UNIQUESEC TASK 3 | Nessus and Metasploitable 2: Vulnerability Analysis, Exploitation, and Security Solutions

In today’s digital age, the security of computer systems holds significant importance. As information technologies rapidly advance, cybersecurity experts employ advanced tools to detect and mitigate potential vulnerabilities. In this assignment, we will focus on prominent security tools such as Nessus and nmap, exploring how to scan a computer system, analyze identified vulnerabilities, and subsequently attempt to close these vulnerabilities.

While Nessus stands out for its powerful scanning capabilities in identifying potential risks within a system, Metasploit offers a broad range of options for exploiting these vulnerabilities. In this task, we will investigate how to exploit a vulnerability obtained by scanning the Metasploitable machine with credentials, exploring methods beyond Metasploit. We will delve into the origins of the chosen vulnerability, seeking to understand why it occurred, and then take the necessary steps to address and close the vulnerability.

Protecting a computer system involves not only identifying vulnerabilities but also closing them and taking precautions against future attacks. In this assignment, we will use Nessus to systematically follow this process step by step, gaining insights into how an effective defense strategy can be developed in the realm of cybersecurity.

Are you ready? Let’s embark on opening the doors to the world of security with Nessus.

Firstly, in this article, we will begin with the installation of Nessus and proceed to examine vulnerabilities by scanning.

You can download from this link: https://www.tenable.com/downloads/nessus?loginAttempted=true

After downloading our .deb extension file, we can initiate the installation with the following command.

sudo dpkg -i your_file.deb

Here are the outputs after running the command:

Subsequently, as you can see in the output, we need to start the Nessus service.

/bin/systemctl start nessusd.service

Now, when we navigate to the mentioned address, we encounter this page. Here, we accept and proceed.

Our next steps involve logging in and registering.

We proceed with the registration process.

We fill in the relevant sections.

We choose a username and password.

The processes are initiated.

Here is Nessus in front of us. If you can view this page, it means you have successfully completed the installation.

Now, we need the IP address of the Metasploitable machine in front of us for the scan we will perform in Nessus.

Once you have obtained the IP address, you can now configure the scanning settings in Nessus.

Now, let’s configure the session settings.

You can now start the scan; this process may take some time.

Yes, here you can see the vulnerabilities found after the scan is complete. It indicates that there are 86 vulnerabilities detected.

When we examine the identified vulnerabilities, we can see that they are listed as follows:

Here is the vulnerability we selected: “Bind Shell Backdoor Detection.”

By exploiting this vulnerability from our attacking computer, we can gain unauthorized access to the Metasploitable 2 device.

“Bind Shell Backdoor Detection” is the process of identifying a type of malicious software that infiltrates a computer system and creates a “bind shell.” Here are the characteristics of such a threat and the precautions to take when such an attack is detected:

What is Bind Shell?

Bind shell refers to the attacker adding a mechanism to listen for a connection on the target system and waiting for a user to connect to this port. This allows the attacker to gain remote access and execute commands on the system.

Indicators:

A bind shell backdoor typically creates a new connection port on the target system and starts listening on this port. This can be observed as significant activity in security event logs or network monitoring systems.

Detection Methods:

Bind shell detection can be performed through methods such as monitoring network traffic, listening on ports, anomaly detection systems, and analyzing security logs. Checking whether unexpected ports are open on the system is one way to identify such activity.

Preventive Measures:

1. Strong Network Security: Traffic related to bind shell can be monitored and blocked with measures such as network traffic monitoring and firewall configurations.
2. Security Software: Security software can detect bind shell backdoors by identifying malicious software signatures and performing behavioral analysis.
3. Up-to-Date Software: Keeping all software on the system up-to-date can assist in closing known security vulnerabilities.

Detecting and preventing such threats requires a robust security strategy and continuous monitoring. Regular security audits and updated software policies can make computer systems more resilient against these types of threats.

Now, let’s use nmap to check if this port is open. As you can see, we can observe that port 1524/tcp is open.

How do we close this vulnerability?

Closing this particular vulnerability is a process that varies depending on the nature of the vulnerability and the software in use. However, from a general perspective, you can attempt to close such a vulnerability by following the steps below:

Security Software Updates:

• If the vulnerability is related to a security software or operating system component, check for updates from your software provider and apply security patches. This can help address known security vulnerabilities.

Firewall Settings:

• If a specific port should not be open, you can block traffic to this port through firewall settings. This can be an effective way to restrict unwanted access.

Disabling Unnecessary Services:

• Disabling unnecessary services running on the system can reduce potential security vulnerabilities that attackers might exploit. This may involve shutting down unused ports and services.

Strong Authentication:

• Implementing strong authentication on the system is crucial to prevent unauthorized access. Strong passwords and, if necessary, multi-factor authentication should be used.

Open Source Exploitation Frameworks:

• By using open source exploitation frameworks or security testing tools, you can identify and expedite the closure of security vulnerabilities on the system.

Detailed Security Audits:

• If you wish to take further steps to close vulnerabilities, conducting a detailed security audit on the system is an option. This involves a deeper analysis and addressing potential vulnerabilities with customized solutions.

Since each situation is unique, it’s important to consult general security principles, software documentation, and recommendations from security communities to determine the best steps for closing a specific vulnerability.

Here, we established a connection with the TCP port 1524 on the IP address 192.168.1.121 using these commands. Subsequently, we attempted to close this port using the fuser command.

used fuser tool to close the ports

• -k = kill the process
• -n = process id

Now, if we perform an nmap scan and check the outputs, we should see that the port has disappeared.

To confirm once again, let’s perform a Nessus scan to see if the vulnerability has been resolved.

configure scan:

After making the adjustments, let’s initiate the Nessus scan.

Great! Now that the scan is complete, and you see that the number of vulnerabilities has decreased from 86 to 85, you can confirm that the vulnerability has been addressed and resolved :)

Thank you for reading up to this point.

You can reach my GitHub and LinkedIn accounts from here.

Linkedin: https://www.linkedin.com/in/ilkerylmaz/
Github: https://github.com/ilker-yilmaz

You can reach the UNIQUESEC accounts,

UNIQUESEC Öğrenci Kulübü

Website: https://uniquesec.org/

Linkedin: https://www.linkedin.com/company/uniquesec

Source: