Tryhackme - Nessus

Tryhackme – Nessus

In this walk through, we will be going through the Nessus room from Tryhackme. This room will cover the set up and use Nessus, a popular vulnerability scanner. So, let’s get started without any delay.

Nessus

Task 1 – Introduction

Nessus Vulnerability Scanner

Question 1 – I have read the description!

Done

Task 1 - Introduction

Task 2 – Installation

Step 1 – Got to https://www.tenable.com/products/nessus/nessus-essentials and register an account.

Done

Register for an Activation Code

Step 2 – We will then download the Nessus-#.##.#-debian6_amd64.deb file. Save it to your /Downloads/ folder

Done
Nessus-8.12.1

Step 3 – In the terminal we will navigate to that folder and run the following command:

sudo dpkg -i package_file.deb

Remember to replace package_file.deb with the file name you downloaded.

Done
sudo dpkg -i package_file.deb

Step 4 – We will now start the Nessus Service with the command:

sudo /bin/systemctl start nessusd.service

Done
sudo /bin/systemctl start nessusd.service

Step 5 – Open up Firefox and goto the following URL:

http://localhost:8834/

You may be prompted with a security risk alert.

Click Advanced… -> Accept the Risk and Continue

Done
Certificate

Step 6 – Next, we will set up the scanner.

Select the option Nessus Essentials

Done

Welcom to Nessus

Clicking the Skip button will bring us to a page, which we will input that code we got in the email from Nessus.

Register Nessus

Step 7 – Fill out the Username and Password fields. Make sure to use a strong password!

Done

Nessus create account

Step 8 – Nessus will now install the plugins required for it to function.

This will take some time, which will depend on your internet connection and the hardware attached to your VM.

If the progress bar appears to be not moving, it means you do not have enough space on the VM to install.

Done

Nessus initializing

Step 9 – Log in with the account credentials you made earlier.

Done

Nessus login

Step 10 – You have now successfully installed Nessus!

Done

Welcome to Nessus

Task 3 – Navigation and Scans

Navigation and Scans

Question 1 – What is the name of the button which is used to launch a scan?

New Scan

New Scan

Question 2 – What side menu option allows us to create custom templates?

Policies
Policies

Question 3 – What menu allows us to change plugin properties such as hiding them or changing their severity?

Plugin Rules
Plugin Rules

Question 4 – In the ‘Scan Templates‘ section after clicking on ‘New Scan‘, what scan allows us to see simply what hosts are alive?

Host Discovery
Host Discovery

Question 5 – One of the most useful scan types, which is considered to be ‘suitable for any host‘?

Basic Network Scan
Basic Network Scan

Question 6 – What scan allows you to ‘Authenticate to hosts and enumerate missing updates‘?

Credentialed Patch Audit
Credentialed Patch Audit

Question 7 – What scan is specifically used for scanning Web Applications?

Web Application Tests
Web Application Tests

Task 4 - Scanning!

Task 4 – Scanning!

Scanning

Question 1 – Create a new ‘Basic Network Scan‘ targeting the deployed VM. What option can we set under ‘BASIC‘ (on the left) to set a time for this scan to run? This can be very useful when network congestion is an issue.

Schedule
Schedule

Question 2 – Under ‘DISCOVERY‘ (on the left) set the ‘Scan Type‘ to cover ports 1-65535. What is this type called?

Port scan (all ports)

Port scan (all ports)

Question 3 – What ‘Scan Type’ can we change to under ‘ADVANCED‘ for lower bandwidth connection?

Scan low bandwidth links

Scan low bandwidth links

Question 4 – With these options set,  launch the scan.

Done

Question 5 – After the scan completes, which ‘Vulnerability‘ in the ‘Port scanners‘ family can we view the details of to see the open ports on this host?

Nessus SYN scanner

Nessus SYN scanner

Question 6 – What Apache HTTP Server Version is reported by Nessus?

Apache HTTP Server Version

2.4.99

Task 4 - Scanning!

Task 5 – Scanning a Web Application!

Web Application Tests

Run a Web Application scan on the VM!

(Running this Scan will take some time to complete, please be patient)

Question 1 – What is the plugin id of the plugin that determines the HTTP server type and version?

Plugin Details
10107

Question 2 – What authentication page is discovered by the scanner that transmits credentials in cleartext?

Web Server Transmits Cleartext Credentials

login.php

Question 3 – What is the file extension of the config backup?

Web Application Sitemap

 .bak

Question 4 – Which directory contains example documents? (This will be in a php directory)

Browsable Web Directories

/external/phpids/0.6/docs/examples/

Question 5 – What vulnerability is this application susceptible to that is associated with X-Frame-Options?

clickjacking
clickjacking
Task 5 - Scanning a Web Application!

Also Read: Tryhackme – MITRE

So that was “Nessus” for you. In this room, we have covered one of the most popular and powerful vulnerability scanner – Nessus. We started with the setup and installation of the scanner. Then, moved into various types of scanning which it present. Also took a dive into some of the vulnerabilities found in the target VM. Overall, after completing this room we are well versed to work with Nessus Vulnerability Scanner. On that note, i would take your leave and will meet you in next one. Till then, “Happy hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top