μ½˜ν…μΈ λ‘œ κ±΄λ„ˆλ›°κΈ°

Start Nessus on Linux – 2 Nessus Scanning πŸ•΅πŸ»β€β™‚οΈ

Nessus 취약점 μŠ€μΊλ„ˆ λ‹€μš΄λ‘œλ“œ 이후 취약점 μŠ€μΊλ‹ 방법을 κ³΅μœ ν•©λ‹ˆλ‹€.

! 주의

Scanning μ‹œλ„λŠ” ν—ˆκ°€λ˜μ§€ μ•Šμ€ μ‹œμŠ€ν…œμ—μ„œ μ§„ν–‰ν•˜λ©΄ μ•ˆλ˜λ©°,

Scan κ°„ νŠΈλž˜ν”½ λ°œμƒμ΄ κ°€λŠ₯ν•΄ 사전에 ν—ˆκ°€ 받은 μ‹œμŠ€ν…œ ν˜Ήμ€ 자체 μ‹œμŠ€ν…œμ—μ„œ 진행해야 ν•œλ‹€.

  • Nessus 둜그인

둜그인 -> νŽ˜μ΄μ§€ 우츑 상단 New Scan λ²„νŠΌ 클릭 (μ‹ κ·œ μŠ€μΊλ‹ κ·œμΉ™ 생성)

  • 탐지 κ·œμΉ™ 선택

New Scanμ—μ„œλŠ” μŠ€μΊλ‹ λŒ€μƒμ— λ”°λ₯Έ 취약점 μŠ€μΊλ‹μ΄ κ°€λŠ₯ν•˜λ©° 기본으둜 μ œκ³΅λ˜λŠ” 취약점 μŠ€μΊλ‹ ν…œν”Œλ¦Ώμ€ μ•„λž˜μ™€ κ°™λ‹€.

  • μŠ€μΊλ‹ ν…œν”Œλ¦Ώ
  1. Basic Network Scan
  2. Advanced Scan
  3. Advanced Dynamic Scan
  4. Malware Scan
  5. Web Application Tests
  6. Credentialed Patch Audit
  7. Intel AMT Security Bypass
  8. Spectre and Meltdown
  9. WannaCry Ransomware
  10. Ripple20 Remote Scan
  11. Zerologon Remote Scan
  12. Soloriagte
  13. ProxyLogon : MS Exchange
  14. PrintNightmare
  15. Active Directory Starter Scan
  16. Log4Shell
  17. Log4Shell Remote Checks
  18. Log4Shell Vulnerability Ecosystem
  19. 2021 Threat Landscape Retrospective (TLR)
  20. CISA Alerts AA22-011A and AA22-047A
  21. ContiLeaks
  22. Ransomware Ecosystem

λ‹€μ–‘ν•œ 취약점 μŠ€μΊλ‹ ν…œν”Œλ¦Ώμ„ ν™œμš©ν•˜μ—¬ μŠ€μΊλ‹ 진행이 κ°€λŠ₯ν•˜λ©° 각각의 ν…œν”Œλ¦Ώ λ‚΄ ν”ŒλŸ¬κ·ΈμΈμ„ μ„€μΉ˜ν•˜μ—¬ μƒμ„Έν•œ μŠ€μΊλ‹μ΄ κ°€λŠ₯ν•˜λ‹€.

  • Target 지정

ν•„μžλŠ” VMν™˜κ²½λ‚΄ Apache Serverλ₯Ό λ„μ›Œ 놓은 μƒνƒœλ‘œ Basic Network Scan ν…œν”Œλ¦Ώμ„ ν™œμš©ν•˜μ—¬ μŠ€μΊλ‹μ„ μ‹œλ„ν•˜μ˜€λ‹€.

Name, Description, Target IPλ₯Ό λ„£μ–΄μ£Όκ³  ν•„μš” μ‹œ λ³΄μ΄λŠ” μΆ”κ°€ 섀정을 ν™œμš©ν•΄ κ³ κΈ‰ μ„€μ •, ν”ŒλŸ¬κ·ΈμΈ ν™œμš© λ“±μ˜ μ‚¬μš©μ΄ κ°€λŠ₯ν•˜λ‹€.

섀정을 μ €μž₯ν•˜μ—¬ μŠ€μΊλ‹ μ€€λΉ„κ°€ 끝났닀. Launch (β–Ή) λ²„νŠΌμ„ ν΄λ¦­ν•˜μ—¬ μŠ€μΊλ‹μ„ μ‹œμž‘ν•˜μž.

  • Scanning

μŠ€μΊ” μ‹œμž‘

μŠ€μΊ” μ‹œμž‘ μ‹œ Attacker IP인 192.168.35.141 μ—μ„œ λ‹€μ–‘ν•œ 취약점 μŠ€μΊλ‹ μ‹œλ„κ°€ Victim (192.168.35.133) Apache VM Server μ„œλ²„μ˜ Apache log μ—μ„œ νƒμ§€λŠ” 것을 확인 ν•  수 μžˆλ‹€.

# tail - f /var/log/apache2/access.log

μŠ€μΊλ‹ 둜그 확인

  • Directory Listing Scan

  • Apache log4j Scan

이 밖에도 λ‹€μ–‘ν•œ μŠ€μΊλ‹ 곡격을 μ‹œλ„ν•˜μ—¬ μ„œλ²„ λ‚΄ 취약점이 μ‘΄μž¬ν•˜λŠ”μ§€ μ—¬λΆ€λ₯Ό μŠ€μΊ”ν•˜λŠ” 것을 확인할 수 μžˆλ‹€.

  • μŠ€μΊ” κ²°κ³Ό 확인

μŠ€μΊ”μ΄ λλ‚˜λ©΄ ν•΄λ‹Ή host둜 λ‚˜μ˜¨ λ³΄κ³ μ„œλ₯Ό ν΄λ¦­ν•˜μ—¬ μ·¨μ•½ν•œ ν•­λͺ©μ΄ μžˆλŠ”μ§€ ν™•μΈν•œλ‹€.

각각의 취약점 λͺ©λ‘μ„ μ„ νƒν•˜μ—¬ ν•΄λ‹Ή 취약점에 λŒ€ν•œ λ³΄κ³ μ„œλ₯Ό 확인할 수 μžˆλ‹€. ν•΄λ‹Ή μ•„νŒŒμΉ˜ μ„œλ²„λŠ” ν¬λ¦¬ν‹°μ»¬ν•œ 취약점이 λ°œκ²¬λ˜μ§€ μ•Šμ•˜μ§€λ§Œ λ§Œμ•½ ν¬λ¦¬ν‹°μ»¬ν•œ 취약점이 λ°œκ²¬λœλ‹€λ©΄ ν•΄λ‹Ή 취약점을 μ•…μš©ν•˜μ—¬ 곡격 μˆ˜ν–‰μ΄ κ°€λŠ₯ν•˜λ‹€.

  • 취약점 뢄석 λ³΄κ³ μ„œ

μŠ€μΊλ‹μ΄ μ •μƒμ μœΌλ‘œ μˆ˜ν–‰λ˜μ—ˆλ‹€.