• Donald Ashdown

Try Hack Me - Greenbone GVM and OpenVas

Task 1 - Introduction

The first task is fairly simple so I will elaborate on OpenVas. The OpenVas project was born in 2005 when the Nessus vulnerability scanner moved into a close source model. At this point some of the developers decided to continue the opensource VA scanner and called it OpenVas. Which stands for "Open Source Vulnerability Scanner". This scanner was later purchased by the Greenbone vulnerability management platform and incorporated as their default scanner.


Some key features about the platform:

  • It is totally free

  • Offers vulnerability management

  • Vulnerability remediation tracking and lifecycle

  • Robust security feeds

  • Role based access and privillege access management

  • Active Directory integration

  • Robust reporting


Task 2 - GVM Framework Architecture

In this task, we have no hands on work. We are simply asked to review the architecture to help us understand all the components that make up the picture.


Task 3 Start

In this task we are tasked with installing OpenVas.

  1. sudoapt-get install openvas

  2. sudo gvm-setup

  3. sudo gvm-start

  4. gvm-check-setup




Step 1: Checking OpenVAS (Scanner)... 
        OK: OpenVAS Scanner is present in version 21.4.4.
        OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
        OK: _gvm owns all files in /var/lib/openvas/gnupg
        OK: redis-server is present.
        OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
        OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
        OK: redis-server configuration is OK and redis-server is running.
        OK: _gvm owns all files in /var/lib/openvas/plugins
        OK: NVT collection in /var/lib/openvas/plugins contains 101914 NVTs.
Checking that the obsolete redis database has been removed
        OK: No old Redis DB
        OK: ospd-OpenVAS is present in version 21.4.4.
Step 2: Checking GVMD Manager ... 
        OK: GVM Manager (gvmd) is present in version 21.4.5.
Step 3: Checking Certificates ... 
        OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
        OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ... 
        OK: SCAP data found in /var/lib/gvm/scap-data.
        OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ... 
        OK: Postgresql version and default port are OK.
 gvmd      | _gvm     | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
        OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) ... 
Oops, secure memory pool already initialized
        OK: Greenbone Security Assistant is present in version 21.4.4.
Step 7: Checking if GVM services are up and running ... 
        Starting ospd-openvas service
        Waiting for ospd-openvas service
        OK: ospd-openvas service is active.
        Starting gvmd service
        Waiting for gvmd service
        OK: gvmd service is active.
        Starting gsad service
        Waiting for gsad service
        OK: gsad service is active.
Step 8: Checking few other requirements...
        OK: nmap is present in version 21.4.4.
        OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
        WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work.
        SUGGEST: Install nsis.
        OK: xsltproc found.
        WARNING: Your password policy is empty.
        SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy.

It seems like your GVM-21.4.3 installation is OK.



Start up/initiation process
  1. sudo gvm-start (Starts the GVM service

  2. Systemctl status gvmd (Greenbone Dameon)

Task 4 Initial Configuration

This stage consists of simply specifying a target, a scan type and running the scan.




Task 5 Scanning Infrastructure

In this task, we run a formal scan against the provided host which is serving up the Damn Vulnerable Web Application.


Here is what the report looks like as we wait for it to complete.


Task 6 Reporting and Continuous Monitoring

In this task we are required to configure a scheduled scan and generate alerts. Again there is not much to talk about as this is very basic and the configuration options are self explanatory. What I really like however, is just the ability to configure for example, regular scans, and alerts to notify you on findings such as high severities, or changes in severities, and even different types of specifics. This is followed up with the ability to generate those alerts via email, smb, samba, scp, get requests and many others, as a way to centralize these alerts. Especially if more emails are not for you.


Task 7 Practical Vulnerability Management

When did the scan start in Case 001?

Feb 28, 00:04:46 When did the scan end in Case 001?

Feb 28, 00:21:02

How many ports are open in Case 001?

3

How many total vulnerabilities were found in Case 001?

5

What is the highest severity vulnerability found? (MSxx-xxx)

MS17-010

What is the first affected OS to this vulnerability?

Microsoft Windows 10 x32/x64 Edition

What is the recommended vulnerability detection method?


Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability.


Task 8 Practical Vulnerability Management


18 views0 comments