Lab9 - Nessus
Lab9 - Nessus
Lab9 - Nessus
The goal of this lab is to learn how to properly configure Nessus depending on the services
running on the target machine.
• Nmap
• Nessus
• Metasploit
Now that we know there is a host on the target network, let us scan the host and gather as
much information as we can in order to properly configure the Nessus scan.
You should have identified few services running on the machine. Configure a new Nessus
policy and scan depending on the scan results of the previous step.
Once the scan completes, open the results and analyze them. You will find something very
interesting! Moreover export the scan results, you may need them!
The target machine has few critical vulnerabilities. Once you finish studying the Metasploit
module, start the lab over again and try to exploit the machine.
As we can see the target network is 192.168.99.0/24. Let's run nmap -sn in order to
discover alive hosts on the network:
The previous screenshot shows that the only host alive in the network is 192.168.99.50
(besides our host: 192.168.99.13).
As we can see in the previous output there are just few services enabled. Moreover, the
machine is a Windows machine. Armed with this knowledge we can start configuring our
new Nessus policy and scan.
In order to run the scan, we need to visit Nessus’s web interface on http://localhost:8834/
first.
Then we should navigate to Scans and choose New Scan -> Advanced scan.
We only need to specify the target and the desired name of the scan. Now, we are ready to
launch the scan.
Policy -> New Policy -> Advanced Scan and configure the below.
Then navigate to My Scans -> New Scan -> User Defined and launch the scan.
This vulnerability allows attackers to execute code remotely! Keep it in mind if you want to
exploit the machine!
In the previous step we found a very interesting vulnerability. Once you finish studying the
Metasploit section of the course, come back in this lab and try to exploit it!