This week we talked about initial scans using NMAP and NESSUS. We also talked about using TCPDUMP as a packet sniffer. As you work through your virtual environment this week, choose one (or more) of the following questions:
- What issue(s) are you encountering with NMAP, NESSUS, or other scanning tools?
- Did you discover any “interesting” traffic with TCPDUMP?
- How does practicing with a vulnerable device, such as the “MetaSploitable” help you learn more about vulnerability scanning and penetration testing?
1. While using NMAP, I was able to find my computer IP address and hostname within the network. However, when I tried to modify my query to identify the operating system, I was receiving an error stating “No targets were specified”. It was pretty neat, I was able to identify my iPhone, Apple watch, and friends’ phones. I was able to download NESSUS, however, I had issues when it came to the installation. The plugins were downloaded, but I ran into an infinite compiling loop. The progress bar would move to about 25% and then reset itself to zero. I will keep on trying this, but so far no luck.
Hi Anthony,
Curious what syntax you used that recieved an error when attempting to identify the operating system. Have you tried nmap -sS is a syn scan also known as a half
or nmap -sT is a full connect because it establishes a TCP connection to assist with banner grabbing?
Hi Kelly,
I ran these two commands “nmap -sT 192.168.1.0/24” and “nmap -sS 192.168.1.0/24”. The first command I was able to identify the devices connected to my router with the associated IP’s. The second command was similar, however, I was able to view the open/closed/filter ports per IP.
3. By using the Nmap command ‘–script vuln target_IP’ to scan the practice target machine, we may get the results that contain what this machine vulnerable to. Then we can use the Metasploit command ‘exploit/windows/smb/vulnerability_name’ to find if there have any exploitation code that can be used against the target machine. Before we run the exploitation code, we can use the Metasploit command ‘show’ to check the settings of it, and use some commands to edit, such as ‘RHOSTS’.
1. Over the course of the week I was using Nessus and attempting to run a scan on my home network. After getting Nessus installed in my virtual environment I attempted to run a basic scan, but was having difficulty getting the scan to find any hosts. After some time troubleshooting and changing the network configuration in VM, I figured out it was a firewall setting on my host os. Once I enabled the inbound firewall setting my Nessus scan began to identify different hosts on my home network. After the scan completed I used NMAP to see if I could get more information on some of the devices that listed a vulnerability in the Nessus report.
I decided to install nessus on my windows Flare VM. Initially, I could not launch a scan using the Firefox browser, giving me a disable API error to mitigate this error I switched to using IE which launched my discovery scan with no errors. To discover hosts I simply scanned the following IP range 192.168.0.0/24. It was eye-opening to see how many hosts appeared in this scan (approx. 16). I decided to run a scan on my host device, which I found a medium rating vulnerability – applied remediation and rescanned my host to verify my system reflected this fixed vulnerability. It’s a very clean interface but I think I prefer the way OpenVAS displays scanned report info just as my personal preference.
Hi Kelly,
When I ran a scan on my home network a few connected devices reported medium vulnerabilities as well and I spent some time looking into solutions to remediate the vulnerabilities. I was also surprised at the number of discovered hosts and forgot some were even connected anymore. Lastly, I agree the Nessus interface is clean and I will have to try out OpenVAS.