Vulnerability identification with Backtrack and Nessus

Scanning and identifying vulnerabilities in our objectives is sometimes considered one of the most tedious jobs that security experts must perform, however it is one of the most important tasks that should be performed, since this gives you the opportunity to prepare for any attack they can perform.
In this tutorial we will scan the following vulnerabilities :

• 1. Local security check
• 2. Vulnerability in network services

Before moving on to each point, let's see how we install and configure Nessus :
Installation and configuration

• We open a terminal
• We execute the following command to install Nessus

 apt-get install nessus 

• Nessus will be installed in the / opt / nessus directory
• Once the installation is finished, we run Nessus with the following command:

 /etc/init.d/nessusd start 

• Then we add the following command to add the user:

 / opt / nessus / sbin / nessus-adduser 

• We assign the username for the login and password twice and type and (yes) to ensure that the user is an administrator.
• Once completed, we run Nessus by typing the following, remember that it will not work unless the user account has been added:

 /etc/init.d/nessusd start 

• Finally we logged into Nessus at //127.0.0.1:8834 .

Local security check

Now that we have Nessus installed we can go to the first tests, these vulnerabilities that we are going to identify are specific to the operating system that we are using.
Let's start the process by opening a browser, in this case we will use Mozilla Firefox.

• We logged in to Nessus with //127.0.0.1:8834
• Let's go to Policies .
• Click on Add Policy .

• In the General tab, we do the following:
• We put a name for the scan.
• In Visibility we have two options:
• Share : Other users have the privilege of using is scanning
• Private : This scan can only be used by you
• We place the rest of the fields by default and click Next

• In the Plugins tab, we select Disable All and select the following specific vulnerabilities, (remembering that we are using Backtrack ):
• Ubuntu Local Security Checks
• Default Unix Accounts

• We click on Submit to save the new policy
• In the main menu, click on Scans .
• Click on Add Scan and we do the following:

• We add a name for the scan, we do this to identify the scan we are currently running since they can be one or more.
• We add the type of scan:

Run Now : By default. This option will execute the scan once.

Scheduled : Allows you to choose the date and time to execute it.

Template : Set this scan as a template.

• We choose a policy, in this case we choose the one we created earlier
• We choose the objectives considering the following:

• Objectives must be entered one per line.
• You can also enter target ranges on each line.

• You can also add a text file with the objectives.

• Click on Launch Scan
• You will receive a confirmation and your test will be completed, receiving a report with the following information:
• Each target to which a vulnerability was found is listed.
• You can click on the IP address to see the ports and problems of each port

$config[ads_text5] not found

Vulnerability in network services

The vulnerabilities that we are going to identify are specific to the equipment or protocols in our network.
First we create a policy, remember to put a name that identifies the scan we will perform, the procedure is the same as the previous scan.
In the Plugins tab we will select other vulnerabilities since we are not performing the same tests.
We click on Disable All and select the following vulnerabilities:

• CISCO
• DNS
• Default Unix Accounts
• FTP
• Firewalls
• Gain a shell remotely
• general
• Netware
• Peer-To-Peer File Sharing
• Policy Compliance
• Port scanners
• SCADA
• SMTP Problems
• SNMP
• Service detection
• Settings

$config[ads_text5] not found

• We keep the policy and we go to the option of Scans in the main menu.
• We follow the same procedure as the previous scan, remembering to change the name of the policy.
• We click on Launch Scan .
• And like the previous one we received a report with the test results.

With these tests we prepare for any attack since we identify any vulnerability in our network or local equipment and thanks to Backtrack that not only offers you the robustness of a Unix- based system but also offers quite complete and advanced tools that every security expert should own.

$config[ads_text6] not found