Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
186
Figure 64: Basic Settings for the Authenticated Scan
Next, let’s
click on the
Credentials
tab and select
SSH
322
in the
Host
category. On the
Authentication method
dropdown, we’ll select
password
, and enter “offsec” as the username and
“lab” for the password. We’ll select
sudo
for the
Elevate privileges with
option and enter “root” as
the sudo user and “lab” as the password.
Figure 65: SSH and Sudo Credentials for the Authenticated Scan
While we will use the SSH configuration for this example, there are several other authentication
mechanisms available. To get a list
of all available mechanisms, we can click the
Categories
322
(Wikipedia, 2022), https://en.wikipedia.org/wiki/Secure_Shell
Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
187
dropdown menu and select
All
. We can consult the
Tenable Documentation
323
for a complete list
of supported authentication mechanisms.
For
Linux and macOS targets, SSH is used. While we can also use SSH on Windows, in most
cases, we will use
Server Message Block
(SMB)
324
and
Windows Management Instrumentation
(WMI)
325
to perform authenticated vulnerability scans against Windows targets.
Both methods
allow us to use local or domain accounts and different authentication options.
To get meaningful results in an authenticated vulnerability scan, we need to ensure that our target
system is configured correctly. Depending on the authentication method we want to use, we need
to make sure that there is no firewall blocking connections from our scanner. Furthermore, we
often find
antivirus
(AV) programs installed on both Linux and Windows targets. AV may flag the
vulnerability scan
as malicious and therefore, terminate our connection or render the results
useless. Depending on the AV program, we can add an
exception
326
for the authenticated scan or
temporarily disable it.
Another Windows security technology we need to consider is
User Account Control
(UAC).
327
UAC
is a security feature for Windows that allows users to use standard privileges instead of
administrator privileges. An administrative user will run most applications
and commands in
standard privileges and receive administrator privileges only when needed. Due to the nature of
UAC, it can also interfere with our scan. We can configure UAC to allow Nessus or temporarily
disable it.
328
We should consult the
Yüklə
Dostları ilə paylaş: