Try Hack Me - Greenbone GVM and OpenVas
Task 1 - Introduction
The first task is fairly simple so I will elaborate on OpenVas. The OpenVas project was born in 2005 when the Nessus vulnerability scanner moved into a close source model. At this point some of the developers decided to continue the opensource VA scanner and called it OpenVas. Which stands for "Open Source Vulnerability Scanner". This scanner was later purchased by the Greenbone vulnerability management platform and incorporated as their default scanner.
Some key features about the platform:
It is totally free
Offers vulnerability management
Vulnerability remediation tracking and lifecycle
Robust security feeds
Role based access and privillege access management
Active Directory integration
Task 2 - GVM Framework Architecture
In this task, we have no hands on work. We are simply asked to review the architecture to help us understand all the components that make up the picture.
Task 3 Start
In this task we are tasked with installing OpenVas.
sudoapt-get install openvas
Step 1: Checking OpenVAS (Scanner)... OK: OpenVAS Scanner is present in version 21.4.4. OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem. Checking permissions of /var/lib/openvas/gnupg/* OK: _gvm owns all files in /var/lib/openvas/gnupg OK: redis-server is present. OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock. OK: redis-server configuration is OK and redis-server is running. OK: _gvm owns all files in /var/lib/openvas/plugins OK: NVT collection in /var/lib/openvas/plugins contains 101914 NVTs. Checking that the obsolete redis database has been removed OK: No old Redis DB OK: ospd-OpenVAS is present in version 21.4.4. Step 2: Checking GVMD Manager ... OK: GVM Manager (gvmd) is present in version 21.4.5. Step 3: Checking Certificates ... OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem. OK: Your GVM certificate infrastructure passed validation. Step 4: Checking data ... OK: SCAP data found in /var/lib/gvm/scap-data. OK: CERT data found in /var/lib/gvm/cert-data. Step 5: Checking Postgresql DB and user ... OK: Postgresql version and default port are OK. gvmd | _gvm | UTF8 | en_US.UTF-8 | en_US.UTF-8 | OK: At least one user exists. Step 6: Checking Greenbone Security Assistant (GSA) ... Oops, secure memory pool already initialized OK: Greenbone Security Assistant is present in version 21.4.4. Step 7: Checking if GVM services are up and running ... Starting ospd-openvas service Waiting for ospd-openvas service OK: ospd-openvas service is active. Starting gvmd service Waiting for gvmd service OK: gvmd service is active. Starting gsad service Waiting for gsad service OK: gsad service is active. Step 8: Checking few other requirements... OK: nmap is present in version 21.4.4. OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work. WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work. SUGGEST: Install nsis. OK: xsltproc found. WARNING: Your password policy is empty. SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy. It seems like your GVM-21.4.3 installation is OK.
Start up/initiation process
sudo gvm-start (Starts the GVM service
Systemctl status gvmd (Greenbone Dameon)
Task 4 Initial Configuration
This stage consists of simply specifying a target, a scan type and running the scan.
Task 5 Scanning Infrastructure
In this task, we run a formal scan against the provided host which is serving up the Damn Vulnerable Web Application.
Here is what the report looks like as we wait for it to complete.
Task 6 Reporting and Continuous Monitoring
In this task we are required to configure a scheduled scan and generate alerts. Again there is not much to talk about as this is very basic and the configuration options are self explanatory. What I really like however, is just the ability to configure for example, regular scans, and alerts to notify you on findings such as high severities, or changes in severities, and even different types of specifics. This is followed up with the ability to generate those alerts via email, smb, samba, scp, get requests and many others, as a way to centralize these alerts. Especially if more emails are not for you.
Task 7 Practical Vulnerability Management
When did the scan start in Case 001?
Feb 28, 00:04:46 When did the scan end in Case 001?
Feb 28, 00:21:02
How many ports are open in Case 001?
How many total vulnerabilities were found in Case 001?
What is the highest severity vulnerability found? (MSxx-xxx)
What is the first affected OS to this vulnerability?
Microsoft Windows 10 x32/x64 Edition
What is the recommended vulnerability detection method?
Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability.
Task 8 Practical Vulnerability Management