openvas vulnerability test
DESCRIPTION
OpenVAS Vulnerability Test. Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo Zhang; Igibek Koishybayev;. EC521: Cybersecurity OpenVAS. Agenda. What we have done? How OpenVAS work? Mailbox Browser Web application with XSS vulnerabilities What to do next…. - PowerPoint PPT PresentationTRANSCRIPT
EC521: Cybersecurity OpenVAS
Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo Zhang;
Igibek Koishybayev;
1
OpenVAS Vulnerability Test
EC521: Cybersecurity OpenVAS
Agenda
• What we have done?• How OpenVAS work?• Mailbox• Browser• Web application with XSS vulnerabilities• What to do next…
2
EC521: Cybersecurity OpenVAS
What we have done?• We were divided into 4 parts and each in charge of
web server, web application, mailbox, and web browser.• learning the basic protocols that running on the
contemporary Internet(basic knowledge charging)• Research (a lot of reading): –OpenVAS – documentation–How to setup and run the OpenVAS–Understanding the vulnerability of Mailbox
• Coding–Web Application–Writing scripts
3
What we have done?
• Build up the working environment• Kali linux OS(set up on virtual machine)• install openVAS in Kali linux
• Find and study(then maybe audit) open source files to set up our targets(i.e. mailbox etc.)
• Use openVAS to give initial test scan to these targets
• Then figure out how we can utilize these vulnerability
4
EC521: Cybersecurity OpenVAS15
XAMPP's name is an acronym for:
• X (to be read as "cross", meaning cross-platform)• Apache HTTP Server• MySQL• PHP• Perl
xampp
DVWA
• Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
EC521: Cybersecurity OpenVAS16
EC521: Cybersecurity OpenVAS
Webmail vulnerability
Mail Server Set-Up Environment (Local)• OS : CentOS-6.5• SMTP : Postfix-2.6 + Sasl• IMAP/POP3 : Dovecot-2.0• Web : Apache-2.2• Webmail : Openwebmail-2.30 (perl)/
Squirrelmail-1.4.22 (php)
22
EC521: Cybersecurity OpenVAS
Webmail vulnerability
Postfix• Configure : main.cf• Enable Sasl : smtpd_sasl_auth_enable = yes
Dovecot• Protocol = pop3(port: 110)
imap(port: 143)• Netstat –tulpn | grep dovecot
23
EC521: Cybersecurity OpenVAS
Webmail vulnerability
Openwebmail • http://www.openwebmail.org/• Online Demo http://openwebmail.amcpl.net/
• Install openwebmail-2.30.tar.gz
24
EC521: Cybersecurity OpenVAS
Webmail vulnerability
Apache • Httpd config : /etc/httpd/conf/httpd.conf
set directory• Serv. restart : /etc/init.d/httpd restart
• localhost/cgi-bin/openwebmail/openwebmail.pl
27
EC521: Cybersecurity OpenVAS
Webmail vulnerability
Next…• Keep digging vulnerabilities (Maybe elder ver.)• Patches & Penetration (Burpsuite)• Localhost =>LAN
32
EC521: Cybersecurity OpenVAS
DEMO: Web Application (Blackboard)
Description: Blackboard is the web application used by students to post their homework solutions, which vulnerable to XSS and CSRF attack.
34
EC521: Cybersecurity OpenVAS
DEMO: Web Application (Blackboard)
Story on behalf: You (hacker) don’t know solution to the homework and want to steal the solutions from others. Also you want to steal final exam questions from teacher in a such way that no one will find out that it was you. (i.e. like a ninja)
35
EC521: Cybersecurity OpenVAS
DEMO: Web Application (Blackboard)
Mission: 1. Steal the solutions from “nerd”;2. Make “badguy” to steal final exam q/a for
you;3. Be the smartest guy (ninja, hacker) in the
class;
36
EC521: Cybersecurity OpenVAS
DEMO: Web Application (Blackboard)
Wait a minute…where is OpenVAS???
We will make security assessment on our web application using OpenVAS. (in near future)
37
EC521: Cybersecurity OpenVAS
What to do next…
• Write plugins– OpenVAS
• Integrate everything• Modify the php code in DVWA, do the openvas scan
again, compare the report • Local => LAN; Penetration (Burpsuite) and Patches
38