Nessus - TryHackMe
5 min read
Published at: May 17, 2024
Learn how to set up and use Nessus, a popular vulnerability scanner.
Metadata
Meta
- Room name: Nessus
- URL: https://tryhackme.com/room/rpnessusredux
Goal
Learn how to set up and use Nessus, a popular vulnerability scanner.
Cheat Sheet
Before we begin, as always there is a generic Cheat Sheet for this room which could be integrated in your own notes. You find it at at the bottom of this write-up. You can also find all of my notes at https://hailstormsec.com/posts/categories/notes.
Tasks
Installation
Use Google Chrome
When using FireFox, you may get an error stating Error: Invalid 'code' field: bad format when creating your account later. This will also invalid the activation code so you have to request for a new one. Therefore I suggest using Google Chrome for this process.
- Register at: https://www.tenable.com/products/nessus/nessus-essentials
- Choose platform and download either via curl or direct.
- Download using
aptor appropriet packet manager on your system.
- Start the nessus service:
sudo systemctl start nessusd.service - Navigate to https://localhost:8834 and click 'Accept the Risk and Continue'.
- Click 'Continue' and select 'Register for Nessus Essentials'.
- Now click 'Skip' and thereafter input your activation code.
- Now you can create your account, make sure to use a strong password.
- It will now install all plugins required for using Nessus. After you can simply login and you will be met by the dashboard.
Navigation and Scans
Questions(s)
What is the name of the button which is used to launch a scan?
Answers(s)
New Scan
Questions(s)
What side menu option allows us to create custom templates?
Answers(s)
Policies
Questions(s)
What menu allows us to change plugin properties such as hiding them or changing their severity?
Answers(s)
Plugin Rules
Questions(s)
In the 'Scan Templates' section after clicking on 'New Scan', what scan allows us to see simply what hosts are alive?
Answers(s)
Host Discovery
Questions(s)
One of the most useful scan types, which is considered to be 'suitable for any host'?
Answers(s)
Basic Network Scan
Questions(s)
What scan allows you to 'Authenticate to hosts and enumerate missing updates'?
Answers(s)
Credentialed Patch Audit
Questions(s)
What scan is specifically used for scanning Web Applications?
Answers(s)
Web Application Tests
Scanning
By following the directions given by the task we can easily answer the three first questions:
Questions(s)
- Create a new 'Basic Network Scan' targeting the deployed VM. What option can we set under 'BASIC' (on the left) to set a time for this scan to run? This can be very useful when network congestion is an issue.
- Under 'DISCOVERY' (on the left) set the 'Scan Type' to cover ports 1-65535. What is this type called?
- What 'Scan Type' can we change to under 'ADVANCED' for lower bandwidth connection?
Answers(s)
- Schedule
- Port scan (all ports)
- Scan low bandwidth links
Make sure to configure these settings and launch the scan.
Now let the scanner run for a while and then answer the two last questions.
Question
After the scan completes, which 'Vulnerability' in the 'Port scanners' family can we view the details of to see the open ports on this host?
Answer
Nessus SYN scanner
Question
What Apache HTTP Server Version is reported by Nessus?
Answer
2.4.99
Scanning a Web Application
Create a 'New Scan' and fill out the basic information once again. To avoid scanning more ports than we have to, navigate to 'Discovery' and set it to custom. Thereafter go to 'Port Scanning' and choose 80 as the scanning range.
Now launch the scan and go grab a coffee (or a cuppa for the brits).
Question
What is the plugin id of the plugin that determines the HTTP server type and version?
The name of the plugin you are looking for is HTTP Server Type and Version. The id is indicated by the hashtag.
Answer
10107
Question
What authentication page is discovered by the scanner that transmits credentials in cleartext?
Answer
login.php
Question
What is the file extension of the config backup?
Answer
.bak
Question
Which directory contains example documents? (This will be in a php directory)
Answer
/external/phpids/0.6/docs/examples/
Question
What vulnerability is this application susceptible to that is associated with X-Frame-Options?
Answer
Clickjacking
Support me
Thank you so much for reading and I hope you found it inspirational or helpful! You can best support me by doing any of the following bellow!
- Turn off Adblocker: A simple yet impactful way to support me for free.
- Sign Up: If you haven't already, consider signing up to get access to more content and receive optional newsletters.
- Buy Premium: Explore the Premium option for additional perks and exclusive content.
- Give a Tip: Your generosity is always very appreciated.
You can read more about the perks of being a Member or Subscriber here.
Additionally, you can stay updated and engage with me on social media:
Contact me here: [email protected]
