TryHackMe: Nessus
This is a write up for the Scanning! and Scanning a Web Applicaiton! tasks of the Nessus room on TryHackMe. Some tasks have been omitted as they do not require an answer.
Scanning!Permalink
Create a new ‘Basic Network Scan’ targeting the deployed VM. What option can we set under ‘BASIC’ (on the left) to set a time for this scan to run? This can be very useful when network congestion is an issue.Permalink
Answer: Schedule
Under ‘DISCOVERY’ (on the left) set the ‘Scan Type’ to cover ports 1-65535. What is this type called?Permalink
Answer: Port scan (all ports)
What ‘Scan Type’ can we change to under ‘ADVANCED’ for lower bandwidth connection?Permalink
Answer: Scan low bandwidth links
After the scan completes, which ‘Vulnerability’ in the ‘Port scanners’ family can we view the details of to see the open ports on this host?Permalink
Answer: Nessus SYN scanner
What Apache HTTP Server Version is reported by Nessus?Permalink
Answer: 2.4.99
Scanning a Web Application!Permalink
What is the plugin id of the plugin that determines the HTTP server type and version?Permalink
Answer: 10107
What authentication page is discovered by the scanner that transmits credentials in cleartext?Permalink
Answer: login.php
What is the file extension of the config backup?Permalink
Answer: .bak
Which directory contains example documents? (This will be in a php directory)Permalink
Answer: /external/phpids/0.6/docs/examples/
What vulnerability is this application susceptible to that is associated with X-Frame-Options?Permalink
Answer: Clickjacking
RecapPermalink
In this task we learnt how to:
- Use Nessus to conduct a Basic Network Scan
- Use Nessus to conduct Web Application Tests