1
00:00:00,120 --> 00:00:03,960
‫At last, we are ready to start and this is vulnerability scan.

2
00:00:05,840 --> 00:00:09,080
‫This is the main page of the Nessus Web interface.

3
00:00:09,320 --> 00:00:11,990
‫We are in my scan section of Scans tab.

4
00:00:13,070 --> 00:00:15,440
‫At the upper left corner, click new scan.

5
00:00:16,620 --> 00:00:19,260
‫First, neces asks for the scanner.

6
00:00:20,350 --> 00:00:21,460
‫We have seen them before.

7
00:00:21,700 --> 00:00:25,090
‫So here we can choose the most suitable one for our skin.

8
00:00:25,900 --> 00:00:30,040
‫But in the home version of NASA's, unfortunately, some scans are disabled.

9
00:00:30,880 --> 00:00:36,940
‫If you click internal PCI Network Scan, for example, the application redirects you to the Nessus website

10
00:00:36,940 --> 00:00:44,880
‫to buy Nesses Pro. There are also available scanners like Basic Network Scan or alternatively go to

11
00:00:44,920 --> 00:00:47,530
‫user defined tap and select your own policy.

12
00:00:48,280 --> 00:00:55,000
‫This is the policy we defined in the previous lecture, so I chose this now given named your scan.

13
00:00:55,750 --> 00:01:00,640
‫As you can see in the right side of the name field, the required fields are identified by neces.

14
00:01:03,370 --> 00:01:04,900
‫So, right, description if you want.

15
00:01:07,750 --> 00:01:11,410
‫Select the folder for the output and define the target.

16
00:01:12,280 --> 00:01:15,730
‫You can list the hosts in target field one by one.

17
00:01:16,600 --> 00:01:18,370
‫I want to scan my two systems now.

18
00:01:18,520 --> 00:01:22,060
‫Nine nine one three nine is OWASP A.

19
00:01:23,290 --> 00:01:29,860
‫And nine, nine, two zero six is my Metasploit BBL system, so if you want a multiple IP addresses.

20
00:01:30,950 --> 00:01:32,570
‫Just put a comma in between them.

21
00:01:33,440 --> 00:01:36,050
‫You can also define an IP block or a range.

22
00:01:37,430 --> 00:01:43,280
‫Just as you remember, the map lectures or alternatively, if you have a file that contains a list of

23
00:01:43,280 --> 00:01:49,970
‫the hosts that we also covered earlier, you can have that file using the add file link in the upload

24
00:01:49,970 --> 00:01:50,750
‫target field.

25
00:01:51,500 --> 00:01:54,980
‫So now we're ready to launch the scan at the bottom of the page.

26
00:01:55,220 --> 00:02:00,860
‫Select Save or click the Down Arrow button and select Launch to start the scan immediately.

27
00:02:01,490 --> 00:02:05,750
‫I choose Launch It first, save the scan and then launched immediately.

28
00:02:06,590 --> 00:02:09,470
‫So while scanning, let's see some of the parts of NASA's interface.

29
00:02:10,510 --> 00:02:13,930
‫At the left, do you see the folders next to my scans folder?

30
00:02:13,960 --> 00:02:19,510
‫It says that I have one active scan and in my scans page you see the scan that we just started.

31
00:02:19,810 --> 00:02:22,180
‫If you click on it, you see the scan details.

32
00:02:23,170 --> 00:02:27,160
‫There are three tabs here, hosts vulnerabilities and history.

33
00:02:28,240 --> 00:02:33,420
‫When you click on the Vulnerabilities tab, you see the vulnerabilities found during the scan here,

34
00:02:33,430 --> 00:02:34,840
‫we already have some results.

35
00:02:35,780 --> 00:02:38,390
‫Now, click the Hosts tab to turn back.

36
00:02:39,620 --> 00:02:47,150
‫These are the systems that we defined as targets OWASP, CWA and Metasploit at the right, you see the

37
00:02:47,150 --> 00:02:49,220
‫severity levels of the vulnerabilities.

38
00:02:49,670 --> 00:02:52,760
‫NASA's classifies vulnerabilities into five levels.

39
00:02:53,480 --> 00:03:00,320
‫Informational level quickly identifies non vulnerability information, which is, well, nice to know

40
00:03:00,620 --> 00:03:06,890
‫and separates them from the vulnerability detail, which is need to know, right?

41
00:03:08,240 --> 00:03:14,540
‫Low level identifies a flaw that might help an attacker to better refine his attack, but by itself,

42
00:03:14,540 --> 00:03:16,970
‫that flaw won't be sufficient for a compromise.

43
00:03:17,240 --> 00:03:19,460
‫Medium level identifies it.

44
00:03:19,470 --> 00:03:22,220
‫Some information is leaking from the remote host.

45
00:03:22,850 --> 00:03:28,370
‫An attacker might be able to read a file he should not have access to high level identifies.

46
00:03:28,460 --> 00:03:35,600
‫The attacker can read arbitrary files on the remote host and or can execute commands on it, and critical

47
00:03:35,600 --> 00:03:39,290
‫level vulnerabilities are the most important vulnerabilities for us.

48
00:03:39,980 --> 00:03:45,800
‫These vulnerabilities can be exploited by a tool, and in most cases, the attacker does not need to

49
00:03:45,800 --> 00:03:47,960
‫make an extra effort to exploit them.

50
00:03:48,380 --> 00:03:49,850
‫So let's fast forward with the scan.

51
00:03:53,220 --> 00:03:58,770
‫Now, on the right side of each host row, you can see the status of the scan of that host.

52
00:03:59,250 --> 00:04:02,610
‫One hundred percent means the scan of that host is complete.

53
00:04:07,940 --> 00:04:11,600
‫Did you know you can ping the host sometimes to understand that they're still alive?

54
00:04:21,040 --> 00:04:27,190
‫And finally, our scan is completed in four minutes, which is a very fast scan for a vulnerability

55
00:04:27,190 --> 00:04:27,570
‫scan.

56
00:04:28,620 --> 00:04:32,370
‫Now, let's collect the Metasploit able to go to the vulnerabilities of that host.

57
00:04:33,710 --> 00:04:37,490
‫Here are the vulnerabilities of the Metasploit machine found by this scam.

58
00:04:38,210 --> 00:04:43,460
‫Please note that there might be other vulnerabilities that cannot be found by NASA's with the policy

59
00:04:43,460 --> 00:04:44,330
‫that we used.

60
00:04:44,450 --> 00:04:49,430
‫The vulnerabilities are ordered by severity levels by default, and I think that's a good idea.

61
00:04:50,550 --> 00:04:55,230
‫The vulnerabilities in a critical severity level are the most important ones for us again.

62
00:04:55,470 --> 00:04:58,320
‫So click on a vulnerability to see the details of it.

63
00:04:58,800 --> 00:05:00,720
‫So here we have the name of the vulnerability.

64
00:05:01,590 --> 00:05:02,610
‫A brief description.

65
00:05:05,170 --> 00:05:08,290
‫A solution method and the links to learn more about it.

66
00:05:08,920 --> 00:05:09,760
‫And last.

67
00:05:10,210 --> 00:05:17,590
‫The host and the port where the vulnerability lives at the right side of the screen, you see some additional

68
00:05:17,590 --> 00:05:19,990
‫and important information about the vulnerability.

69
00:05:21,100 --> 00:05:26,710
‫So for this particular vulnerability, Nessa says that we can exploit it using core impact, which is

70
00:05:26,710 --> 00:05:29,980
‫a commercial and very powerful exploitation tool.

71
00:05:31,140 --> 00:05:36,840
‫And here are the scores of this vulnerability, 10.0 is perfect for us.

72
00:05:38,110 --> 00:05:40,420
‫So click back to vulnerabilities.

73
00:05:40,780 --> 00:05:46,820
‫You go back to the list of the vulnerabilities here, there is another vulnerability which says the

74
00:05:46,930 --> 00:05:51,460
‫DNC server is running on the host and its password is password.

75
00:05:52,210 --> 00:05:58,930
‫If that's true, and if there's no additional measure to protect the host, we can access that host

76
00:05:58,930 --> 00:05:59,980
‫very easily.

77
00:06:00,490 --> 00:06:01,020
‫I'll show you.

78
00:06:01,030 --> 00:06:01,660
‫Let's test it.

79
00:06:02,350 --> 00:06:09,190
‫Go to the terminal screen and run the VNC viewer by typing ex-fiancee, viewer and hit Enter.

80
00:06:09,790 --> 00:06:18,490
‫If you don't have the RNC viewer installed on your Carly type APT, get install x, v and C viewer and

81
00:06:18,490 --> 00:06:18,970
‫hit enter.

82
00:06:22,170 --> 00:06:27,030
‫Take the IP address of Metasploit, Obel as the VMC server and hit enter.

83
00:06:29,000 --> 00:06:33,320
‫And our type password as the password and hit enter again.

84
00:06:35,840 --> 00:06:38,030
‫And voila, we are in the system.

85
00:06:39,360 --> 00:06:44,580
‫I use the warming Linux command to learn the user that I've caught.

86
00:06:45,360 --> 00:06:47,860
‫And you name that A.

87
00:06:48,300 --> 00:06:54,180
‫To learn the operating system and the kernel details if config to see the information about the network,

88
00:06:54,180 --> 00:06:56,600
‫interfaces, cetera.

89
00:06:59,590 --> 00:07:03,850
‫Now, type R.M. Dash RF slash.

90
00:07:04,450 --> 00:07:06,940
‫No, no, no, no, just kidding, don't don't do that.

91
00:07:07,120 --> 00:07:07,480
‫Don't.