![](https://cc-connected.com/wp-content/themes/my-portfolio/assets/img/arrow-back.png)
THM: Nessus
![](https://cc-connected.com/wp-content/uploads/2022/08/THMnessus2.png)
Learn Basic Network and Web Application scanning with Nessus Essentials - free version of the vulnerability scanner.
DESCRIPTION:
TRYHACKME made familiarizing with NESSUS nice and easy with THIS free room with 5 tasks.
My impression is that the room authors' sentences are clear and explanations are easy to follow, you won't get much trouble with this room unless you don't allocate enough of SYSTEM RESOURCES to install Nessus. Yes, you have to install Nessus on your own machine and use OpenVPN configuration file provided with your THM account, not AttackBox nor subcription will help you with that.
So, the installation will take some time... You will probably want to move on something else in the meantime or sleep on it.
Read the instructions provided in the room, i will post here only tasks that need answers, screenshots that lead to answers and spoilers. These are tasks 3-5.
Not to ruin the party for interested, answers are hidden, so if interested, click on the question below and the answer will reveal itself. Let's go!
TASK 3: NAVIGATION AND SCANS
What is the name of the button which is used to launch a scan?
New Scan![Nessus01](https://cc-connected.com/wp-content/uploads/2021/12/001-001THM_Nessus002.jpg)
What side menu option allows us to create custom templates?
Policies![Nessus02](https://cc-connected.com/wp-content/uploads/2021/12/002.png)
What menu allows us to change plugin properties such as hiding them or changing their severity?
Plugin Rules![Nessus 03](https://cc-connected.com/wp-content/uploads/2021/12/003a.png)
![Nessus 04](https://cc-connected.com/wp-content/uploads/2021/12/003b.png)
In the 'Scan Templates' section after clicking on 'New Scan', what scan allows us to see simply what hosts are alive?
Host Discovery![Nessus 05](https://cc-connected.com/wp-content/uploads/2021/12/001-002.jpg)
One of the most useful scan types, which is considered to be 'suitable for any host'?
Basic Network ScanWhat scan allows you to 'Authenticate to hosts and enumerate missing updates'?
Credentialed Patch AuditWhat scan is specifically used for scanning Web Applications?
Web Application TestsTASK 4: SCANNING!
Create a new 'Basic Network Scan' targeting the deployed VM. What option can we set under 'BASIC' (on the left) to set a time for this scan to run? This can be very useful when network congestion is an issue.
Schedule![Nessus 05](https://cc-connected.com/wp-content/uploads/2021/12/004.png)
Under 'DISCOVERY' (on the left) set the 'Scan Type' to cover ports 1-65535. What is this type called?
Port scan (all ports)![Nessus 06](https://cc-connected.com/wp-content/uploads/2021/12/005.png)
What 'Scan Type' can we change to under 'ADVANCED' for lower bandwidth connection?
Scan low bandwidth links![Nessus 07](https://cc-connected.com/wp-content/uploads/2021/12/006.png)
After the scan completes, which 'Vulnerability' in the 'Port scanners' family can we view the details of to see the open ports on this host?
Nessus SYN scanner![Nessus 08](https://cc-connected.com/wp-content/uploads/2021/12/007-1.png)
![Nessus 09](https://cc-connected.com/wp-content/uploads/2021/12/007-3.png)
![Nessus 10](https://cc-connected.com/wp-content/uploads/2021/12/007-4.png)
What Apache HTTP Server Version is reported by Nessus?
2.4.99![Nessus 11](https://cc-connected.com/wp-content/uploads/2021/12/08-1.png)
![Nessus 12](https://cc-connected.com/wp-content/uploads/2021/12/08-2.png)
TASK 5: SCANNING A WEB APPLICATION!
What is the plugin id of the plugin that determines the HTTP server type and version?
10107![Nessus 13](https://cc-connected.com/wp-content/uploads/2021/12/09-1.png)
![Nessus 14](https://cc-connected.com/wp-content/uploads/2021/12/09-2.png)
![Nessus 15](https://cc-connected.com/wp-content/uploads/2021/12/09-3.png)
What authentication page is discovered by the scanner that transmits credentials in cleartext?
login.php![Nessus 16](https://cc-connected.com/wp-content/uploads/2021/12/10-1.png)
![Nessus 17](https://cc-connected.com/wp-content/uploads/2021/12/10-2.png)
What is the file extension of the config backup?
.bak![Nessus 18](https://cc-connected.com/wp-content/uploads/2021/12/11.png)
Which directory contains example documents? (This will be in a php directory)
/external/phpids/0.6/docs/examples/![Nessus 19](https://cc-connected.com/wp-content/uploads/2021/12/12.png)
What vulnerability is this application susceptible to that is associated with X-Frame-Options?
Clickjacking![Nessus 20](https://cc-connected.com/wp-content/uploads/2021/12/13.png)
OTHER FREE RESOURCES:
- PENETRATION TESTING STUDENT course on INE.com - with Nessus lab
- InfoSec Institute article "VULNERABILITY SCANNERS"
- OWASP article "VULNERABILITY SCANNING TOOLS"
- TryHackMe's DISCORD server
- Cyber Insecurity's YOUTUBE CHANNEL and DISCORD SERVER for cybersecurity focused discussions and ocassional giveaways (i won a THM 6-month subscription once during a live stream, thank you Cyber Insecurity! #raffle #choo-choo)