EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test...
-
Upload
julio-caulk -
Category
Documents
-
view
225 -
download
3
Transcript of EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test...
![Page 1: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/1.jpg)
EC521: Cybersecurity OpenVAS
OpenVAS —A how-to guide about the most popular vulnerability test tool
Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo Zhang;
Igibek Koishybayev;
1
![Page 2: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/2.jpg)
EC521: Cybersecurity OpenVAS
OpenVAS Architecture
2
![Page 3: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/3.jpg)
Our Environment
DVWA + XAMPP
OpenWebMail
Metasploitable
Blackboard
EC521: Cybersecurity OpenVAS
3
![Page 4: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/4.jpg)
Question: How to perform a normal scan with OpenVAS?
EC521: Cybersecurity OpenVAS
4
![Page 5: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/5.jpg)
How to find the command set?
• Solution:#openvas ‘double tab’
• OpenVAS-Scanner: openvassd• openvas-mkcert• openvas-nvt-sync• OpenVAS-Manager: openvasmd• OpenVAS-Client: openvas-cli• Greenbone-Security-Assistant: gsad
EC521: Cybersecurity OpenVAS
5
![Page 6: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/6.jpg)
• openvas-setup• openvas-check-setup• openvas-nvt-sync• openvas-nasl
Reference:
http: //www.openvas.org/setup-and-start.html
https://www.digitalocean.com/community/tutorials/how-to-use-openvas-to-audit-the-security-of-remote-systems-on-ubuntu-12-04
EC521: Cybersecurity OpenVAS
6
How to find the command set?
![Page 7: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/7.jpg)
EC521: Cybersecurity OpenVAS
XAMPP's name is an acronym for:
X (to be read as "cross", meaning cross-platform)
Apache HTTP Server
MySQL
PHP
Perl
It is a completely free, easy to install Apache distribution containing MySQL, PHP, and Perl.Reference: https://www.apachefriends.org/index.html
http://en.wikipedia.org/wiki/XAMPP
Target -- XAMPP
7
![Page 8: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/8.jpg)
EC521: Cybersecurity OpenVAS
Set a target
8
![Page 9: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/9.jpg)
EC521: Cybersecurity OpenVAS
Create a task
9
![Page 10: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/10.jpg)
EC521: Cybersecurity OpenVAS
Get the result
10
![Page 11: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/11.jpg)
Question: How to insert plugins into OpenVAS?
EC521: Cybersecurity OpenVAS
11
![Page 12: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/12.jpg)
EC521: Cybersecurity OpenVAS
Webmail Vuln. & OpenVAS Plugins
Content
1. Webmail environment
2. Web-app scanning
3. Insert plugins
12
![Page 13: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/13.jpg)
EC521: Cybersecurity OpenVAS
Webmail EnvironmentMail Server Set-Up Environment (Local)
OS : CentOS-6.5
SMTP : Postfix-2.6 + Sasl
IMAP/POP3 : Dovecot-2.0
Web : Apache-2.2
Webmail : Openwebmail-2.30 (perl)/
[Squirrelmail-1.4.22 (php)]
localhost/cgi-bin/openwebmail/openwebmail.pl 13
![Page 14: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/14.jpg)
EC521: Cybersecurity OpenVAS
14
![Page 15: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/15.jpg)
EC521: Cybersecurity OpenVAS
Network Vulnerability Tests
NVTs
The OpenVAS project maintains a public feed of more than 35,000 NVTs (as of April 2014)
Command openvas-nvt-sync for online-synchronisation from the feed service.
Based on NASL scripts
(Nessus Attack Scripting Language) 15
![Page 16: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/16.jpg)
EC521: Cybersecurity OpenVAS
Q1: Locate required NVT scriptsSecurity Tools INTERGRATED:
Portscanner: NMAP, pnscan, strobe
IPsec VPN scanning&fingerprinting: ike-scan
Web server scanning: Nikto
OVAL Interpreter: ovaldi
web application attack and audit framework: w3af
16
![Page 17: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/17.jpg)
EC521: Cybersecurity OpenVAS
A1: Locate required NVT scripts
(from Kali)
Location: /var/lib/openvas/plugins
Find: ls | grep ‘specific_scripts’
17
![Page 18: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/18.jpg)
EC521: Cybersecurity OpenVAS
A1: Locate required NVT scripts
(from Greenbone Security Assistant)
Secinfo Management => NVTs => Help: Powerfilter
Family=“Web application abuses”
Name~“openwebmail”
18
![Page 19: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/19.jpg)
EC521: Cybersecurity OpenVAS
A1: Locate required NVT scripts# … introduction comments, description …
if (description) {
script_id(16463);
script_version("$Revision: 17 $");
script_tag(name:"last_modification", value:"$Date: 2013-10-27 15:01:43 +0100 (Sun, 27 Oct 2013) $");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"risk_factor", value:"Medium");
script_cve_id("CVE-2005-0445");
script_bugtraq_id(12547);
script_xref(name:"OSVDB", value:"13788");
# …
http://www.openvas.org/openvas-nvt-feed.html 19
![Page 20: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/20.jpg)
EC521: Cybersecurity OpenVAS
Q2: Scan Webmail (Application)
20
![Page 21: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/21.jpg)
EC521: Cybersecurity OpenVAS
A2: Scan Webmail (Application)
Configuration => Scan Configs => New Scan Config
Scan Settings:
Http Login Page
Login configurations21
![Page 22: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/22.jpg)
EC521: Cybersecurity OpenVAS
A2: Scan Webmail (Application)
22
![Page 23: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/23.jpg)
EC521: Cybersecurity OpenVAS
Q3: Implement OpenVAS Plugins
Plugin Extension?
23
![Page 24: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/24.jpg)
EC521: Cybersecurity OpenVAS
A3: Insert OpenVAS Plugins
1. script.nasl
2. # openvas-nasl -X script.nasl (insert without cert)
3. # vim /etc/openvas/openvassd.conf nasl_no_signature_check = no
24
![Page 25: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/25.jpg)
EC521: Cybersecurity OpenVAS
A3: Insert OpenVAS Plugins
4. Key generation
# gpg --homedir=/etc/openvas/gnupg --gen-key
# wget http://www.openvas.org/OpenVAS_TI.asc
# gpg --homedir=/etc/openvas/gnupg --import OpenVAS_TI.asc
25
![Page 26: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/26.jpg)
EC521: Cybersecurity OpenVAS
A3: Insert OpenVAS Plugins5. Set Trust
# gpg --homedir=/etc/openvas/gnupg --list-keys
# gpg --homedir=/etc/openvas/gnupg --lsign-key XXXXXXXXX
6. Detach Signature# gpg --homedir=/etc/openvas/gnupg/ --detach-sign -a -o script.nasl.asc script.nasl 26
![Page 27: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/27.jpg)
EC521: Cybersecurity OpenVAS
A3: Insert OpenVAS Plugins
7. Add Certificate# gpg --homedir=/etc/openvas/gnupg --import script.nasl.asc
8. Parse & Execute# openvas-nasl –p –t script.nasl
9. Copy plugins to /var/lib/openvas/plugins
Load Scanner & Rebuild Manager
# openvassd #openvasmd --rebuild
27
![Page 28: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/28.jpg)
EC521: Cybersecurity OpenVAS
A3: Insert OpenVAS Plugins
Plugin found!
Flexible and Extendable28
![Page 29: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/29.jpg)
EC521: Cybersecurity OpenVAS
Webmail Vuln. & OpenVAS Plugins
ReferencesOpenwebmail:
http://www.openwebmail.org/
Web App Scan: http://www.greenbone.net/learningcenter/task_webappscan.html
http://www.tenable.com/blog/scanning-web-applications-that-require-authentication
NVT Feed: http://www.openvas.org/openvas-nvt-feed.html
NVT Signature: http://www.openvas.org/trusted-nvts.html
29
![Page 30: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/30.jpg)
Question: How to understand NASL Script language?
EC521: Cybersecurity OpenVAS
30
![Page 31: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/31.jpg)
EC521: Cybersecurity OpenVAS
NASL LanguageNASL is a scripting language designed for the Nessus security scanner. Its aim is to allow anyone to write a test for a given security hole in a few minutes, to allow people to share their tests without having to worry about their operating system, and to guarantee everyone that a NASL script can not do anything nasty except performing a given security test against a given target.
Reference: http://virtualblueness.net/nasl.html31
![Page 32: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/32.jpg)
32
NVT Structure# OpenVAS Vulnerability Test //
# $Id$ //
# Description: [one-line-description] //
(copyright and writer information)
if(description) //
script_oid(FIXME); # see http://www.openvas.org/openvas-oids.html //
script_version("$Revision$"); # leave as is, SVN will update this //
…
include("FIXME.inc"); # in case you want to use a NASL library
# FIXME: the code. //
![Page 33: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/33.jpg)
Metasploitable 2
Designed by HD Moore, Now owned by Rapid 7
(To test their well-known tool metasploit, for free)
A special version of Ubuntu Linux 8.0.4
A target machine with many built-in vulnerabilities
A good platform to conduct security training, test security tools, and practice common penetration
testing techniques.
33
![Page 34: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/34.jpg)
34
![Page 35: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/35.jpg)
Apache 2.2.8, Tomcat Password , Samba NDR Parsing, Heap Overflow, BIND libbind inet_network(), PHP 5.2.12, 5.2.6, 5.2.8, PHP Fixed security issue, VNC
password is "password“, Samba 'reply_netbios_packet' Nmbd Buffer Overflow, cve-2012-1667, HTML Output
Script Insertion XXS, Key algorithm rollover bug,
DNS service BIND 9.4.2, MySQL 5.0.51a and so on…
About 135 in All. 40 are critical vulnerabilities!
35
Vulnerbilities
![Page 36: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/36.jpg)
36
List
![Page 37: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/37.jpg)
37
OpenVAS Scan Report
Sadly not as much result as it should be. (Using the full ultimate scan) .
Some NVTs don’t have the full function as the original program or CVE.
![Page 38: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/38.jpg)
38
A Brief Example
We can use this vulnerability to remote login into the target as the root, and execute shell commands using the rsh-client servise.( In Kali Linux, apt-get install rsh-client.)
![Page 39: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/39.jpg)
39
Nmap NVT port scan
No result in the Openvas NVT Nmap feed. It can’t list all the open ports while using the nmap in kali, we can get the full result.
All the open ports are printed out in nmap as well as their protocol or function. NVT can’t take the place of the original program.
![Page 40: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/40.jpg)
40
Is vulnerability working?Remote Login
TCP ports 512 is known as "r" services, and have been misconfigured to allow remote access from any host (a standard ".rhosts + +" situation).Fisrt, install rsh-client. Then type in rlogin -l root 192.168.99.131, so…
![Page 41: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/41.jpg)
41
Do something badSince we are SSH with the remote target, why not generate the SSH (as we did in homework), so next time we can access unlimitedly!
![Page 42: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/42.jpg)
42
Question: How to use OID to get NVT’s feed?
Use OID To look for the NVT and more information with it
![Page 43: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/43.jpg)
43
NVT Coreinclude("revisions-lib.inc"); //
include("misc_func.inc"); //
port = get_kb_item("Services/rexecd"); //
if(!port)port = 512; //
//username is a string consist of 260 “x”
rexecd_string = string(raw_string(0), username, raw_string(0), "xxx", raw_string(0), "id", raw_string(0)); //
soc = open_sock_tcp(port); //
send(socket:soc, data:rexecd_string); //
buf = recv_line(socket:soc, length:4096); //
if(ord(buf[0]) == 1 || egrep(pattern:"too long", string: buf)) //
register_service(port:port, proto:"rexecd"); //
security_warning(port:port, protocol:"tcp"); //
![Page 44: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/44.jpg)
44
Summary1. Our purpose of the lab generation
2. Completely use of the penetration tool
3. Practical use of OpenVAS
For attacker: Exploit, Sniff
For defender: Assess, Patch
4. Brief assessment of OpenVAS
Open source
Client-server structure
Extended and flexible NVT feed
Security and authentication
![Page 45: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/45.jpg)
45
Blackboard: Demo
![Page 46: EC521: Cybersecurity OpenVAS OpenVAS —A how-to guide about the most popular vulnerability test tool Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo.](https://reader033.fdocuments.in/reader033/viewer/2022051000/56649c7c5503460f94930297/html5/thumbnails/46.jpg)
EC521: Cybersecurity OpenVAS
Questions?
46