The OpenVAS reports used are created from rooms on TryHackMe, machines used are credited to their respective owners.
Case 001: MS00-What?
In this scenario, you are assigned to a routine vulnerability management pipeline as a SOC analyst. Your automated pipeline has already pulled a scan on the server, it is up to you to analyze and identify risk in this report.
Answer the questions below
When did the scan start in Case 001?
How to: Download the file for this task, open it to reveal the report. In the report you will see Host Summary, in this section you will see a column marked Start, under this is the answer you can copy and paste it in the answer box of THM.
Answer: Feb 28, 00:04:46When did the scan end in Case 001?
How to: This answer is directly to the right of the previous answer. Copy and paste over in the answer box on THM.
Answer: Feb 28, 00:21:02
How many ports are open in Case 001?
How to: Scroll down to the next section you will see Port Summary, count the number of port numbers you see in this section. Put the number you counted over into the THM answer box.
Answer: 3
How many total vulnerabilities were found in Case 001?
How to: Right above Port Summary you will see number of results, the number in this row is the answer. Write it over in the THM answer box.
Answer: 5
What is the highest severity vulnerability found? (MSxx-xxx)
How to: Scroll down to the Security Issues section, in the first vulnerability look into the summary. The answer is at the end of this first summary, copy and paste it over in the THM answer box.
Answer: MS17-010
What is the first affected OS to this vulnerability?
How to: Staying in the Security Issues Section, scroll down till you see the chart title Affected Software/OS . In this section highlight the first OS up until you reach the next OS (the next OS starts with the same thing as the one you are highlighting). Now copy and paste over in the THM answer box.
Answer: Microsoft Windows 10 x32/x64 Edition
What is the recommended vulnerability detection method?
How to: Still staying in the Security Issues Section, scroll down till you reach the Vulnerability Detection Method. Now highlight and copy the entire first line, paste it over in THM answer box.
Answer: Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability.
No comments:
Post a Comment