This is a Try Hack Me premium room so to access it you will need a subscription, if you don't have one go get one with my Referral Link
Task 1 - 6 Introduction
Read tasks 1 - 6 for an introduction to OpenVAS and instructions on setting it up.
As I already have a dedicated Kali VM running I went for the Install from Kali/OpenVAS repositories approach and use the Install from Kali/OpenVAS repositories guide, as of June 2023 it seems to just about work, I found some extra details on [Ceos3c - Install OpenVAS on Kali Linux] (https://www.ceos3c.com/security/install-openvas-kali-linux/).
Additional steps were
- create a user with
sudo runuser -u _gvm -- gvmd --create-user=admin --password=admin, more details on the Greenbone Forum.
- reboot, without this I was getting a strange permissions error on my home directory.
These issues were highlighted by running
- create a postgres user with
sudo runuser -u _postgres -- /usr/share/gvm/create-postgresql-database
- start redis with
sudo systemctl start firstname.lastname@example.org
With that I was able to login.
Task 7 - Practical Vulnerability Management
When did the scan start in Case 001?
Feb 28, 00:04:46
When did the scan end in Case 001?
Feb 28, 00:21:02
How many ports are open in Case 001?
How many total vulnerabilities were found in Case 001?
What is the highest severity vulnerability found? (MSxx-xxx)
What is the first affected OS to this vulnerability?
Microsoft Windows 10 x32/x64 Edition
What is the recommended vulnerability detection method?
Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability.