SecurityNguyen
Posts Tags About Categories
SecurityNguyen

Contents

How to Scan for Windows 10 Vulnerability using Nessus

Nguyen Nguyen included in Homelabs
   489 words   3 minutes 

The goal of this post:

  • Run a Nessus Scan on a Windows 10 Machine to find a vulnerability
  • Patch the vulnerability

Running a Nessus Scan on a Windows 10 Machine

We will start by booting up a Windows 10 machine. I configured it to be in the Tech subnet. /images1/image-496.webp

Side note: You can install a Windows 10 VM using this link: Download Windows 10 (https://www.microsoft.com/en-us/software-download/windows10)

Default password: Passw0rd!

Let’s run an ipconfig to see what the IP is.
/images1/image-489.webp /images1/image-498.webp

Let’s set up our Nessus scanner
/images1/image-499.webp

New Scan /images1/image-500.webp

Select “Basic Network Scan” /images1/image-501.webp

First, we’re going to make an uncredentialed scan and a credential scan to see the difference. /images1/image-502.webp

Target: 172.20.25.19 /images1/image-503.webp /images1/image-504.webp

Now, let’s launch the scan..

This is the result: /images1/image-505.webp

As we can see, we don’t have any critical vulnerabilities. So now, let’s set up a credential scan. But first, we must configure our windows for a credential scan to work.

Go to the search bar and search services. After that, look for a registry name: “Remote Registry”. Change the startup type to Automatic. Then, click the start and then click apply. This is what it should look like:

/images1/image-506.webp

Then go to the search bar and search for Advanced sharing setting

/images1/image-507.webp

Change it to:

/images1/image-508.webp

Remember to save changes. Then go to the search bar and search for “User account control settings.” /images1/image-509.webp

Turn it down. Then go to the search bar and type Registry editor /images1/image-510.webp

Navigate to: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

/images1/image-512.webp

Try to find LocalAccountTokenFilter Policy. No worries, you can create one if you don’t have it by right click -> New -> DWORD -> LocalAccountTokenFilterPolicy

/images1/image-513.webp

Click on the value to edit it. Make sure the value is set to 1. Then restart the VM.

/images1/image-514.webp

Now, we’re going to create a new scan. It’s the same process. However, make sure you go to the credential tab

/images1/image-515.webp

Then for the Username: IEUser

Password: Passw0rd!

Then click save and launch our scan.

/images1/image-516.webp

Once our scan is done, we will get something like this:

/images1/image-517.webp /images1/image-518.webp

Compared to our uncredentialed scan. That is a huge difference. /images1/image-519.webp

Now, let’s check out one of the vulnerabilities /images1/image-520.webp

It tells us the Microsoft patch version that patch which CVE. You can even find more information about the CVE in this section
/images1/image-521.webp

Then it offered us some solutions to patch the vulnerabilities /images1/image-522.webp

The next step is doing a Window Update on our VM and seeing how many vulnerabilities we could patch. /images1/image-523.webp

Let’s begin, shall we?

Now that our updates have been installed. Let’s rerun the scan.

Here is the old result: /images1/image-518.webp

Here is the new result: /images1/image-524.webp

As we can see, our critical vulnerabilities drop dramatically.

Summary: Remediation for vulnerabilities could be simply installing a windows update, closing a port you don’t want to be open, or removing a program with many vulnerabilities. Additionally, you should always test the patch before pushing it to a live server.

Anyways, folks, that is for this section and project. I had fun messing with Nessus and learning about vulnerability management.

Updated on 2022-12-19
 Vulnerability Management
Back | Home