Skip to content

This is a walkthrough of how I created A Virtual Machine environment using VMWare running Windows 10. I did this project to gain experience with Nessus Essentials and learn how to scan for vulnerabilities and remediate them. This project will showcase two of the main steps in the Vulnerability Management Lifecycle. I will be using Nessus Essenti…

Notifications You must be signed in to change notification settings

JonCyberGuy/VulnerabilityManagement

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 

Repository files navigation

Nessus Essentials Vulnerability Management Lab

Description

This is a walkthrough of how I created A Virtual Machine environment using VMWare running Windows 10. I did this project to gain experience with Nessus Essentials and learn how to scan for vulnerabilities and remediate them. This project will showcase two of the main steps in the Vulnerability Management Lifecycle. I will be using Nessus Essentials to scan local VMs hosted on VMWare Workstation in order run credentialed scans to discover vulnerabilities, remediate some of the vulnerabilities, then perform a rescan to verify remediation.

Utilities Used

  • Nessus Essentials
  • CMD

Environments Used

  • VMWare
  • Windows 10 (21H2)

Links

Program walk-through

The first thing I am going to do is Download Nessus Essentials, my Vulnerability management software. It takes a long time to download so I can accomplish a few things while it is downloading, like downloading Windows 10 on a Virtual Machine and configuring it (which also takes a long time)

Downloading Nessus



For the Virtual Machine that I will be managing vulnerabilities on, I have to configure the network adapter to be bridged so it can be on the same network as my native. I do this because Nessus has to Secure Server Login (SSL) into the Virtual Machine and it's just easier if it's using my local network.

Configure_Network_Adapters



Nessus at this point is still downloading and my Virtual Machine successfully downloads Windows 10, so I open up CMD to figure out it's IP address which I will need to be able to run vulnerability scans on Nessus. I named the VM Admin. The screenshot shows that the IP address is 192.168.50.185

VM_IP



I try to ping the VM from my native computer to see if I can communicate with the VM. The reason I am doing this is because of I can't ping the VM then Nessus won't be able to as well and can't run its scans. As we can see the pings are timing out, meaning my native PC can't establish a connection with it at the moment.

trying_to_ping_VM_Fails



The reason my PC can't establish a connection is because the VM has a firewall active and it is blocking all connection attempts (which is a good thing, but not for the purposes of this lab) so I have to disable the firewalls. This is something I would NEVER do in a production environment as it could and would be catastrophic, but this is a just a junk VM so no worries.

windows_firewall_disable



I have to turn off all three firewalls which are circled at the top in Red, Blue, and Green. Circled in Yellow is showing that the firewalls are currently On. I have to turn them Off to be able to communicate properly with the VM.

Turning_off_Firewalls



Now that the VM's firewall is disabled, I try to Ping it again from my native PC and this time it is successful.

Ping_works



By this time Nessus Essentials successfully downloads. The first thing I want to do is create a new scan, then select Basic Network Scan.

Create_New_Scan

basic_network_scan



The newly created scan asks me to name the scan and select a target to scan. I configure it to scan the VM's IP address which is 192.168.50.185

Scan_VM_IP



I launch the newly created scan and it immediately goes to work scanning for any known vulnerabilities. When the grey checkmark appears, the scan is complete.

Launch_newly_created_scan

Scan_Running

Scan_Completed



Lets look at the results! It is showing 33 results, 32 of which are info and 1 low. If this was an actual production environment these most likely would be left alone. The Info results are probably because some things don't have proper credentials and are not essentially vulnerabilities

Results_Of_Scan



Looking at one of the INFO results you can see that the Target Credential Status By Authentication Procotol was triggered because we did not actually provide any credentials for this scan.

No_credentials_Given



Next thing I do is configure the VM to be able to accept authenticated scans and provide credentials to Nessus. I will then rescan the VM and compare the results. I go to services.MSC to start this process and enable Remote Registry. This will allow Nessus to connect to the VM's registry and properly scan for vulnerabilities such as insecure connections or deprecated cipher suites. I'm following these steps from Nessus and what they recommend to actually do credentialed scans. There might be a better way to do this.

Services_MSC

Enabling_Remote_Registry



From there I go to User Account Controls and disable it. I have to do this because this VM is not on a domain so I kind of have to do hacker stuff to get it to work properly. I would never do this in an actual organization or production environment.

user_account_Settings

User_Account_settings_configuration



Then I'm going to open the registry and add a key that is suppose to allow Nessus to connect in by further disabling user account controls.

Registry_editor



Now I navigate the Registry to the file that Nessus instructs us to (highlighted Yellow in the search bar) and I have to add a DWORD value and name it LocalAccountTokenFilterPolicy and give it a value of 1.

Creating_a_new_DWORD

DWORD_name

Edit_DWORD



After doing that I have to restart the VM so the changes can take effect.

Restart_The_VM



With the registry configured, it is now time to go back into Nessus and configure the scan I created. I have to add the Credentials to the scan so it can work properly. The credentials I'm talking about is the username and password of the VM. This will allow Nessus to use those credentials in places where it is required in the VM registry.

Configure_Nessus

Adding_Credentials



After the scan is properly configured with the right credentials, I run it again.

Run_The_Scan_Again



This new scan has given us a lot more vulnerabilities than the first one because it is able to scan deeper into the VM due to having credentials. The top picture is the new credentialed scan and the bottom picture is from the first non-credentialed scan. Most of the vulnerabilities found is probably because the version of Windows 10 this VM is running is not up to date.

new_scan_properly_credentialed

Old_scan_not_credentialed



I want to see how powerful this Nessus Scanner is so I'm going to download a very old version of Firefox which probably has many vulnerabilities and see if Nessus can discover them (I'm sure it will.)

downloading_an_old_version_of_firefox



After a deprecated version of Firefox is downloaded, I run another scan. We can see many new alerts and vulnerabilities just from Firefox! 68 Critical!

Old_Firefox_Scan



A comparison between scans to show the progression of alerts and vulnerabilities.

Vulnerability_Comparison



Showing what some of the alerts and vulnerabilites look like. We can see most of the Critical alerts are just from Firefox. A few ways we can remediate some of the vulnerabilities is by either Updated Firefox, which will probably remediate a lot of them, or we can simply delete Firefox.

Showing_Vulnerabilities



To start the process of remediating vulnerabilities, I elect to just delete Firefox. That will instantly fix a lot of these issues.

Fixing_Vulnerabilities_Uninstall_Firefox



To remediate the Windows vulnerabilities, I choose to update Windows. This version is old so it takes a few restarts to get it up to date.

Remediating_Vulnerabilities_Updating_WIndows_1

Remediating_Vulnerabilities_Updating_Windows



After a few restarts, Windows is finally up to date. I run one more Nessus scan to find if the steps I took to remediate some of the alerts worked.

VM_Up_To_date



Here is a final comparison between the four scans I took while doing this lab. The last picture is the after remediation scan. There we can see a lot of the vulnerabilities that were being alerted are gone! Still a 1 critical but I'll remediate that another time!

After_Vulnerability_Remediation



About

This is a walkthrough of how I created A Virtual Machine environment using VMWare running Windows 10. I did this project to gain experience with Nessus Essentials and learn how to scan for vulnerabilities and remediate them. This project will showcase two of the main steps in the Vulnerability Management Lifecycle. I will be using Nessus Essenti…

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published