- Computer with the Internet
- Free Azure Account - Possible to do with Free Subscription
- Sign up: Azure Free Account
- Login: Azure Portal
- Go to Azure Portal
- Navigate to the Marketplace and search for "OpenVAS secured and supported by HOSSTED"
- Choose the "Start with a pre-set configuration" option and select the weakest configuration.
- Click "Continue to Create VM"
- Configure the VM:
- Resource Group: Vulnerability-Management
- VM Name: OpenVAS (Take note of the region and Vnet–consider East US 2)
- Authentication: Username → azureuser / Cyberlab123!
- Monitoring: Disable Boot Diagnostic
- Click "Create" to create the VM.
- Once the VM is created, SSH into it using PowerShell (Windows) or Terminal (MacOS) with the provided credentials.
- Wait until the deployment of OpenVAS is complete.
- Go to Azure Portal
- Search for Virtual Machines and create a new Virtual Machine.
- Configure the VM:
- Resource Group: Vulnerability-Management
- VM Name: Win10-Vulnerable
- Region: Same as the OpenVAS VM (East US 2)
- Virtual Network: Same as OpenVAS
- Image: Windows 10 Pro
- Size: Any size with 2 vCPUs
- Username: azureuser / Cyberlab123!
- Networking: Same Vnet as OpenVAS
- Create the VM.
- Once the VM is created, ensure you can RDP into it with the provided credentials.
- After logging in, make the VM vulnerable:
- Disable the Windows Firewall
- Gather up some Old Software
- Install an Old Version of FireFox: Firefox Setup 97.0b5
- Install an Old Version of VLC Player: vlc-1.1.7-win32
- Install an Old Version of Adobe Reader: 10.0_AdbeRdr1000_en_US_1_
- Restart the VM.
- Login to OpenVAS and navigate to Assets > Hosts > New Host.
- Add the Client VM PRIVATE IP Address.
- Create a New Target from the Host, name it "Azure Vulnerable VMs".
- Take note of the credentials. We will add SMB credentials later.
- Create a new Task:
- Name & Comment: "Scan - Azure Vulnerable VMs"
- Scan Targets: "Azure Vulnerable VMs"
- Save the Task.
- Start the "Scan - Azure Vulnerable VMs" Task.
- Once the scan is finished, click the date under "Last Report" to see the results.
- Take note of the Tabs, especially the "Results" tab.
- Disable Windows Firewall.
- Disable User Account Control.
- Enable Remote Registry.
- Set Registry Key:
- Launch Registry Editor (regedit.exe) in "Run as administrator" mode.
- Navigate to HKEY_LOCAL_MACHINE hive.
- Open SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System key.
- Create a new DWORD (32-bit) value with the following properties:
- Name: LocalAccountTokenFilterPolicy
- Value: 1
- Close Registry Editor.
- Restart the VM.
- Go to Configuration > Credentials > New Credential.
- Name / Comment: "Azure VM Credentials".
- Allow Insecure Use: Yes.
- Username: azureuser.
- Password: Cyberlab123!
- Save.
- Go to Configuration > Targets > CLONE the Target we made before.
- NEW Name / Comment: "Azure Vulnerable VMs - Credentialed Scan".
- Ensure the Private IP is still accurate.
- Credentials > SMB > Select the Credentials we just made: Azure VM Credentials.
- Save.
- Within Greenbone / OpenVAS, go to Scans > Tasks.
- CLONE the "Scan - Azure Vulnerable VMs" Task and Edit it.
- Name / Comment: "Scan - Azure Vulnerable VMs - Credentialed".
- Targets: Azure Vulnerable VMs - Credentialed Scan.
- Save.
- Click the Play button to launch the new Credentialed Scan and wait for it to finish.
- Log back into your Win10-Vulnerable VM.
- Uninstall Adobe Reader, VLC Player, and Firefox.
- Restart the VM.
- Re-initiate the "Scan - Azure Vulnerable VMs - Credentialed" scan and observe the results.
- Note that there are no longer Vulnerabilities for FireFox, VLC Player, or Adobe Reader!