NTS330

Lab-M04-02: Vulnerability
Scanning
NOVEMBER 16, 2017
BY: LIVIA NGUYEN, MARK LAROCQUE, VIRGIL WYLIE
Contents

Summary ......................................................................................................................................... 2

Target Information ...................................................................................................................... 2

Nessus Web Application Scan ........................................................................................................ 3

Custom Scan Policy ........................................................................................................................ 5

Check ........................................................................................................................................... 5
Uncheck....................................................................................................................................... 5
MyPolicy Scan ................................................................................................................................ 8

Scan Analysis ................................................................................................................................ 10

Summary

Nessus is used to perform vulnerability scan on the Window XP target host for

vulnerabilities. The scan was performed to identify potential vulnerabilities in the system. The

default scan gives a simple list of information and the time is faster. Creating policy and applied

it to the scan will allow a more accurate report for potential vulnerability and reduce the time that

it takes to run the scan by check and uncheck unnecessary scan on something that is not

needed. The scan result and report will be analyzed to find false positives or any potential

vulnerability that the system might not be able to scan due to certain reason.

Target Information
IP Address: 10.31.104.14

OS: Windows 2000|XP| 2003

MAC Address: 00:50:56:B9:01:9F

Nessus Web Application Scan

The scan result on target with the IP address 10.31.104.10 Windows XP system, show that there

is five potential vulnerability. Port 23, 135, 139, 445, 3389 is open on the targets system. The

following port is telnet, eqmap, smb, cifs, msrdp and it is vulnerable to an attacker because it

could be used to access the system. Telnet protocol allows user to establish a connection to TCP

port 23. Port 135 is the Remote Procedure Call (RPC) port, which is used in client/server

applications. The SMB port, which is essentially the Session Message Packet. Common Internet

File Service (CIFS) port is used by windows system for file sharing.
Custom Scan Policy

Check consider unscanned port as close to making sure that we are only scanning the target that

we want. Override automatic firewall detection and use aggression detection will allow us to

bypass firewall and continue with the scanned without having to stop. Checking stop after on

flaw is found per parameter make the scan to make sure that at least one flaw is found within one

perimeter to speed up the time and at the same time running vulnerability scan on multiple

parameters and cover a certain range of area. Make sure to uncheck allow users to edit scan

result to avoid modification of scan result.

Check
Ports- Consider unscanned ports as closed

Network Port Scanners - Override automatic firewall detection Use aggressive detection

Application Test Settings - Try all HTTP methods

Stop after one flaw is found per web server > Stop after one flaw is found per parameter

Uncheck
Allow users to edit scan results
MyPolicy Scan

Running the scan again by using the MyPolicy template speed up the time that it takes to

perform the same scan and cover a certain area within the scan in the scan report.
Scan Analysis

There are no items that I suspect are false positives because the scan only present information on

the open port on the system. The reason why I believe that there are no false positives items is

that the vulnerability scan result show similar open port to the initial port scan using nmap and

the systems information that present during the scan is accurate to the information that was

gathered by doing a port scan. I believe that there are vulnerabilities on the system that the

vulnerability scanner didnt find because there are services and different application that the

system does not pick up and the scan result only show information on the system and general

open ports information. Every system has some sort of service running, but nothing was

displayed after the scan result.