420 likes | 747 Views
OpenVAS— the most popular(i.e. free) penetration test tool for computer security. Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo Zhang; Igibek Koishybayev;. EC521: Cybersecurity OpenVAS. Agenda. What we have done? How OpenVAS work? Mailbox Browser
E N D
OpenVAS—the most popular(i.e. free) penetration test tool for computer security Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo Zhang; Igibek Koishybayev; • EC521: Cybersecurity OpenVAS
Agenda • What we have done? • How OpenVAS work? • Mailbox • Browser • Web application with XSS vulnerabilities • What to do next… • EC521: Cybersecurity OpenVAS
What we have done? • We were divided into 4 parts and each in charge of web server, web application, mailbox, and web browser. • learning the basic protocols that running on the contemporary Internet(basic knowledge charging) • Research (a lot of reading): • OpenVAS – documentation • How to setup and run the OpenVAS • Understanding the vulnerability of Mailbox • Coding • Web Application • Writing scripts • EC521: Cybersecurity OpenVAS
What we have done?(con’t) • Build up the working environment • Kali linux OS(set up on virtual machine) • install openVAS in Kali linux • Find and study(then maybe audit) open source files to set up our targets(i.e. mailbox etc.) • Use openVAS to give initial test scan to these targets • Then figure out how we can utilize these vulnerability
DEMO - OpenVAS • EC521: Cybersecurity OpenVAS
OpenVAS • Source Packages Installation • NVT sync, Add admin/user • GSA: https://localhost:9392/
Target–Xampp/DVWA • EC521: Cybersecurity OpenVAS
xampp XAMPP's name is an acronym for: • X (to be read as "cross", meaning cross-platform) • Apache HTTP Server • MySQL • PHP • Perl • EC521: Cybersecurity OpenVAS
DVWA • Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. • EC521: Cybersecurity OpenVAS
Webmail Vulnerability • EC521: Cybersecurity OpenVAS
Webmail vulnerability Mail Server Set-Up Environment (Local) • OS : CentOS-6.5 • SMTP : Postfix-2.6 + Sasl • IMAP/POP3 : Dovecot-2.0 • Web : Apache-2.2 • Webmail : Openwebmail-2.30 (perl)/ Squirrelmail-1.4.22 (php) • EC521: Cybersecurity OpenVAS
Webmail vulnerability Postfix • Configure : main.cf • Enable Sasl : smtpd_sasl_auth_enable = yes Dovecot • Protocol = pop3(port: 110) imap(port: 143) • Netstat –tulpn | grep dovecot • EC521: Cybersecurity OpenVAS
Webmail vulnerability Openwebmail • http://www.openwebmail.org/ • Online Demo http://openwebmail.amcpl.net/ • Install openwebmail-2.30.tar.gz • EC521: Cybersecurity OpenVAS
OpenwebmailVulnerbilities • EC521: Cybersecurity OpenVAS
Openwebmail Ver. 2.30 • EC521: Cybersecurity OpenVAS
Webmail vulnerability Apache • Httpdconfig : /etc/httpd/conf/httpd.conf set directory • Serv. restart : /etc/init.d/httpd restart • localhost/cgi-bin/openwebmail/openwebmail.pl • EC521: Cybersecurity OpenVAS
First Try • EC521: Cybersecurity OpenVAS
Webmail vulnerability Next… • Keep digging vulnerabilities (Maybe elder ver.) • Patches & Penetration (Burpsuite) • Localhost =>LAN • EC521: Cybersecurity OpenVAS
DEMO: Web Application (Blackboard) Description: Blackboard is the web application used by students to post their homework solutions, which vulnerable to XSS and CSRF attack. • EC521: Cybersecurity OpenVAS
DEMO: Web Application (Blackboard) Story on behalf: You (hacker) don’t know solution to the homework and want to steal the solutions from others. Also you want to steal final exam questions from teacher in a such way that no one will find out that it was you. (i.e. like a ninja) • EC521: Cybersecurity OpenVAS
DEMO: Web Application (Blackboard) Mission: • Steal the solutions from “nerd”; • Make “badguy” to steal final exam q/a for you; • Be the smartest guy (ninja, hacker) in the class; • EC521: Cybersecurity OpenVAS
DEMO: Web Application (Blackboard) Wait a minute…where is OpenVAS??? We will make security assessment on our web application using OpenVAS. (in near future) • EC521: Cybersecurity OpenVAS
What to do next… • Write plugins • OpenVAS • Integrate everything • ModifythephpcodeinDVWA, dotheopenvasscanagain,comparethereport • Local => LAN; Penetration (Burpsuite) and Patches • EC521: Cybersecurity OpenVAS
Questions? • EC521: Cybersecurity OpenVAS