CYBR 525 Bellevue University Ethical Hacking Discussion

Don't use plagiarized sources. Get Your Custom Essay on
CYBR 525 Bellevue University Ethical Hacking Discussion
Just from $13/Page
Order Essay

CYBR525, Ethical Hacking and Response

Week 6 Lab – Vulnerability Scanning

The lab for this week has two parts.  In part one you will scan the Woeson Books clients for vulnerabilities.  In part two you will research those vulnerabilities and report on what you find.

Part 1: Scanning with OpenVas (25 points)

To start openvas use the ‘Applications’ drop down menu.  Go to the ‘Vulnerability Analysis’ section and click ‘openvas start.’  Your menu may clip the right side of the menu.  Choose the second one as show below.

You system will launch a terminal window and state that it is ‘Starting OpenVas Services.’  When you terminal returns to a command prompt you are ready to continue.

You will interact with the openvas scanner through your Firefox Browser.  Start Firefox by clicking on the top tile on the left tile bar, right above the tile you use to start a terminal.  Once Firefox launches go to https://127.0.0.1:9392.  You will be greeted by the Greenbone Security Assistant login screen.  Your username will be admin and your password is the same as your password for Kali sighburrS2S

Once you have logged in you will be presented with the dashboard for openvas scans.  At present you have no scans so you are viewing the number of CVEs contained in the openvas database.  

Look through the menus to see some of the capabilities of the Greenbone Security Assistant and the openvas scanner.  The website for openvas is linked in your course readings for this week, it’s a great place to find documentation.  When you are ready to start scanning use the ‘Scans’ menu and select ‘tasks.’  You will be presented with the scan task dashboard which is empty at present.  Click the new scan wizard, indicated in the image below, to configure a scan.

When the menu appears select the ‘task wizard’ menu choice.  The second option, ‘Advanced Task Wizard’ allows you to change the type of scan, identify multiple IPs, schedule a scan in the future, and do credentialed scans.  Credentialed scans will give more accurate results however as of yet you don’t have credentials for the target systems so you are limited to non-credentialed scans.  Feel free to explore the Advanced Task Wizard and try out its features but for this lab all that is required is the basic ‘task wizard’ option.

Replace the highlighted IP address with the IP you wish to scan.  As you are scanning the Woeson network you have seen the network address is 192.168.25. and the last tuple (the question marks in the above image) should be replaced with the host you are going to scan.  You will want to conduct scans of all the systems on the Woeson network.  Remember these are the systems you found in your nmap scans that have IPs in the range 192.168.25.1-100.  Above that range are student systems.  For your first tries I recommend scanning one system at a time.  You will be able to access all the reports even if the systems are scanned individually.

Once the scan task is complete you will be returned to the dashboard which at present isn’t very interesting as it is showing just your one scan task.  If you had multiple tasks (also, remember a task could be a scan of multiple systems) the dashboard would show how many tasks were complete, scheduled, severity, etc.  By clicking on the name of the task (underlined in blue) at the lower left of the screen you will be taken to the details screen for that particular task.

From the detail screen click the results number as indicated in the image above.  This is the number of findings in this particular task.  The next screen will be the results dashboard along the top showing several results categorized by severity and CVSS number.  Along the bottom will be a table with the vulnerabilities found.  The columns provide the following information:

Vulnerability: The name of the vulnerability. Clicking on it will provide more information.  This is where you will need to look for the information to complete Part 2 of the lab.

Solution type (puzzle piece): If a patch, work around, or mitigation exists it MAY be indicated here.  There may be other mitigations or work arounds you can find.

Severity: How bad is it, scale of 1 – 10.  This is the CVSS score.

QoD: Quality of Detection.  The closer to 100 the less chance of a false positive.

Host: Which host was the vulnerability found on.  Remember a task can scan multiple hosts. Clicking on the host IP can provide some additional enumeration information.

Location: Where was the vulnerability detected on the host.

Created: When was the scan done.

  

Complete scans on the Woeson assets.  Once complete provide a screen shot of your task dashboard showing the completed scans. It’s the screen that looks like the below but should show all your scanning tasks complete.  Be sure your scans and scan titles reflect your targets.  Only indicating you scanned every address in the Woeson range will not receive full points.  At this stage you know what your targets are.

  

Part 2: Vulnerability Research (25 points)

For this part of your lab you will list the vulnerabilities you found across all hosts which are rated as high (ignore the medium and low), and research them through the Open VAS, CVE, and NVD databases on your system and on the web. 

As shown in part 1, your scan task dashboard will show at the bottom of the screen a list of all scan tasks.  Below you will see one task, an immediate scan of 10.19.99.211.  Your screen would show appropriate IP addresses for the Woeson network.

By clicking on the name of the scan task you will be brought to the scan summary page.

At the bottom of this screen you will see a link with the number of results (findings) on this scan.  Click that number to go to the summary page for findings in that scan.  At the bottom of the screen is a list of the vulnerabilities found in that scan.  Remember, depending on how you did the scan task your results could show multiple hosts.

Clicking on a vulnerability in the list will take you to the summary page for that vulnerability.  Across the top of the screen will be the title of the vulnerability, the severity (CVSS Score followed by a Low/Medium/High assessment) and other related information.

At the bottom of the screen under the references section is a link to information on the applicable CVE.   The link itself is the CVE number.  By clicking the CVE link you will be taken to the CVE summary page for that vulnerability.  Other options for finding information on the vulnerability are under the SecInfo menu at the top of the screen.  This is information that openvas downloads from external information sources.

You can also go directly to the source and check the CVE (cve.mitre.org) and NVD (nvd.nist.gov) web sites. Searching by the CVE number will provide applicable information. You will need to access these websites from outside the toxic lab as the toxic lab does not have internet access.

Using the information in openvas and the CVE and NVD databases research the vulnerabilities you have found.  Complete the table below based on your research.  

  

Host(s) IP

CVE or other Identifier

Severity

CVSS Score (if Available)

Vulnerability Name/Description

 

192.168.25.40-45

CVE-2017-3119

High

8.8

Adobe   Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier,   2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory   corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful   exploitation could lead to arbitrary code execution.

My Essay Homework
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.