OpenVAS
This is a Try Hack Me premium room so to access it you will need a subscription, if you don't have one go get one with my Referral Link
Task 1 - 6 Introduction
Read tasks 1 - 6 for an introduction to OpenVAS and instructions on setting it up.
As I already have a dedicated Kali VM running I went for the Install from Kali/OpenVAS repositories approach and use the Install from Kali/OpenVAS repositories guide, as of June 2023 it seems to just about work, I found some extra details on [Ceos3c - Install OpenVAS on Kali Linux] (https://www.ceos3c.com/security/install-openvas-kali-linux/).
Additional steps were
- create a user with
sudo runuser -u _gvm -- gvmd --create-user=admin --password=admin, more details on the Greenbone Forum. - reboot, without this I was getting a strange permissions error on my home directory.
These issues were highlighted by running sudo gvm-check-setup
- create a postgres user with
sudo runuser -u _postgres -- /usr/share/gvm/create-postgresql-database - start redis with
sudo systemctl start redis-server@openvas.service
With that I was able to login.
Task 7 - Practical Vulnerability Management
Question 1
When did the scan start in Case 001?
Answer
Feb 28, 00:04:46
Question 2
When did the scan end in Case 001?
Answer
Feb 28, 00:21:02
Question 3
How many ports are open in Case 001?
Answer
3
Question 4
How many total vulnerabilities were found in Case 001?
Answer
5
Question 5
What is the highest severity vulnerability found? (MSxx-xxx)
Answer
MS17-010
Question 6
What is the first affected OS to this vulnerability?
Answer
Microsoft Windows 10 x32/x64 Edition
Question 7
What is the recommended vulnerability detection method?
Answer
Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability.