본문 바로가기

Learning/└◆Network Hacking

Nessus을 통한 시스템 취약점 분석하기

Nessus을 통한 시스템 취약점 분석하기

 

취약점 분석 도구: Nessus

 

 

취약점 분석 도구

- Nessus

- Nexpos

- OpenVAS

 

사용시스템

- Window 7

- Linux200

- KaliLinux

- Oracle Solaris

- Win2008

 

 

 

<Window 7>

웹 브라우저 설치

http://www.mozilla.or.kr/ko/firefox/new/

firefox(mozilla) 웹 브라우저 실행

Nessus 설치 작업

Nessus 사이트 확인

http://www.nessus.org

http://www.tenable.com/products/nessus

Nessus 프로그램 다운로드

http://www.tenable.com/products/nessus/select-your-operating-system

Nessus Home

Nessus

Nessus Enterprise(On Premise)

    Nessus Enterprise(Cloud)

 

 

Nessus-5.2.7-x64.msi 파일을 다운로드 하고 설치 한다.

(windows 7 64bit OS )

 

20160411일 현재 : Nessus-6.5.6-x64.msi

 

다운로드 받은 파일(EX: Nessus-5.2.7-x86.msi)을 실행한다.

설치가 된 이후에 다음과 같은 웹 화면이 자동으로 뜬다.

http://localhost:8834/WelcomeToNessus-Install/welcome

 

https://localhost:8834/register/

 

ID/PASS: soldesk/soldesk1.

 

 

Activate Code 받기

Activation Code 받는 사이트

- http://www.tenable.com/products/nessus/nessus-plugins/obtain-an-activation-code

- 위의 사이트에서 Activation Code를 받는다.

 

 

자신의 받은 메일을 확인한다.

() Activate Code : 6F5A-B683-087C-42E7-0392

 

(이메일을 내용 예제)

Thank you for registering your Nessus scanner with Tenable. The Nessus Home subscription will keep your Nessus scanner up to date with the latest plugins for vulnerability scanning.

 

(Note: If you use Nessus in a professional capacity, you need a Nessus subscription.)

 

Your activation code for the Nessus Home is

82B0-4F41-8553-318F-A1A2

 

This is a one-time code. If you un-install and then re-install Nessus, you will need to register the scanner again and receive another Activation Code.

 

Activating your Nessus Home Subscription

Activate your subscription by entering the Activation Code using the procedures below:

 

After the initial installation of Nessus, the final process will load a local configuration page in your default web browser. This page will begin a brief process to set up the scanner including creating an account, registering the scanner with your activation code, specifying a proxy (optional), downloading the plugins, and initializing Nessus for use.

 

Please consult the Nessus 6 Installation guide located at http://www.tenable.com/products/nessus/documentation for more information on this setup process.

 

No Internet Access on your Nessus system?

If your Nessus installation cannot reach the Internet, you will need to follow an alternate procedure to get the URL and challenge code for downloading the latest plug-ins. You can find offline registration instructions at:

 

http://static.tenable.com/documentation/Nessus_Activation_Code_Installation.pdf

 

Need help or more information?

If you have any questions, visit the Nessus discussion forum at https://discussions.tenable.com/.

 

Activation Code를 넣고 나면 자동으로 plugin을 다운로드 받는 화면으로 변경된다.

 

Download plugin

 

Nessus Client ---> Nessus Server ---> Target System Check

(웹브라우저) (nessusd)

 

 

plugin 다운로드 완료 후 로그인한다.

 

ID/PASS : soldesk/soldesk1.

 

웹브라우저를 종료하고 네트워크 설정을 한 이후에 다시 웹브라우저를 통해 nessus 사용을 시도한다.

 

 

 

웹브라우저(nessus client) 실행 및 로그인

웹 브라우저 실행 안될때.

 

C:\>netstat -na | findstr 8834

C:\>services.msc -> tenable Nessus -> 시작 (데몬 기동)

 

 

 

취약점 테스트

 

Policies > (+) New Policy > Advanced Scan >

Scans > (+) New Scan > Advanced Scan

 

아래 3가지 테스트

 

 

(windows 7 Target System) 172.16.10.X

Windows Credentials : soldesk/soldesklove

 

(linux252 Target System) 172.16.9.252

SSH Setting : root/centos 리눅스 서버

 

(solaris254 Target System) 172.16.9.254

SSH Setting : root/knit  솔라리스 서버

 

New Policies(이름) ->Advanced Scan -> ID/Password -> Plugin(test항목)

Scan -> New Scan -> Windows7_2(직접만든) -> Name -> Targets (대역으로 지정할 수 없음, 172.16.6.209)

Windows7_2 -> Launch

 

 

 

 

 

 

 

 

 

분석 결과

WIndow7

Insecure Windows Service Permissions

Description
At least one Windows service executable with insecure permissions was detected on the remote host. Services configured to use an executable with weak permissions are vulnerable to privilege escalation attacks.
An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation.

This plugin checks if any of the following groups have permissions to modify executable files that are started by Windows services :

원격 사용자가 코드를 수행할 수 있어 취약하다.

 

Output

Path : c:\program files\ahnlab\v3lite30\asdsvc.exe
Used by services : V3 Service
File write allowed for groups : Authenticated Users

 

 

파일 출력 내용(취약점 분석)

nessus_6.3_command_line_reference.pdf

 

 

실습 종료후 tenable nessus 데몬을 중지시킨다(부하량)