ITP 457 Lab 4

ITP 457 Lab 4 -...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Lab
#4
–
Vulnerability
Scanning
 
 Name:
 
 Email:
 
 Due:

Feb.
4,
2009 Step
0
–
Nessus
Installation
in
Backtrack
 • Download
the
Fedora
Core
8
RPM's
from:
 o http://www.nessus.org/download/index.php

 Nessus‐3.2.0‐fc8.i386.rpm
 NessusClient‐3.2.0‐fc8.i386.rpm
 Start
up
konsole
 Create
a
directory
called
Nessus
 o Type
mkdir
Nessus
 Copy
the
*.rpm
files
into
the
Nessus
folder
 o Type
cp
*.rpm
~/Nessus/.
 Change
into
the
Nessus
folder
directory
 o Type
cd
Nessus
 Convert
the
rpm
files
into
tgz
files
 o Type
rpm2tgz
Nessus­3.2.*­fc8.i386.rpm
 o Type
rpm2tgz
NessusClient­3.2.*­fc8.i386.rpm
 Install
the
files

 o Type
pkgtool
 Execute
the
following
commands:
 o cd
/opt/
 o export
PATH=$PATH:/opt/nessus/sbin:/opt/nessus/bin:
 o cp
/usr/lib/libssl.so
/lib
 o cp
/usr/lib/libcrypto.so
/lib
 o cp
/opt/nessus/lib/libnessus.so.3
/lib
 o cp
/opt/nessus/lib/libnessusrx.so.0
/lib
 o cp
/opt/nessus/lib/libpcap­nessus.so.3
/lib
 o cd
/lib
 o ln
libssl.so
libssl.so.6
 o ln
libcrypto.so
libcrypto.so.6
 Type
nano
/etc/ld.so.conf
 o Add
the
following
line
to
the
end
of
the
file
 /opt/nessus/lib

 Type
ldconfig
 nessus‐fetch
‐‐register
XXX‐YYY‐ZZZ‐VVV
 • • • • • • • • • • 
 Step
1
–
Start
Up
 • • Start
up
BackTrack
VM,
if
you
haven’t
done
so
 Login
 o User:
 root
 o Pass:
 toor
 
 Step
2
–
Configure
Nessus
 • • • • • • • • • • • • • • • • At
the
command
line,
type
nessus­mkcert
and
press
ENTER
 o You
can
start
up
konsole
to
do
this
 On
the
CA
Certificate
Life:
press
ENTER
 On
the
Server
Certificate
Life:
press
ENTER
 On
the
Your
Country:
press
ENTER
 On
the
Your
State:
press
ENTER
 On
the
Your
Location:
press
ENTER
 On
the
Your
Organization:
press
ENTER
 Press
ENTER
to
exit
 At
the
command
line,
type
nessus­adduser
and
press
ENTER
 At
the
Login:
type
ttrojan
and
press
ENTER
 At
the
Authentication:
press
ENTER
 At
the
Login
Password:
type
password
and
press
ENTER
 Repeat
the
password
 At
the
Enter
the
rules
for
this
user
press
CTRL+D
 At
the
Is
that
OK?
prompt,
type
y
and
press
ENTER
 Start
the
Nessus
server
by
typing,
/opt/nessus/sbin/nessusd
&
 Step
3
–
Start
the
Nessus
Client
and
Run
a
Scan
 • • • • • • • At
the
command
line,
type
startx,
if
you
haven’t
started
X‐Windows
 Right­click
the
desktop
and
choose
Configure
Desktop
 Click
on
the
Display
icon
and
change
the
screen
size
to
1024x768
 o Accpet
the
configuration
change
 In
the
konsole
type
/opt/nessus/bin/NessusClient
&
 Click
the
Connect
button
and
highlight
localhost
 Click
the
Edit
button
and
change
the
User/Password
to
what
you
created
 before
 Click
Save
and
then
click
Connect
 o If
it
asks
you
for
the
first
time
login
or
accepting
a
certificate,
click
 Agree|Accept|Yes
 Highlight
Default
Scan
Policy
and
press
the
Edit
button
 Click
on
the
Plugin
Selection
tab
and
click
on
Enable
all
button
 In
the
plugin
list,
uncheck
the
Denial
of
Service
 Click
Ok
 On
the
main
Nessus
client
screen,
click
the
+
on
the
left
side
of
the
window.

 Add
the
target
host
as
the
Windows
XP
SP0
VM.

 You
will
need
to
get
the
IP
address
of
the
Windows
XP
VM
 Start
the
Scan
 
 • • • • • • • Scenario
#1
 Backtrack
does
not
come
with
Nessus
installed,
but
instead
it
uses
another
 vulnerability
scanner
called
SAINT.
Goto:
 http://www.saintcorporation.com/demo/saint/documentation.html
 and
perform
the
same
vulnerability
scan
on
the
Windows
XP
VM.
Are
the
results
 similar
or
are
there
major
differences?
Use
the
rest
of
the
blank
pages
to
report
 your
answer.
 ...
View Full Document

This document was uploaded on 09/13/2010.

Ask a homework question - tutors are online