{"id":353,"date":"2024-03-02T04:14:42","date_gmt":"2024-03-02T04:14:42","guid":{"rendered":"https:\/\/hackmybox.com\/?p=353"},"modified":"2024-08-15T07:38:57","modified_gmt":"2024-08-15T07:38:57","slug":"vulnerability-management-labs","status":"publish","type":"post","link":"https:\/\/hackmybox.com\/index.php\/2024\/03\/02\/vulnerability-management-labs\/","title":{"rendered":"Vulnerability Management Labs Review"},"content":{"rendered":"\n<p><strong>Contents: <\/strong><\/p>\n\n\n\n<p><strong>Lab 1 : Setting up Metasploitable 2 &amp; Scanning Using Nmap<\/strong><\/p>\n\n\n\n<p><strong>Lab 2 : Vulnerability Scanning Using Nessus<\/strong><\/p>\n\n\n\n<p><strong>Lab 3: WPScan Vulnerability Scanner <\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-text-align-center\"><br><strong>Lab 1 : Setting up Metasploitable 2 &amp; Scanning Using Nmap<\/strong><\/p>\n\n\n\n<p>1. Download Metasploitable 2 <a href=\"https:\/\/sourceforge.net\/projects\/metasploitable\/\">Metasploitable download | SourceForge.net<\/a><\/p>\n\n\n\n<p>Metasploitable 2 is an intentionally vulnerable virtual machine created by security company Rapid7. It is designed to be a test environment and playground for ethical hackers.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"549\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-1.png\" alt=\"\" class=\"wp-image-355\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-1.png 975w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-1-300x169.png 300w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-1-768x432.png 768w\" sizes=\"auto, (max-width: 975px) 100vw, 975px\" \/><\/figure>\n\n\n\n<p>2.  Download Vmdk2Vhd \u2013 I had some issues running the vm on Microsoft Hyper V so I used this to convert vmdk to Vhd<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"525\" height=\"386\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-2.png\" alt=\"\" class=\"wp-image-356\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-2.png 525w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-2-300x221.png 300w\" sizes=\"auto, (max-width: 525px) 100vw, 525px\" \/><\/figure>\n\n\n\n<p> 3. Create VM &amp; connect VHD that we have recently converted<p class=\"MsoListParagraph\" style=\"text-indent:-.25in;mso-list:l0 level1 lfo1\"><span style=\"font-size:10.0pt;line-height:107%;font-family:&quot;Abadi&quot;,sans-serif;\nmso-fareast-font-family:Abadi;mso-bidi-font-family:Abadi\">1.<span style=\"font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-stretch: normal; font-size: 7pt; line-height: normal; font-family: &quot;Times New Roman&quot;;\">\u00a0\u00a0\u00a0\u00a0<\/span><\/span><\/p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"590\" height=\"447\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-5.png\" alt=\"\" class=\"wp-image-359\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-5.png 590w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-5-300x227.png 300w\" sizes=\"auto, (max-width: 590px) 100vw, 590px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"589\" height=\"438\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-6.png\" alt=\"\" class=\"wp-image-360\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-6.png 589w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-6-300x223.png 300w\" sizes=\"auto, (max-width: 589px) 100vw, 589px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>3. Add hardware \u2013 Legacy Network Adapter so it can be seen on the network.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"597\" height=\"573\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-3.png\" alt=\"\" class=\"wp-image-357\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-3.png 597w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-3-300x288.png 300w\" sizes=\"auto, (max-width: 597px) 100vw, 597px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"844\" height=\"670\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-7.png\" alt=\"\" class=\"wp-image-361\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-7.png 844w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-7-300x238.png 300w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-7-768x610.png 768w\" sizes=\"auto, (max-width: 844px) 100vw, 844px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>5. Run to the instruction on how to use Nmap to scan VM Metasploitable 2 <\/p>\n\n\n\n<p>5.1 How many TCP ports are OPEN on MS2? (Use the -sT flag in Nmap).<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"749\" height=\"712\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-8.png\" alt=\"\" class=\"wp-image-362\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-8.png 749w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-8-300x285.png 300w\" sizes=\"auto, (max-width: 749px) 100vw, 749px\" \/><\/figure>\n\n\n\n<p>5.2 How many UDP ports are OPEN on MS2? (Use the -sU flag in Nmap \u2013 this may take a while).<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"766\" height=\"412\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-9.png\" alt=\"\" class=\"wp-image-363\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-9.png 766w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-9-300x161.png 300w\" sizes=\"auto, (max-width: 766px) 100vw, 766px\" \/><\/figure>\n\n\n\n<p>5.3 What port is running a Metasploitable Root Shell? (Use the -sV flag in Nmap).<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"759\" height=\"700\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-10.png\" alt=\"\" class=\"wp-image-364\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-10.png 759w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-10-300x277.png 300w\" sizes=\"auto, (max-width: 759px) 100vw, 759px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Lab 2 : Vulnerability Scanning Using Nessus<\/strong><\/p>\n\n\n\n<p>1.Downlaod <a href=\"https:\/\/www.tenable.com\/products\/nessus\/nessus-essentials\">https:\/\/www.tenable.com\/products\/nessus\/nessus-essentials<\/a>&nbsp;and register for an activation code.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"791\" height=\"538\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-11.png\" alt=\"\" class=\"wp-image-373\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-11.png 791w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-11-300x204.png 300w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-11-768x522.png 768w\" sizes=\"auto, (max-width: 791px) 100vw, 791px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>2. Proceed with install , I installed on Microsoft Server 2022 for simplicity.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"781\" height=\"591\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-13.png\" alt=\"\" class=\"wp-image-375\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-13.png 781w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-13-300x227.png 300w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-13-768x581.png 768w\" sizes=\"auto, (max-width: 781px) 100vw, 781px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>3. Once completed access the Nessus at local port 8834 then register.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"425\" height=\"366\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-16.png\" alt=\"\" class=\"wp-image-378\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-16.png 425w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-16-300x258.png 300w\" sizes=\"auto, (max-width: 425px) 100vw, 425px\" \/><\/figure>\n\n\n\n<p>4. Activate with the provided code received in your email.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"358\" height=\"364\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-17.png\" alt=\"\" class=\"wp-image-379\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-17.png 358w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-17-295x300.png 295w\" sizes=\"auto, (max-width: 358px) 100vw, 358px\" \/><\/figure>\n\n\n\n<p>5. Once initialize, input the network to scan<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"761\" height=\"507\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-19.png\" alt=\"\" class=\"wp-image-381\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-19.png 761w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-19-300x200.png 300w\" sizes=\"auto, (max-width: 761px) 100vw, 761px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"749\" height=\"512\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-20.png\" alt=\"\" class=\"wp-image-382\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-20.png 749w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-20-300x205.png 300w\" sizes=\"auto, (max-width: 749px) 100vw, 749px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"801\" height=\"553\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-21.png\" alt=\"\" class=\"wp-image-383\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-21.png 801w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-21-300x207.png 300w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-21-768x530.png 768w\" sizes=\"auto, (max-width: 801px) 100vw, 801px\" \/><\/figure>\n\n\n\n<p>6. View scan results<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"808\" height=\"519\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-22.png\" alt=\"\" class=\"wp-image-384\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-22.png 808w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-22-300x193.png 300w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-22-768x493.png 768w\" sizes=\"auto, (max-width: 808px) 100vw, 808px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"741\" height=\"477\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-23.png\" alt=\"\" class=\"wp-image-385\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-23.png 741w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-23-300x193.png 300w\" sizes=\"auto, (max-width: 741px) 100vw, 741px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"715\" height=\"593\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-24.png\" alt=\"\" class=\"wp-image-386\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-24.png 715w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-24-300x249.png 300w\" sizes=\"auto, (max-width: 715px) 100vw, 715px\" \/><\/figure>\n\n\n\n<p>9. From the downloaded CSV, sort data by Risk (sample below with High Risk)<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"811\" height=\"178\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-25.png\" alt=\"\" class=\"wp-image-387\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-25.png 811w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-25-300x66.png 300w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-25-768x169.png 768w\" sizes=\"auto, (max-width: 811px) 100vw, 811px\" \/><\/figure>\n\n\n\n<p>10. Additional features included on Nessus Essentials . Enjoy!<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"688\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-26.png\" alt=\"\" class=\"wp-image-388\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-26.png 975w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-26-300x212.png 300w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-26-768x542.png 768w\" sizes=\"auto, (max-width: 975px) 100vw, 975px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Lab 3: WPScan Vulnerability Scanner<\/strong><\/p>\n\n\n\n<p>1.WPScan is already installed on Kali Linux. Below is a sample of running a scan on my blog. Some add-ins need to be updated for the results.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"564\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-27.png\" alt=\"\" class=\"wp-image-391\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-27.png 975w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-27-300x174.png 300w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-27-768x444.png 768w\" sizes=\"auto, (max-width: 975px) 100vw, 975px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"439\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-28.png\" alt=\"\" class=\"wp-image-392\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-28.png 969w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-28-300x136.png 300w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/03\/image-28-768x348.png 768w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Contents: Lab 1 : Setting up Metasploitable 2 &amp; Scanning Using Nmap Lab 2 : Vulnerability Scanning Using Nessus Lab 3: WPScan Vulnerability Scanner Lab 1 : Setting up Metasploitable 2 &amp; Scanning Using Nmap 1. Download Metasploitable 2 Metasploitable download | SourceForge.net Metasploitable 2 is an intentionally vulnerable virtual machine created by security company [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":795,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","site-transparent-header":"default","prose-style":"enable","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[12],"tags":[],"class_list":["post-353","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-labs"],"_links":{"self":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/comments?post=353"}],"version-history":[{"count":13,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/353\/revisions"}],"predecessor-version":[{"id":796,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/353\/revisions\/796"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/media\/795"}],"wp:attachment":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/media?parent=353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/categories?post=353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/tags?post=353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}