Vulnerability Assessment Lab

Welcome to the Vulnerability Assessment Lab

In this interactive lab, you'll learn how to conduct a thorough vulnerability assessment using industry-standard tools and methodologies. Follow the steps below to discover, analyze, and remediate security vulnerabilities in a simulated environment.

1

Configure

Set up scan parameters and target systems

2

Scan

Execute vulnerability scans and monitor progress

3

Analyze

Review scan results and prioritize vulnerabilities

4

Remediate

Implement fixes and verify remediation

Start Lab

Scan Configuration

Configure your vulnerability scan parameters below. These settings will determine the scope, depth, and methods used during the assessment.

Target Selection

Target IP Address / Range

Target Hostname (optional)

Exclude IP Addresses (optional)

Scan Options

Scan Type

Scan Intensity

Port Range

Authentication

Enable Authenticated Scanning

Use credentials during scanning (provides more accurate results)

Authentication Type

Username

Password

Vulnerability Checks

Select Vulnerability Categories

Operating System

Network Services

Web Applications

Databases

Malware Detection

Misconfigurations

Compliance Checks

Schedule

Scan Schedule

Vulnerability Scan in Progress

68%

Scanning target 192.168.1.0/24 - 113 of 165 hosts completed

[10:45:32] Initiating scan on target network 192.168.1.0/24

[10:45:45] Performing host discovery...

[10:46:12] Found 165 live hosts on network

[10:46:20] Starting port scanning on host 192.168.1.1

[10:46:47] Found 8 open ports on host 192.168.1.1

[10:47:03] Identified service: SSH on port 22

[10:47:10] Identified service: HTTP on port 80

[10:47:15] Identified service: HTTPS on port 443

[10:47:32] Running vulnerability checks on host 192.168.1.1

[10:48:17] Found vulnerability: OpenSSH < 7.7 Username Enumeration (CVE-2018-15473)

[10:48:42] Found vulnerability: SSL Certificate Expired

[10:49:12] Moving to next host 192.168.1.2...

[10:49:55] Starting port scanning on host 192.168.1.2

[10:50:23] Found 5 open ports on host 192.168.1.2

[10:50:46] Running vulnerability checks on host 192.168.1.2

[10:51:18] Found critical vulnerability: SMB v1 Enabled (MS17-010)

[10:51:54] Found vulnerability: Outdated Apache Version 2.4.34

[10:52:10] Moving to next host...

[11:23:45] Scanning host 192.168.1.113...

Vulnerability Scan Results

Scan completed on target 192.168.1.0/24. Below are the vulnerabilities discovered during the assessment.

3

Critical

8

High

15

Medium

23

Low

Vulnerability	Host	Severity	Category	Status
EternalBlue SMBv1 Vulnerability MS17-010	192.168.1.24	Critical	Network Services	Open
Outdated OpenSSL with Heartbleed CVE-2014-0160	192.168.1.15	Critical	Network Services	Open
Apache Struts Remote Code Execution CVE-2017-5638	192.168.1.42	Critical	Web Applications	Open
SQL Injection in Web Application CWE-89	192.168.1.38	High	Web Applications	Open
Outdated Wordpress Version --	192.168.1.56	High	Web Applications	In Progress
Default Credentials on Admin Panel --	192.168.1.11	High	Misconfigurations	Open
Cross-Site Scripting (XSS) CWE-79	192.168.1.38	Medium	Web Applications	Open
SSL Certificate Expired --	192.168.1.15	Medium	Network Services	Fixed

1

2

3

4

EternalBlue SMBv1 Vulnerability

MS17-010 / CVE-2017-0144

Critical

Host: 192.168.1.24

Category: Network Services

Discovered: May 1, 2025

Status: Open

Description

The SMBv1 protocol in Microsoft Windows contains a remote code execution vulnerability that allows attackers to execute arbitrary code on the target system by sending specially crafted messages to the SMBv1 server. This vulnerability is particularly dangerous as it can be exploited without any user interaction and has been used in major ransomware attacks such as WannaCry.

The vulnerability exists in the way SMBv1 handles certain types of requests. A successful attack could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights on the affected system.

Affected System

The vulnerable system is running Windows Server 2008 R2 with SMBv1 protocol enabled. The system has not been patched with Microsoft security patch MS17-010.

Host: 192.168.1.24 OS: Windows Server 2008 R2 Standard Service Pack: Service Pack 1 SMB Version: SMBv1 Enabled Patch Status: Missing MS17-010 security update Open Ports: 445/tcp (SMB), 139/tcp (NetBIOS)

Evidence

The vulnerability was confirmed by checking the SMB protocol version and testing for the specific vulnerability signature:

$ nmap -p 445 --script smb-vuln-ms17-010 192.168.1.24 Starting Nmap 7.92 ( https://nmap.org ) Nmap scan report for 192.168.1.24 Host is up (0.0053s latency). PORT STATE SERVICE 445/tcp open microsoft-ds Host script results: | smb-vuln-ms17-010: | VULNERABLE: | Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) | State: VULNERABLE | IDs: CVE:CVE-2017-0144 | Risk factor: HIGH | A critical remote code execution vulnerability exists in Microsoft SMBv1 | servers (ms17-010). | | Disclosure date: 2017-03-14 | References: | https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ | https://technet.microsoft.com/en-us/library/security/ms17-010.aspx |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144

Impact

This is a critical severity vulnerability with the following potential impacts:

Remote code execution on the affected system
Full system compromise and data breach
Potential lateral movement within the network
Potential ransomware deployment (as seen in WannaCry)
Business disruption and data loss

Remediation

The following steps should be taken to remediate this vulnerability:

Apply Security Patch: Install the Microsoft security update MS17-010 as soon as possible.
Disable SMBv1: Disable the SMBv1 protocol on all Windows systems and use SMBv2 or SMBv3 instead.
# To disable SMBv1 via PowerShell: Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol # Or via registry: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force
Block SMB Ports: Block inbound SMB traffic (TCP ports 139 and 445) at the perimeter firewall.
Network Segmentation: Implement proper network segmentation to limit the impact of potential compromises.
Apply Group Policy: Use Group Policy to enforce SMBv1 disablement across the organization.

References

Vulnerability Remediation

Track and manage the remediation progress for discovered vulnerabilities.

Remediation Progress

35%

17 of 49 vulnerabilities remediated

Vulnerability	Severity	Status	Assigned To	Deadline
EternalBlue SMBv1 Vulnerability MS17-010	Critical	In Progress	Server Team	May 3, 2025
Outdated OpenSSL with Heartbleed CVE-2014-0160	Critical	In Progress	Network Team	May 3, 2025
SSL Certificate Expired --	Medium	Fixed	Security Team	Apr 30, 2025