Nessus Skills Assessment

You have been contracted by the company Inlanefreight to perform an internal vulnerability assessment against one of their servers. They have asked for a cursory assessment to be performed to identify any significant vulnerabilities as they do not have the budget for a full-scale penetration test this year. The results of this vulnerability assessment may enable the CISO to push for additional funding from the Board of Directors to perform more in-depth security testing.

The target server is a Windows Server host used as a development server.

Connecting to the remote Nessus Server

Nessus can be accessed at https:// < IP >:8834. The Nessus credentials are: htb-student:HTB_@cademy_student!. You may also use these credentials to SSH into the target VM to configure Nessus.

1. First step is to create a Basic Scan

1. Then setup the scan to be authenticated using the provided credentials

administrator:Academy_VA_adm1!

1. Once that is complete, simply run the scan, it will take about 60 minutes

Questions

Question 1: What is the name of one of the accessible SMB shares from the authenticated Windows scan? (One word)

1. Click on "Windows_Basic_authed"

2. Go to the Vulnerabilities tab and search for "SMB Shares"

1. Click on the vulnerability and in the output you will see a list of accessible shares when logged in as Administrator

Question 2: What was the target for the authenticated scan?

The target is the what the scanned was performed against

Question 3: What is the plugin ID of the highest criticality vulnerability for the Windows authenticated scan?

1. Click on the first critical vulnerability and on the title you will see the plugin ID

Question 4: What is the name of the vulnerability with plugin ID 26925 from the Windows authenticated scan? (Case sensitive)

1. Go to the scan results and filter the results with Plugin ID

1. Once filtered you will see only the results with the filtered criteria

2. Click on the vulnerability and on the title you will see the name