TryHackMe: OpenVAS

This is a write up for the Practical Vulnerability Management task of the OpenVAS room on TryHackMe. Some tasks have been omitted as they do not require an answer.

---

When did the scan start in Case 001?

Answer: Feb 28, 00:04:46

When did the scan end in Case 001?

Answer: Feb 28, 00:21:02

How many ports are open in Case 001?

Answer: 3

How many total vulnerabilities were found in Case 001?

Answer: 5

What is the highest severity vulnerability found? (MSxx-xxx)

Answer: MS17-010

What is the first affected OS to this vulnerability?

Answer: Microsoft Windows 10 x32/x64 Edition

What is the recommended vulnerability detection method?

Answer: Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability.

Recap

In this task we learnt how to:

• Use OpenVAS to scan infrastructure
• Analyse and interpret OpenVAS reports