Scanning and Exploiting Vulnerabilities with Nessus
- Teja Swaroop
- Apr 18, 2024
- 3 min read
In this article, I will walk you through the process of setting up Nessus, scan and exploit a target on Proving Grounds Play with it.
What is Nessus?
Nessus is a vulnerability scanner that can scan and asses the complete attack surface of a target. With Nessus, you can scan a network for potential vulnerabilities, and even automatically exploit these discovered vulnerabilities. It supports different type of scans like Host Scan, Basic Network Scan, Malware Scan, Active Directory Scan, etc. It is a great tool for enumerating a target network and discovering potential ways to gain access.
Setting up Nessus
Nessus can be installed on Windows, Linux, Mac, Docker and even on a Raspberry Pi!. I prefer using it with Kasm Workspaces, which is a docker container streaming platform that lets me access and manage my docker apps from my web browser!
You can install Kasm Workspaces on your Linux machine with four simple commands by following the official installation guide here.
If you'd like to install Nessus on your machine directly (without Docker or Kasm), you can follow the installation guide here.
If you're setting up Nessus on Kasm, you need to edit some minor configurations. Go to Admin -> Workspaces and edit the Nessus image. For the "Docker Exec Config", use this configuration:
{"first_launch": { "cmd": "bash -c 'sudo apt-get update -y && sudo apt-get install -y openvpn && sudo apt-get install -y iputils-ping'"}}
For "Docker Run Config Override", use this configuration:
{"user":"root","cap_add":["NET_ADMIN"],"devices":["dev/net/tun","/dev/net/tun"],"privileged":true}
These configurations will enable you to use OpenVPN within the Nessus container spawned in Kasm.
On the first launch of Nessus, you need to register for Nessus Essentials to be able to use it for free.
You will then need to submit your name and email to receive an activation code.
Once the registration process is complete, Nessus will download all the plugins and compile them. This is going to take a lot of time - it took me 2 hours! So be patient, I guess.
Once the plugins are downloaded and compiled, you will be able to start scanning.
Scan and Exploit
We will perform our first scan on a machine called "Sumo" from Proving Grounds Play, which is a free platform offered by Offsec to practice hacking. Once you signup on Proving Grounds Play, you can download your universal VPN pack to be able to connect to the PG Play's network and scan the target.
To connect using OpenVPN, use the following command:
sudo openvpn universal.ovpn
Now, create a new "Basic Network Scan" on Nessus, set the target to the IP address of the "Sumo" machine on PG Play.
Once the scan is complete, you can see that Nessus was able to find multiple vulnerabilities of different severities.
We'll focus on the "GNU Bash Environment Variable Handling Code Injection (Shellshock)" vulnerability that Nessus identified.
Upon opening the report, you can see that Nessus was actually able to exploit this vulnerability. The report also clearly states the exact malicious request that Nessus sent in order to exploit the vulnerability.
Let's try to replicate this request to see if the exploit is actually working.
I asked ChatGPT to give me a CURL one-liner command based on the HTTP request.
Upon running this CURL command, I got a response from the target that proves that the exploit worked. The response contains the output of the command injected in the request.
Using this exploit, one can inject and run arbitrary commands on the target and even get reverse shell access on the target by doing so.
So just like that, with Nessus, we were able to scan a target, find potential vulnerabilities and even get a detailed report on how to exploit one of these vulnerabilities.
Ocean of game is a growing site where gamers find free versions of premium titles daily.
O KMSpico Ativador está entre os mais baixados no Brasil. Com o KMSpico Ativador, você garante produtividade sem limites. Qualquer computador pode rodar com o KMSpico Ativador. Não há erro ao utilizar o KMSpico Ativador. Mantenha seu sistema funcional com o KMSpico Ativador. A versão mais recente do KMSpico Ativador está ainda mais otimizada. Com o KMSpico Ativador, você não perde desempenho. Baixar o KMSpico Ativador é a melhor decisão. Você ativa até o Office 2021 com o KMSpico Ativador. Ative tudo com um clique no KMSpico Ativador.
Dr. Christopher Walker is a helpful, human, and nationally recognized urologist and regenerative medicine specialist. Known for his compassionate approach and commitment to patient-centered care, Dr. Walker brings decades of experience and a global perspective to his work. He earned his medical degree from the University of the West Indies and began his career practicing family medicine in Jamaica, where he developed a strong foundation in holistic and community-based healthcare.
Today, Dr. Christopher Walker MD is a respected leader in urology and regenerative therapies, dedicated to advancing innovative treatments that improve quality of life. Whether he's guiding patients through complex diagnoses or pioneering cutting-edge solutions, Dr. Walker remains committed to healing with heart and science.
Dr. Christopher Walker - Instagram, Dr. Christopher…
Being a content writer, I’m feeling extremely graceful and great after reading your extraordinary content, as it is really informative and knowledgeable for everyone. Recently, I have written one interesting piece of content on “<a href=”https://www.technootech.com/larimar-meaning-history-origin-healing-benefits-and-properties/”>Larimar Meaning</a>”. If you're a gem lover and interested in knowing more about crystals, please read my content and send your feedback
If you’re running your business on Microsoft Dynamics AX 2009 or 2012, you are no doubt aware that both software products are approaching the end of their life-cycles. Microsoft is ending Mainstream Support for Dynamics AX 2009, Dynamics AX 2012, and AX 2012 R2 this year and for AX 2012 R3 in 2021. That means no more security updates, hotfixes, warranty claims, design changes, features requests, and self-service support. You can purchase extended support. But be aware that extended support for AX 2009, AX 2012, and AX 2012 R2 ends in 2021. For AX 2012 R3, it will be available until 2023.
If your business is thinking of upgrading from Microsoft Dynamics AX 2012 to the latest Dynamics 365 version, we…