If you want to learn how to hack, one of the first things you have to learn is how to penetrate networks. You can’t hack anything remotely without being able to hack the target’s network. Learning how to use OpenVAS 9.0 is a great place to start.
This is part four of a four-part tutorial covering OpenVAS 9.0.
Custom Scan Configuration for Printers
Creating the Custom Scan Config
Edit the Scan Config to Locate NVTs Example
Excluding Printers From Scan Example
Enabling “Exclude Printers From Scan” Example
Create a New Scan Task Example
For all scans so far, you’ve only used the default scan configurations such as host discovery, system discovery and Full and Fast. But what if you don’t want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities?
In this case, we can create our own custom scan configuration and select only the NVTs that we want to test for. Please note that this is totally optional and not recommended to create your own scanning configurations in most cases.
The “Full and Fast” and the “Full and Fast Ultimate” are both fast and intelligent. These types of scans do not test SMB vulnerabilities on FTP ports while slow scans might test every single NVT on every single port.
In the next section, you will create a custom scan configuration that will only test for vulnerabilities present on printer devices.
In this section, we will create a custom scanning configuration to test enterprise printers and multifunctional (MFP) for vulnerabilities. The reason we’re going to create a custom scan configuration is that printers are commonly overlooked targets when it comes to security and vulnerabilities.
Successfully exploiting vulnerabilities on these devices cannot only allow an attacker to get access to sensitive data but also to gain a beachhead on the network. Many enterprise printers also authenticate against the company’s domain controller using Lightweight Directory Access Protocol (LDAP).
In most cases, it is unlikely that devices authenticate with an administrator account but it might provide attackers with access to a domain account.
When targeting printers, it is important to optimize the scanning configuration as much as possible and only scan for NVTs that target printers. Many printers have a fragile network stack and cannot handle large scanning loads which might even crash the target.
We will exclude NVTs that don’t have anything to do with printers such as NVTs targeting equipment from specific manufacturers or NVTs that target local vulnerabilities.