are
how they can be exploited etc etc okay
you then want to go into your scan
configuration and this you can customize
to whatever you want so you can set it
to discovery discovery of services you
can then perform a full and fast scan
which is what is recommended full and
very deep will go really in depth but
this is more this is targeted at systems
that are most secure but you're trying
to find even the smallest type of
vulnerability but for us the full and
fast world suffice you then want to you
can then select your network sauce
interface if you want to and that's
pretty much all the settings you need to
do there so once that's done just hit
create and we have created our scan now
we need to initiate the scan so give
that a few seconds and you can see right
under tasks here you have your the name
or the name of the task the status here
the reports the severity the trend and
actions now in terms of actions you can
see you can stop the scan you can you
it'll tell you the status of the scan
you can delete the scan you can move it
to trash you can edit it you can clone
it and you can save or export it alright
so this what we want to do is we want to
stop the scan now mind you depending on
the amount of targets and depending on
your target this will take anywhere from
two minutes to up to 10 to 20 minutes
you know given the intensity of the scan
that you select so just hit start and
now is when after it refreshes the page
now for the purpose of knowing the
status because this status will be
updated in terms of percentage so you
want to change this to auto refresh so
you can say refresh it every 30 seconds
and after every 30 seconds it will Auto
refresh and I'll give you a status so
wait for this to complete to 100%
let me just reload this here and let's
see if it has started yet so just give
it a few seconds or up to a minute to
start it you can see that it it has
requested the scan to be started and I
am currently running Metasploit able to
so we know that the host is up so give
that a few seconds so I can let me just
refresh that one more time just to see
if if it is started I'll wait for it to
stop and then
wait for it to complete and then I'll
get back to you so let's just see if
this will will start anytime soon it
shouldn't take too much time again it's
all dependent on the intensity of the
scan the amount of targets you're
scanning and the and what options you
select in terms of what services or a or
C the ease you want to scan for so
really it's all about customizing what
type of scan you want so we'll wait for
this to start and I want it started
we'll wait for it to complete as I said
this is going to be the status is going
to be in the form of a percentage so all
the way from 0% to 100% and then it'll
in terms of reports it will give you
here the total amount of vulnerabilities
detected and the severity the overall
severity that this host or this computer
or this operating system is independent
on the amount of vulnerabilities that it
has you'll see how important this is and
why even using a vulnerability scanner
like this is extremely important and
there we are it's just started the scan
now so give that a few minutes and I'll
do that as well so I'll come back to it
and all right so the scan is complete
and as you can see you know just what we
expected in terms of severity it is
complete high in the sense that the
rating is from a 7.0 all the way to a
10-point oh so we have a lot of
vulnerabilities here now you can display
and all this information in the form of
a graph and pie charts etc now we need
to analyze the results that we've just
gotten so what I'm gonna do is I'm going
to disable the auto refresh because I
don't need it to refresh now and we want
to go into the scans page and to get a
detailed report of the vulnerabilities
that were found you can go into reports
and I'll show you something really
interesting here ok so give that a few
seconds to load up and once that loads
up what's gonna happen is it's gonna
give you a summary of all the
vulnerabilities that that were detected
and it will sort it out in the order of
severity now for some reason
[Music]
my-my-my open vs has stopped working yes
so what I'm gonna do is I'm gonna exit
my Metasploit that is probably what's
causing the issue because they are both
hosted on localhost and I am going to
start up my
this again if you do encounter this
issue please do note that you should try
and avoid using more than one
application hosted on your localhost and
the reason being is is it if it is being
used then you need to always specify
which one has the priority all right so
rightly in terms of reports you can see
it's gonna sort at the scan in terms of
the date the status the tasks the
severity and the scan results sorry
about that let me just close that up and
the scan results so the scan results
will display all the vulnerabilities so
for example in terms of high high
severity vulnerabilities we have 20
median 31 low 3 and you have your logs
and false positives right there
now what if we wanted to analyze this
this scan and we wanted to see what
vulnerabilities currently exist so to do
that we would go into results all right
and we click on results and for some
reason I have to log back in so I'll log
back in and yeah there we are alright so
this these are the results that it was
able to come up with in terms of
vulnerabilities so the vulnerabilities
here are sorted out in terms of their
name their severity their quality of
discovery their host their location and
when they were created ok so when it
comes to quality of the detection this
is how how this in terms of the
percentage in which they are sorted this
is the potency in which they can be
exploited through so that means that for
example in the ones that have a 99%
quality of detection that means that
these are very very prone to successful
attacks okay in terms of severity you
can see that it sorted out from 1 all
the way to attend 1 being the lowest and
10 being the highest and now in terms of
the the vulnerabilities we can see that
let's look at some of the high ones we
have an ssh brute-force login so let's
look at what this vulnerability is all
about so essentially this is a
vulnerability telling us that we can
login it is we we can login with default
credentials via SSH so immediately you
can see that it's telling us what
vulnerabilities exist and if we try and
use this as our as our attack vector
can easily access the the Matas
palatable to virtual machine through SSH
without even exploiting it so you can
see that the default username is user
and there you are and it'll also give
you the great thing is it'll give you
the mitigation in which you can put in
place and it's telling you here to
mitigate this attack change the default
password as soon as possible for SSH
okay so let's go back and let's analyze
a few of the other vulnerabilities that
we'll be looking at exploiting in the
exploitation section we have a disk cc
remote code execution vulnerability
let's take a look at that so it is
possible to execute the ID command so
what service is this targeting let's
let's take a look and let's see what
service it's targeting so this is
probably targeting the Samba server if
we just take a look there we are so it
also gives you see ve details and in
regards to the mitigation it doesn't
have anything here and we'll be looking
at or how to exploit all of these
services so there we are we have remote
code execution vulnerability through the
port 3 6 3 2 which is Samba ok now let's
take a look at one more before we
actually show you something else
yeah vsf TBD the backdoor vulnerability
so let's click on that and let's see
what vulnerability this is so as you can
see vulnerability this attack can
exploit this issue to execute arbitrary
commands in the context of the
application so essentially allows
command execution and the the affected
software is vs FTP D 2.3.4 we already
know that all right so so some quite
quite some valuable information has been
gathered here what do we need to do now
what if we wanted to if we are to going
to report here and in reports just let
that load up for some reason my open vs
is really really slow today I do
apologize for that there we are so now
in here if I was to just if you of if I
was to just go on to this scan and I
click on the date right here which is
essentially the scan itself and let let
that load again apologies for the delay
and there we are it looks like it's
loaded it alright excellent so now in
of the results you can go ahead and look
at all
the Devon abilities that exist now
completely on the entire web server that
it was able to detect and they are
sorted out in terms of their severity
fantastic so now from here you can see
that we can export this data and we can
actually import it into Metasploit how
do we do that well we can click on the
format that we want to export it into
which I always recommend is XML that is
the format that is supported and is most
favored favored by the Metasploit remote
console so you now want to click on the
download filtered report there and I
just let that download give that a few
seconds it should prompt you to download
it all right so I'm gonna save the file
and that name is long but I'll show you
can use the text completion to get that
right all right so now that we're done
with open vs we can now start the
Metasploit console the Metasploit
framework console so i'm going to open
that up right now and we'll wait for
that to load and then I'll show you how
to import show you how to import the
report and how to access the
vulnerabilities through Metasploit so
that you can have an easier time when
performing the exploitation okay so let
the Metasploit framework start up give
that a few seconds and then we're going
to be using the DBE import command and
finally we will specify the the the
report file so we use the DB import
command and then after that we specify
the location in mind in my case it is in
my downloads folder and it is called the
report and I can use the auto completion
and once I hit enter it should import
the open vs XML data as you can see it's
going to import all that data that we
required and now what we need to do is
we can we can we can run additional
commands so for example if I type in
hosts as you remember it will display
all the hosts you've ever scanned and
the ones that you've imported you can
then run one additional command which
will display all the vulnerabilities
that you have imported so if I type in
Vaughn's and I hit enter these are all
the vulnerabilities that were able to be
detected and you have their CVE codes
right over there so that you can you can
start using this information in regards
to explain
datian so that was how to perform
vulnerability analysis on your target
and get a detailed report and
understanding of what of what
vulnerabilities exist on your target and
how to exploit them how to mitigate them
etcetera etcetera this is extremely
important on both sides of the of the
fence where they are a white hat or a
black hat it all gum comes down to
understanding what what a what the
operating system is and how it is
configured with all the different
services that being said that's going to
be it for this video and I'll be seeing
you in the next section when we'll get
started with exploitation
[Music]