OpenVAS Vulnerability Test

EC521: Cybersecurity OpenVAS

Team Members: Yingchao Zhu; Chen Qian; Xingyu Wu; XuZhuo Zhang;

Igibek Koishybayev;

1

OpenVAS Vulnerability Test


Agenda

• What we have done?• How OpenVAS work?• Mailbox• Browser• Web application with XSS vulnerabilities• What to do next…

2


What we have done?• We were divided into 4 parts and each in charge of

web server, web application, mailbox, and web browser.• learning the basic protocols that running on the

contemporary Internet(basic knowledge charging)• Research (a lot of reading): –OpenVAS – documentation–How to setup and run the OpenVAS–Understanding the vulnerability of Mailbox

• Coding–Web Application–Writing scripts

3

What we have done?

• Build up the working environment• Kali linux OS(set up on virtual machine)• install openVAS in Kali linux

• Find and study(then maybe audit) open source files to set up our targets(i.e. mailbox etc.)

• Use openVAS to give initial test scan to these targets

• Then figure out how we can utilize these vulnerability

4


DEMO - OpenVAS

5

OpenVAS

• Source Packages Installation

• NVT sync, Add admin/user• GSA: https://localhost:9392/

EC521: Cybersecurity OpenVAS8







Target – Xampp/DVWA


XAMPP's name is an acronym for:

• X (to be read as "cross", meaning cross-platform)• Apache HTTP Server• MySQL• PHP• Perl

xampp

DVWA

• Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.







Webmail Vulnerability


Webmail vulnerability

Mail Server Set-Up Environment (Local)• OS : CentOS-6.5• SMTP : Postfix-2.6 + Sasl• IMAP/POP3 : Dovecot-2.0• Web : Apache-2.2• Webmail : Openwebmail-2.30 (perl)/

Squirrelmail-1.4.22 (php)

22



Postfix• Configure : main.cf• Enable Sasl : smtpd_sasl_auth_enable = yes

Dovecot• Protocol = pop3(port: 110)

imap(port: 143)• Netstat –tulpn | grep dovecot

23



Openwebmail • http://www.openwebmail.org/• Online Demo http://openwebmail.amcpl.net/

• Install openwebmail-2.30.tar.gz

24

http://www.openwebmail.org/

http://openwebmail.amcpl.net/


Openwebmail Vulnerbilities

25


Openwebmail Ver. 2.30

26



Apache • Httpd config : /etc/httpd/conf/httpd.conf

set directory• Serv. restart : /etc/init.d/httpd restart

• localhost/cgi-bin/openwebmail/openwebmail.pl

27





First Try



Next…• Keep digging vulnerabilities (Maybe elder ver.)• Patches & Penetration (Burpsuite)• Localhost =>LAN

32


Web Application (Blackboard)


DEMO: Web Application (Blackboard)

Description: Blackboard is the web application used by students to post their homework solutions, which vulnerable to XSS and CSRF attack.

34



Story on behalf: You (hacker) don’t know solution to the homework and want to steal the solutions from others. Also you want to steal final exam questions from teacher in a such way that no one will find out that it was you. (i.e. like a ninja)

35



Mission: 1. Steal the solutions from “nerd”;2. Make “badguy” to steal final exam q/a for

you;3. Be the smartest guy (ninja, hacker) in the

class;

36



Wait a minute…where is OpenVAS???

We will make security assessment on our web application using OpenVAS. (in near future)

37


What to do next…

• Write plugins– OpenVAS

• Integrate everything• Modify the php code in DVWA, do the openvas scan

again, compare the report • Local => LAN; Penetration (Burpsuite) and Patches

38


Questions?

39

Documents

OpenVAS Vulnerability Test