Tenable Nessus Vulnerability Management Home Lab
Table of Contents
Create a Nessus Vulnerability Management Lab #
The value in this exercise is getting some hands-on working knowledge of the Nessus scanning tool especially if you’ve never used it before. Working as an security controls assessor as well as vulnerability scanning engineer it can be helpful to understand how Nessus works and outputs even if I’m not running scans everyday. Also there is entire career field and skill in vulnerability management for those interested. These orgs need it!
Objective: Create a vulnerability management lab from an Ubuntu box #
1. Preparation Steps #
I just use an old Dell running Ubuntu for most of my cyber experimentation and labs but this lab can technically be done from any OS. If you are looking for instructions on how to do this on a PC this might be helpful: https://youtu.be/lT6Px9zJM3s
Download VMWare Player, Windows 10 ISO, Nessus Essentials #
Download VMware Player https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html
Download Windows 10 ISO https://www.microsoft.com/en-us/software-download/windows10ISO
Download Nessus Essentials https://www.tenable.com/products/nessus/nessus-essentials
Note: If you are running a Windows host machine you might have to pick a different executable but I’m running Ubuntu locally so opted for the Ubuntu 20.04 Nessus debian package
Install Virtualization Software - VMWare Player #
Got to make the .bundle file from VMWare executable
Install VMware Player (run bundle script like this: ./my_shell_script)
Install Nessus Essentials #
- Get Nessus running on Ubuntu
cd Downloads sudo apt install ./Nessus*_amd64.deb # How I activated Nessus this time I ran this lab /bin/systemctl start nessusd.service # The way I activated Nessus last time I ran this lab sudo systemctl enable --now nessusd sudo systemctl status nessusd sudo ufw allow 8834
Note: When you originally download Nessus the website will prompt you to sign up for an activation code which would have been emailed to you. Here is where you will need that.
- Input activation code. Choose Nessus Essentials.
Create Dummy Windows Virtual Machine #
- Setup the Dummy Windows Virtual Machine using the Windows 10 ISO.
Ensure Connectivity between Host Machine and VM #
ipconfigon Dummy Windows VM
Ping that IP from your host machine (it will fail)
We must lower the firewall from within the Windows VM so we can get connected for this lab.
Ping again and it should go thru.
Might Need these steps? #
I included these steps for a matter of record if needed but in my last two times running this lab they were not needed due to the pre-configuration of the Windows VM.
2. Nessus Scanning #
Basic Scan #
- Use the Dummy Windows VM IP address that we just pinged as the target for a basic Nessus Scan.
- Scan again…this time using a credentialed scan.
Credentialed Scans #
- Add the login credentials for your user into the credentialed information for the Nessus configuration
- Enable Remote Registry from Windows Services
- Open Registry Editor and Add a DWORD
- Create LocalAccountTokenFilterPolicy, Set Value to 1
- Restart Windows. Scan Again!
Obviously, we see a lot more trouble going now that Nessus has the credentials to poke into more areas.
Installing Deprecated Software on Dummy Windows VM #
Why would we do this? It’s great practice for actual real world vulnerability management. Systems using old software is a common issue. In this case, we are using old firefox. After scanning and seeing the issues, we can remediate it.
- Install old Firefox version from https://ftp.mozilla.org/pub/firefox/releases/3.6.12/win32/en-US/ on your Dummy Windows VM
- Scan again…see the fuckery!
- From there I can work on remediating things such as removing the deprecated firefox, updating windows, updating chrome (or edge), and addressing other vulnerabilities as they come up in future scans.
3. Possible Remediation Steps #
We might have to even do some deeper research into some of the CVEs to figure out how to remediate