In this walk through, we will be going through the OpenVAS room from Tryhackme. This room will teaches us the basics of threat and vulnerability management using Open Vulnerability Assessment Scanning tool. So, let’s get started without any delay.
Table of Contents
Task 1 – Introduction
Task 2 – GVM Framework Architecture
Question 1 – Read about GVM architecture and move on to setting up OpenVAS
Task 3 – Installing OpenVAS
Question 1 – Read the above and prepare your environment.
Task 4 – Initial Configuration
Question 1 – Read the above and complete your first scan!
Task 5 – Scanning Infrastructure
Question 1 – Read the above and complete your scan on DVWA to test scanning remote infrastructure.
Task 6 – Reporting and Continuous Monitoring
Question 1 – Read the above and practice reporting and monitoring.
Task 7 – Practical Vulnerability Management
Question 1 – When did the scan start in Case 001?
Feb 28, 00:04:46
Question 2 – When did the scan end in Case 001?
Feb 28, 00:21:02
Question 3 – How many ports are open in Case 001?
Question 4 – How many total vulnerabilities were found in Case 001?
Question 5 – What is the highest severity vulnerability found? (MSxx-xxx)
Question 6 – What is the first affected OS to this vulnerability?
Microsoft Windows 10 x32/x64 Edition
Question 7 – What is the recommended vulnerability detection method?
Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability.
Task 9 – Conclusion
Also Read: Tryhackme – Nmap Live Host Discovery
So that was “OpenVAS” for you. In this room, we have covered one of the most popular Open Source vulnerability scanner – OpenVAS. We have learned the basics of threat and vulnerability management using Open Vulnerability Assessment Scanning tool. We started with the setup and installation of the scanner. Then, moved into various types of scanning which it present. Also took a dive into some of the vulnerabilities found in the target VM. Overall, after completing this room we are well versed to work with OpenVAS Vulnerability Scanner. On that note, i will take your leave. Till then, “Happy Hacking”.