Pen Testing
Following on from the previous post (A Windows SysAdmin installs and uses OpenVAS – End to end guide – Simple Beginnings) in this post we’ll be using PowerShell, OpenVAS and the OMP (Open Management Protocol from Greenbone) to create a Target (a machine/device) to conduct some Pen Testing against, create a Task to scan the target and then generate a report.
The final step is quite possibly the most important though; it’s worth pointing out (hopefully the obvious) that you could have the most amazing Pen Testing software package on the planet but unless you then absorb the reports and take action to Mitigate/Resolve/Eliminate the risks identified it’s all just a horrible waste of CPU cycles.
A quick note – this guide is shown as only a small example of how you can get started with OpenVAS, stay tuned for more in depth guides!
Getting Ready
In this first stage we will download the OMP client for Windows (from http://docs.greenbone.net/GSM-Manual/gos-4/en/tools.html#omp), get it into the right place on our computer as well as create a omp.config file (you can download an example from below) which will provide settings and credentials to the OMP client.
Example OMP File (hosted on GitHub – https://gist.github.com/jamesfed/4ed9be7de2adb83d1d442cc06ea1dbeb).
In addition to follow through with this guide you should download the .ps1 file below which contains the PowerShell code for the steps shown in the screenshots.
OpenVAS-Simple-Example.ps1 (hosted on GitHub – https://gist.github.com/jamesfed/6a5c6634abc12c180f125e25c2764d1f).
Creating a Target
Creating and kicking off a Task
Exporting the Report
Reading the Report
There’s more!
To discover more about the omp.exe tool take a look here – http://docs.greenbone.net/GSM-Manual/gos-4/en/omp.html#access-with-omp.
In the next post of this series I’ll be covering how we can take these simple beginnings and start to build something more in depth through OMP and PowerShell.
This guide covers one (of I’m sure a 1,000) ways to deploy and use OpenVAS 9 in your environment on Ubuntu Server 16.04 for the purpose of White Hat Penetration Testing, more so it’s also written from the viewpoint of a SysAdmin who mainly works with Windows Systems (Windows Server/Hyper-V/PowerShell/suchlike) and so takes a very simplistic approach to the setup.
The goals of this project are to
- Install Ubuntu Server 16.04 LTS on Hyper-V
- Deploy OpenVAS to that server
- Execute scripted commands against OpenVAS from a remote system
- Light up with a big warning sign all of the unknown issues within a network
Lets get started!
To start out you will need
- A Hyper-V host (although no reason not to run it on VMWare/whatnot)
- The latest ISO for Ubuntu Server 16.04 LTS saved somewhere your Hyper-V server can get to
- Download from – https://www.ubuntu.com/download/server
- Worth noting that only the 16.04 LTS release is going to work with this guide, when I first tried getting OpenVAS to work with 17.04 (a newer release) there were various blocking issues that I could not overcome. In short – use 16.04!!!
Step 0 – Get DNS in the right place
Configuring DNS correctly in particular with relation to Reverse Lookup will help your OpenVAS deployment loads, for a good guide on how to setup Reverse Lookup take a look at this link – http://de.community.dell.com/techcenter/os-applications/w/wiki/684.how-to-configure-dns-reverse-lookup-zone-in-windows-server-2012 (don’t worry about the de. its in English!).
Step 1 – Configure a Hyper-V VM for OpenVAS
In this next step we configure a Hyper-V VM running on Windows Hyper-V Server 2016 (which is free by the way!).
Step 2 – Install Ubuntu Server
Next up the install of Ubuntu Linux, as I understand OpenVAS can be installed on all kinds of flavours of Linux however the support I’ve seen in the past around Ubuntu seems much better than other options. This portion of the guide assumes you are not running your OpenVAS server on a network that’s got DHCP enabled (in this example it’s on our Servers VLAN).
Step 3 – First Boot
Next up we have some housekeeping for Ubuntu, making sure it’s up to date and getting OpenSSH server running so we can move to using something like PuTTY (download from – https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) to manage the server.
For this portion of the guide you will need the following lines of script-
sudo apt-get update
sudo apt-get upgradesudo apt-get install openssh-server
sudo reboot
Step 4 – Install OpenVAS
Here comes the good bit! The initial installation of OpenVAS and downloading of the lists of vulnerabilities.
For this portion of the guide you will need the following lines of script-
Step 5 – Change the default password!!!
Now that OpenVAS is running it’ll be using the default username/password combination of admin/admin, how brilliant is that!
Step 6 – Allow API Access
For the last step in this guide we will set it so that the port for API Access to OpenVAS is enabled on every boot of the machine.
sudo nano /etc/rc.local
sudo openvasmd -p 9390 -a 0.0.0.0
sudo /etc/rc.local
Next up….
So that’s things setup, in the next guide (hopefully following in a day or two) we will be using the API to create a list of victims to test against and generate reports for a ‘list of things to do’.