1
00:00:00,390 --> 00:00:02,790
‫Let's perform another vulnerability scan.

2
00:00:04,370 --> 00:00:08,990
‫I want to perform an aggressive scan to find as many vulnerabilities as possible.

3
00:00:10,270 --> 00:00:14,440
‫Go to Cali and start the Nessus demon if it's not already started.

4
00:00:16,090 --> 00:00:19,000
‫You service NASA's status to learn if it's running.

5
00:00:19,980 --> 00:00:25,830
‫OK, so it's inactive, so I use service necessity, start to start and as a service.

6
00:00:27,470 --> 00:00:30,740
‫Now, go to your browser and connect to the Nessus interface.

7
00:00:31,580 --> 00:00:42,410
‫It is a TDPs service is running on the same machine, so I'll use 127.0.0.1 loopback IP address referred

8
00:00:42,410 --> 00:00:48,410
‫to as localhost and the Port of Vanesa service is a for.

9
00:00:50,300 --> 00:00:51,770
‫Sign in using your credential.

10
00:00:54,830 --> 00:00:59,990
‫Click the new scan button now, let's choose advanced scan for this scan.

11
00:01:00,950 --> 00:01:03,890
‫We'll be more aggressive than a basic network scan.

12
00:01:04,820 --> 00:01:10,280
‫So enter the basic info, give the scan a name and enter a description if you want.

13
00:01:11,650 --> 00:01:13,210
‫And the targets.

14
00:01:14,280 --> 00:01:21,330
‫Here I have a Windows XP with an IP address of two 07 and Metasploit able to Linux system with an IP

15
00:01:21,330 --> 00:01:22,890
‫address of two zero six.

16
00:01:23,840 --> 00:01:29,580
‫You know, I have a third system and up to date Windows eight, and its IP address is two to three.

17
00:01:31,140 --> 00:01:35,610
‫Right, so back to Cali and enter the IP addresses of the target systems.

18
00:01:35,850 --> 00:01:42,540
‫Two zero six four Metis voidable two zero seven four Windows XP and two two three four Windows eight.

19
00:01:44,060 --> 00:01:47,480
‫Now click Discovery and the list of the left.

20
00:01:48,760 --> 00:01:54,280
‫So we're simply going to accept the defaults on this page, so let's click on assessment over to the

21
00:01:54,280 --> 00:01:54,550
‫left.

22
00:01:56,190 --> 00:02:01,670
‫And on this page, we want to check perform thorough tests, so check the box.

23
00:02:02,790 --> 00:02:06,120
‫Then moved to the report section in the options on the left.

24
00:02:06,990 --> 00:02:11,370
‫You can override the normal verbosity, make it report as much info as possible.

25
00:02:12,420 --> 00:02:16,050
‫So next, click the advanced option in the left to the left.

26
00:02:16,530 --> 00:02:20,610
‫The only thing we're going to do here is uncheck enable safe checks.

27
00:02:21,730 --> 00:02:25,510
‫Now on a normal production network, you would leave this box checked.

28
00:02:25,780 --> 00:02:29,050
‫You don't want to take down production systems when scanning.

29
00:02:29,350 --> 00:02:35,380
‫But for our purposes here, we want to gather as much information as possible, so we're going to check

30
00:02:35,380 --> 00:02:35,500
‫it.

31
00:02:36,720 --> 00:02:38,520
‫Now, click on the Credentials tab.

32
00:02:39,630 --> 00:02:41,490
‫Select the SSA option.

33
00:02:42,470 --> 00:02:43,490
‫In the list on the left.

34
00:02:44,780 --> 00:02:50,150
‫Now, since we know the username and password for the Metasploit LVL two machine, we're going to put

35
00:02:50,150 --> 00:02:51,710
‫those credentials in here.

36
00:02:52,700 --> 00:02:55,580
‫Remember, the username and password are both massive admin.

37
00:02:56,760 --> 00:03:02,250
‫James, the authentication method to password and put it in the username and password below.

38
00:03:03,810 --> 00:03:05,280
‫Now in the plug ins tab.

39
00:03:06,140 --> 00:03:12,020
‫We only need to activate the plug ins that have to do with what might be running on a Linux system so

40
00:03:12,020 --> 00:03:13,520
‫we can disable a few things here.

41
00:03:22,840 --> 00:03:23,200
‫OK.

42
00:03:23,590 --> 00:03:26,290
‫I paused demo here, I've got to make an apology.

43
00:03:26,320 --> 00:03:28,940
‫It's a late update while capturing the demo.

44
00:03:29,410 --> 00:03:33,730
‫I forgot that I have Windows targets and disable the Windows plug ins.

45
00:03:34,180 --> 00:03:40,330
‫It's a mistake and I just wanted to show you that what we do here is if there's a problem, there's

46
00:03:40,330 --> 00:03:41,230
‫always a solution.

47
00:03:41,830 --> 00:03:46,450
‫So if you have Windows targets, please do not disable the Windows plug ins.

48
00:03:47,610 --> 00:03:51,480
‫All right, let's move on, we can finally click Save at the bottom.

49
00:03:52,350 --> 00:03:54,720
‫So here's the scan and we're ready to run it.

50
00:03:55,290 --> 00:03:59,850
‫Simply click the Great Triangle at the far right of our scan, which stands for launching the scan.

51
00:04:02,070 --> 00:04:04,320
‫And yes, the scan is started.

52
00:04:04,890 --> 00:04:07,860
‫Now you can pause or stop the scan any time you want.

53
00:04:08,750 --> 00:04:12,080
‫So click the scan and we see the results in real time.

54
00:04:13,590 --> 00:04:18,480
‫OK, boy, that's going to take a while to run, so it's probably a good time to check your email.

55
00:04:18,660 --> 00:04:22,710
‫Grab a cup of coffee, maybe, but just make sure you come back to review the results.