Question

Identification of vulnerabilities with Backtrack and Nessus

Answer 1

Local security check
Vulnerability in network services

---

Scan and identify vulnerabilities in our objectives is sometimes considered one of the most tedious jobs that security experts should perform, however it is one of the most important tasks that must be performed, since this gives you the opportunity to prepare for any attack they can perform.
In this tutorial we will scan the following vulnerabilities :

• 1. Local security check
• 2. Vulnerability in network services

Before going to each point, let's see how we install and configure Nessus :

Installation and configuration

• We open a terminal
• We run the following command to install Nessus

 apt-get install nessus 

• Nessus will be installed in the directory / opt / nessus
• Once the installation is finished, we run Nessus with the following command:

 /etc/init.d/nessusd start 

• Then we add the following command to add the user:

 / opt / nessus / sbin / nessus-adduser 

• We assign the username for the login and password twice and type and (yes) to ensure that the user is an administrator.
• Once completed, we run Nessus by typing the following, remember that it will not work but the user account has been added:

 /etc/init.d/nessusd start 

• Finally we login to Nessus at https://127.0.0.1:8834 .

Local security check

Now that we have installed Nessus we can go to the first tests, these vulnerabilities that we are going to identify are specific to the operating system that we are using.

Let's start the process by opening a browser, in this case we will use Mozilla Firefox.

• We log in to Nessus with http://127.0.0.1:8834
• We go to Policies .
• Click on Add Policy .

• In the General tab, we do the following:
• We put a name for the scan.
• In Visibility we have two options:
• Share : Other users have the privilege of using is scanning
• Private : This scan can only be used by you
• We put the rest of the fields by default and click Next

• In the Plugins tab, we select Disable All and select the following specific vulnerabilities, (remembering that we are using Backtrack ):
• Ubuntu Local Security Checks
• Default Unix Accounts

• We click on Submit to save the new policy
• In the main menu, click on Scans .
• Click on Add Scan and we do the following:

• We add a name for the scan, this we do to identify the scan that we are currently running as they can be one or more.
• We add the type of scan:

Run Now : By default. This option will execute the scan once.

Scheduled : Allows you to choose the date and time to execute it.

Template : Allows you to set this scan as a template.

• We choose a policy, in this case we choose the one we created earlier
• We choose the objectives considering the following:

• The objectives must be entered one per line.
• You can also enter goal ranges in each line.

• You can also add a text file with the objectives.

• Click on Launch Scan
• You will receive a confirmation and your test will be completed, receiving a report with the following information:
• Each objective to which a vulnerability was found is listed.
• You can click on the IP address to see the ports and problems of each port

Vulnerability in network services

The vulnerabilities that we are going to identify are specific to the equipment or protocols in our network.

First we create a policy, remember to put a name that identifies the scan we will perform, the procedure is the same as the previous scan.

In the Plugins tab, we will select other vulnerabilities since we are not performing the same tests.
We click on Disable All and select the following vulnerabilities:

• CISCO
• DNS
• Default Unix Accounts
• FTP
• Firewalls
• Gain to shell remotely
• general
• Netware
• Peer-To-Peer File Sharing
• Policy Compliance
• Port Scanners
• SCADA
• SMTP Problems
• SNMP
• Service Detection
• Settings

• We save the policy and go to the Scans option in the main menu.
• We follow the same procedure as the previous scan, remembering to change the name of the policy.
• We click on Launch Scan .
• And like the previous one, we received a report with the results of the test.

With these tests we prepare for any attack as we identify any vulnerability in our network or local computer and thanks to Backtrack, which not only offers you the robustness of a Unix- based system but also offers many complete and advanced tools that every security expert should own.

---