Penetration Testing with Kali Linux OffSec
|
|
intrusion prevention systems
(IPS), 295 and intermediate network devices (such as routers), can filter or alter our traffic. One example of this is when a vulnerability scanner sends ICMP packets in the Host Discovery step and the intermediate device does not forward them. Hence, the scanner marks the target as offline. In addition, our scan can be affected by rate limiting , 296 which is used to limit the amount of traffic on a network. When our scan exceeds thresholds like throughput, packet count, or connection count, the source system of our vulnerability scan can be drastically restricted in the context of networking capabilities. When the host discovery and service detection probes are rate limited and therefore slowed down, the vulnerability scanner may miss live hosts or services. Most vulnerability scanners can address this by specifying delays, timeouts, and limiting parallel connections. Finally, let’s review the network and system impact of vulnerability scans. A vulnerability scanner produces a lot of network traffic in most configurations, especially if we want to scan multiple targets in a parallel way. This can easily render a network unusable. To address this, we could reduce the number of parallel scans or the scanning speed. An even bigger problem is the potential impact of our vulnerability scan on the stability of a system. We need to consider that every vulnerability scan can bring instability to any system or service we scan. 7.2 Vulnerability Scanning with Nessus This Learning Unit covers the following Learning Objectives: • Install Nessus • Understand the different Nessus components • Configure and perform a vulnerability scan • Understand and work with the results of a vulnerability scan with Nessus • Provide credentials to perform an authenticated vulnerability scan • Gain a basic understanding of Nessus plugins 295 (VMWare, 2022), https://www.vmware.com/topics/glossary/content/intrusion-prevention-system.html 296 (Wikipedia, 2021), https://en.wikipedia.org/wiki/Rate_limiting Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 168 In this Learning Unit, we’ll focus on Nessus, which is one of the most popular vulnerability scanners, containing over 67000 CVEs 297 and 168000 plugins. 298 Nessus is available as Nessus Essentials and Nessus Professional . 299 We will use the free version, Nessus Essentials, which comes with some restrictions and constraints. For example, we can only scan 16 different IP addresses, and some templates and functions are not available. However, Nessus Essentials will give us insight into how to use the full commercial version and the general concepts discussed in this section will also apply to most commercial scanners. 7.2.1 Installing Nessus For this Learning Unit, we’ll need to install Nessus on the Kali Linux VM, which is used to connect to the PEN-200 lab environment. An internet connection and email address will be necessary to download and activate Nessus. The minimum hardware requirements Tenable recommends 300 are 4 CPU cores and 8GB of RAM. However, we don’t need to meet those requirements for our exercises. 2 CPU cores and 4GB of RAM are sufficient for our needs. Nessus is not available in the Kali repositories and needs to be installed manually. We can download the current version of Nessus as a 64bit .deb 301 file for Kali from the Tenable website. 302 There, we also get the SHA256 303 and MD5 304 checksums for the installer. Let’s select Linux - Debian - amd64 as platform and download the installer. Figure 34: Download Nessus for Kali After downloading the installer, we’ll check the SHA256 checksum to validate it. To do this, we click the Checksum button and copy the SHA256 checksum to the clipboard via the copy icon. 297 (CVE MITRE, 2022), https://cve.mitre.org 298 (Tenable, 2022), https://www.tenable.com/plugins 299 (Tenable, 2022), https://www.tenable.com/products/nessus 300 (Tenable Docs,2022), https://docs.tenable.com/generalrequirements/Content/NessusScannerHardwareRequirements.htm 301 (Wikipedia, 2021), https://en.wikipedia.org/wiki/Deb_(file_format) 302 (Tenable, 2022), https://www.tenable.com/downloads/nessus 303 (Wikipedia, 2022), https://en.wikipedia.org/wiki/SHA-2 304 (Wikipedia, 2022), https://en.wikipedia.org/wiki/MD5 Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 169 We then echo the copied checksum together with the filename of the installer into a file with the name sha256sum_nessus. Since the button next to the SHA256 checksum only copies the checksum itself, we need to enter the file name manually. The resulting sha256sum_nessus file needs to be in the same directory as the Nessus installer. We will then use sha256sum 305 with the -c parameter to verify the checksum. kali@kali:~$ Yüklə Dostları ilə paylaş:
|