Skip to content

ashwinp17/openvas-vulnerability-assessment

Repository files navigation

Vulnerability Assessment with OpenVAS

Project Overview

Performed an authenticated vulnerability assessment against an intentionally vulnerable Metasploitable 2 target using Greenbone/OpenVAS in an isolated Oracle VirtualBox cybersecurity lab.

The scan identified a large number of vulnerabilities across exposed network services, outdated applications, weak remote-access configurations, and possible backdoors.

All testing was performed against an intentionally vulnerable target in a controlled and authorized lab environment.

Lab Environment

  • Virtualization platform: Oracle VirtualBox
  • Firewall/router: pfSense
  • Scanning system: Kali Linux
  • Vulnerability scanner: Greenbone/OpenVAS
  • Target: Metasploitable 2
  • Target IP address: 192.168.2.200

Objectives

  • Configure and operate Greenbone/OpenVAS
  • Create a vulnerability-scanning target
  • Perform a vulnerability assessment against Metasploitable 2
  • Review findings by severity
  • Analyze critical vulnerabilities and affected services
  • Document security impact and recommended remediation
  • Generate and preserve a professional scan report

Scan Summary

The OpenVAS scan selected 69 findings from 631 raw results.

Severity Findings
Critical 13
High 11
Medium 39
Low 6
Total 69

Key Findings

Finding Port Severity Security Impact
Possible Ingreslock backdoor 1524/tcp Critical — CVSS 10.0 Returned uid=0(root) gid=0(root), demonstrating unauthenticated root-level command execution
rlogin passwordless root access 513/tcp Critical — CVSS 10.0 Allowed complete control of the target without a password
TWiki command execution and XSS vulnerabilities 80/tcp Critical — CVSS 10.0 Could permit arbitrary script or command execution
vsftpd compromised-package backdoor 21/tcp Critical — CVSS 9.8 Could permit arbitrary command execution through a backdoored FTP package
Apache Tomcat AJP Ghostcat vulnerability 8009/tcp Critical — CVSS 9.8 Allowed unauthorized reading of protected application files
DistCC remote code execution 3632/tcp Critical — CVSS 9.3 Allowed unauthorized operating-system command execution as the daemon account
Weak VNC password 5900/tcp Critical — CVSS 9.0 The scanner successfully connected using the password password

Most Significant Finding

Ingreslock Backdoor — Root-Level Command Execution

Greenbone/OpenVAS identified a possible Ingreslock backdoor on TCP port 1524.

The service responded to an id command with:

uid=0(root) gid=0(root)

About

Vulnerability assessment of an intentionally vulnerable target using OpenVAS in an isolated cybersecurity lab.

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors