Project 14: InsightVM (15 pts)

What You Need

Purpose

Practice using InsightVM (formerly Nexpose), Rapid7's enterprise vulnerability management solution.

Adding Resources

Like AlienVault, this product is a resource hog. Give your VM as much CPU and RAM as you can. I tried a server with 1 processor core and 4 GB of RAM, and it was very slow at the scanning, so I increased it to 4 processor cores and 12 GB of RAM.

Installing the File Server Role

We need a network service to scan, so we'll make the Windows server a file server.

On your Windows Server 2016 desktop, click Start. Click "Server Manager".

Click "Add Roles and Features".

Click Next.

In the "Select installation type" box, accept the default selection of "Role-based or feature-nased installation" and click Next.

In the "Select destunation server" box, accept the default selection and click Next.

In the "Select server roles" box, expand the "File and Storage Services" section. Expand the "File and iSCSI Services" section. Click "File Server", as shown below.

Click Next.

In the "Select features" box, click Next.

In the "Confirm installation selections" box, click Install.

Downloading InsightVM

In a Web browser, go to

https://www.rapid7.com/try-now

In the "InsightVM" section, click the "Free Trial" button, as shown below.

On the next page, fill in the form and click Submit, as shown below.

On the next page, download the Windows 64-Bit version, as shown below.

Installing Nexpose

On your Windows Server 2016 machine, run the installer. It still calls itself "Nexpose"; apparently the re-branding to the name "InightVM" is not complete yet.

It may complain that it wants more disk space or RAM, but you can bypass those complaints.

You'll have to make an account, as shown below. I recommend a username of student and a password of P@ssw0rd

The last screen tells you how to connect to the product, and warns you that it may take 30 minutes to finish setup, as shown below.

Restart your server, when you are prompted to.

Log in again.

Task Manager will show the "nexserv" process consuming all available CPU, as shown below.

When the CPU usage falls to a low value, the installation is complete. It took about 20 minutes when I did it.

Activating Nexpose

On your Windows machine, in a Web browser, go to

https://localhost:3780

Accept the self-signed certificate and log in with your credentials, which are probably student and P@ssw0rd

I never got a product key from the previous form I filled out. I had to fill this one out also:

https://www.rapid7.com/info/nexpose-community/

After that, I got a product key in my email.

Enter your key into the product and activate it.

Using Nexpose

Once Nexpose is activated, you see the screen below.

Click "Create a Site".

A help box appears. Close it.

In the next page, enter a Name of

YOURNAME_Site
as shown below.

In the top bar, click ASSETS.

A help box appears. Close it.

In the "Assets" box, enter

127.0.0.1
as shown below.

In the top bar, click AUTHENTICATION.

Enter these values:

In the "Test Credentials" line, on the right side, click the arrow.

Enter these values:

Click the "TEST CREDENTIALS" button. You should see a green bar saying "Authentication succeeded", as shown below.

In the top bar, click TEMPLATES.

Accept the default selection of "Full audit without Web Spider", as shown below.

In the top bar, click ENGINES.

Accept the default selection of "Local scan engine", as shown below.

At the top right, click the "SAVE & SCAN" button.

A box pops up, asking "Are you sure...". Click the "SAVE & SCAN" button.

A page appears showing the progress of the scan, as shown below. It refreshes every few seconds.

Checking Task Manager shows that the scan doesn't consume much CPU, but it hogs up all available RAM, as shown below.

After waiting 7 minutes, I stopped the scan to add more RAM to my virtual machine.

I am using a Mac with 4 cores and 16 GB of RAM. I gave the VM 3 cores and 12 GB of RAM.

The scan completed in 10 minutes, as shown below. Wait for yours to complete, even if it takes longer.

Viewing Vunerabilities

On the left side, click Vulnerabilities. as shown below.

A list of vulnerabilities appears, as shown below.

Find the SMB2 vulnerability name, covered by a green box in the image below. Enter it in the form below to record your success.


Recording Your Success (15 pts.)

Use the form below to record your score in Canvas.

If you don't have a Canvas account, see the instructions here.

Name or Email:
Vulnerability:

References

Creating your First Vulnerability Scan: Nexpose Starter Tips


Posted 11-5-18