Part 3 - Import and Review Nessus Scan
Video Activity
This lesson covers the import and review Nessus scan. These functions are used to discover information about things that are metasploitable. By clicking the analysis button, you can learn what was found such as services and vulnerabilities.
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
This lesson covers the import and review Nessus scan. These functions are used to discover information about things that are metasploitable. By clicking the analysis button, you can learn what was found such as services and vulnerabilities.
Video Transcription
00:03
>> It's a scan completed.
00:03
We see that it did find quite a bit of
00:03
information about Metasploitable, our target host.
00:03
I can go to the analysis button and click Hosts.
00:03
Now that one shows up.
00:03
Found 33 services, one vulnerability.
00:03
It doesn't really find much
00:03
>> in the way of vulnerabilities
00:03
>> because the Nmap is just a port scanner.
00:03
unless it's something very obvious
00:03
>> that they can pick up,
00:03
>> it's not going to really do
00:03
anything too much to help us there.
00:03
What we can do, however,
00:03
is import a Nessus scanner
00:03
into Metasploit committee edition.
00:03
This is much better.
00:03
I'm going to go here and actually get rid of this host.
00:03
Because when we import it from Nessus,
00:03
it's going to give us another
00:03
>> host of the same IP address
00:03
>> anyway and I don't want to have any confusion there.
00:03
I believe I covered installing
00:03
>> Nessus in earlier modules,
00:03
>> so refer back to that.
00:03
But much like Metasploit,
00:03
you do need to register
00:03
your free version of Nessus and
00:03
get it updated manually and so on.
00:03
I already completed a scan of Metasploitable earlier.
00:03
We can just go in and look at this.
00:03
As we can see, 66 vulnerabilities,
00:03
couple of remediation is being suggested,
00:03
found a lot of good information here
00:03
that you could use to exploit
00:03
the system and we've covered this a
00:03
little bit at the beginning
00:03
>> of the course if you recall.
00:03
>> What I want to do though,
00:03
is export this scan.
00:03
It tells me that it's VB1, PG, LMSs somewhere.
00:03
Go ahead and save that file that should
00:03
go into my downloads directory.
00:03
Back On Metasploit,
00:03
I can go to my Import button.
00:03
I want to import from a file.
00:03
This is the one I just exported.
00:03
I'm going to go ahead and import that.
00:03
Notice it's already pointing to my downloads directory.
00:03
[NOISE]Importing
00:03
is very quick.
00:03
As you can see, that only took a few seconds.
00:03
Now when I go back to hosts,
00:03
I see a host, but I've got a lot of
00:03
information here that's useful.
00:03
Actually, I think I found a few more services,
00:03
I think it was 33 services for Nmap,
00:03
but 107 vulnerabilities.
00:03
Any one of these you can decide to click
00:03
on to see what kind of information it gives you.
00:03
Sometimes the information that it finds comes
00:03
with a CVE mention.
00:03
That's always useful. I'm going to
00:03
change this to show me 100 records.
00:03
That way they can scroll through and
00:03
see there's a lot more information.
00:03
Here's a CVE and a fast Share export.
00:03
Can we get some good details about
00:03
what this vulnerability really
00:03
is and maybe what you can do with it.
00:03
A lot of good stuff here.
00:03
The next thing to do then is to go from the host tab,
00:03
we want to look at the vulnerabilities tab.
00:03
This shows more detail about
00:03
>> what was actually discovered
00:03
>> on this particular scan, the Metasploitable box.
00:03
As we can see, you've got quite a few things
00:03
here and a decent amount
00:03
of information about each of them.
00:03
I'm going to change this to 100.
00:03
The challenge would be to figure out
00:03
a vulnerability that you'd like to
00:03
exploit and try them
00:03
one by one until you get something that actually works.
00:03
These we did from previous modules as
00:03
far as showing the exploit actually works.
00:03
Could a bunch here about SMB for
00:03
Microsoft, windows, vulnerabilities.
00:03
FTP related that there were a couple of DNS
00:03
and some other FTP-related items.
00:03
At the top of the list.
00:03
smiley face back door.
00:03
That was a little bit easier to do manually.
00:03
You use the Smiley face as part of your login.
00:03
But the point is that there's
00:03
>> some good information here.
00:03
>> We can review the services
00:03
looking at your current states,
00:03
which protocols are running, and so on.
Up Next
Similar Content
