- VMWare Workstation Player
- Remote Desktop
- Windows Registry
- Nessus Scanner
- Windows 10 (version 22H2)
- Windows 10 VM
- Nessus Vulnerability Scanner Installed
- VMware Workstation Player Installed
1. Once the Nessus vulnerability scanner and Windows VM are installed, we can test the connectivity between our host computer and the VM since the Nessus scanner will be running on our host desktop and will need to connect to the virtualized environment. This can be accomplished by performing a ping-t scan from our desktop. The IP address of the VM can be identified by running ifconfig in the VM environment.
- In Nessus, we are going to create a new scan. Basic Network Scan < Settings. After naming the scan, the IP address of the VM can be placed under "Target". Then, click on "My Scans" and run the scan.
- Once the first scan is complete, the scan report can be reviewed by clicking on "Vulnerabilities".
4. The VM can now be configured to perform credentialed scans. Within the VM environment, turn off all firewalls.
- Next, the startup type for the remote registry can be set to "Automatic". Under "Advance Sharing Settings", click on "Turn on network discovery" and "Turn on file and printer sharing". Enabling a remote registry will allow the Nessus scanner to connect to and scan for vulnerabilities in the VM's remote registry.
6. We can now implement a key into the Registry called LocalAccountTokenFilterPolicy. The value of the key will be set to one.
7. Now we can configure Nessus to perform a credentialized scan against the VM. On the Nessus page that displays the conducted scans, click on the checkbox that next to the scan and click on more. Under the credentials tab, enter the username and password used on the Windows VM. Keep the rest of the default settings and save the scan. Now, we can run the scan.
8. After the scan is complete, click on the scanner history to compare the results between the uncredentialed and credentialized scan. The identified vulnerabilities and remediations are displayed within the scan results.
9. To make the VM more vulnerable, we are going to install an old version of Firefox before running the scan once more. Once Firefox is installed, rerun the previous scan.
10. After viewing the results of the scan and comparing the vulnerabilities found to the previous scans, we can now remediate some of the identified vulnerabilities. First, the Firefox program can be installed. Then, run Windows updates. Once the updates are complete, restart the VM.
11. Now the Nessus scanner can be run once more and compared to previous results. As we can see, there are less identified vulnerabilities within this last scan as compared to the previous scans.