We will download the 68.0.3440.84 version for this project demonstration by clicking on it.
- After the download is completed, we will click on open file on the download.
- We will have to turn off auto update for Google Chrome.
- Go to the Windows Start Menu and search for "System Configuration".
- Click on Services and find "Google Update Service" > Uncheck both Google Update boxes > Apply then OK.
- We will restart the VM for service update to be apply.
- After restarting Chrome will not be able to perform any updates.
- After restarting we can check Google Chrome if it's can perform any updates.
- Open Google Chrome browser > Click on the three dots on the top right corner of Chrome > Help > About Google Chrome.
Downloading Outdated Version of 7-Zip On Windows VM
- We will use our browser and head to the 7-zip site to download outdated version of 7-zip.
- [7-zip.en.uptodown.com](https://7-zip.en.uptodown.com/windows/versions)
- We will download the 19.00 version for this project demonstration by clicking on it.
- After the download is completed, we will click on the downloaded file on bottom left of the browser.
- Install 7-Zip > Close
Downloading Outdated Version of Minecraft Server On Windows VM
Block4J is a malicious plugin for the popular game Minecraft that is designed to compromise players' accounts and steal their login credentials. It is considered malicious because it uses deceptive methods to trick players into entering their account information, which can lead to unauthorized access and potential harm to the players and their in-game assets.
Hence, we are downloading the Minecraft Server that is affected by Log4j, while simultaneously noting that over 50% of organizations leverage the Log4j library.
- We will use our browser and head to the mcversions site to download outdated version of Minecraft Server.
- [mcversion.net](https://mcversions.net/download/1.18.1)
- We will download the 1.18.1 Server version for this project demonstration by clicking on it.
- We will right click on the download .jar file and click on Show in folder.
- Inside the folder: right click server.jar > 7-Zip > Extract Here.
- Three new files will be extracted.
- We will extract one more time by: Clicking on META-INF > versions > 1.18.1 .
- Inside the folder: right click on "server-1.18.1.jar" > 7-Zip > Extract Here.
- The folder will extract into 4640 items.
We have successfully installed three vulnerable software into our Windows VM. We will use Advanced Nessus Scan next for scanning the new vulnerable softwares.
Installing Vulnerable Software on the Windows VM
We will install vulnerable software on the Windows VM to conduct additional tests using our Nessus scanner.
The vulnerable software that we will download are: outdated versions of Google Chrome Browser, 7-Zip, and Minecraft Server.
Downloading Outdated Google Chrome On Windows VM
- After the download is completed, we will click on open file on the download.
- We will have to turn off auto update for Google Chrome. - Go to the Windows Start Menu and search for "System Configuration".
- Click on Services and find "Google Update Service" > Uncheck both Google Update boxes > Apply then OK.
- We will restart the VM for service update to be apply. - After restarting Chrome will not be able to perform any updates.
- After restarting we can check Google Chrome if it's can perform any updates. - Open Google Chrome browser > Click on the three dots on the top right corner of Chrome > Help > About Google Chrome.
Downloading Outdated Version of 7-Zip On Windows VM
- We will use our browser and head to the 7-zip site to download outdated version of 7-zip. - [7-zip.en.uptodown.com](https://7-zip.en.uptodown.com/windows/versions) - We will download the 19.00 version for this project demonstration by clicking on it.- After the download is completed, we will click on the downloaded file on bottom left of the browser.
- Install 7-Zip > Close
Downloading Outdated Version of Minecraft Server On Windows VM
Block4J is a malicious plugin for the popular game Minecraft that is designed to compromise players' accounts and steal their login credentials. It is considered malicious because it uses deceptive methods to trick players into entering their account information, which can lead to unauthorized access and potential harm to the players and their in-game assets. Hence, we are downloading the Minecraft Server that is affected by Log4j, while simultaneously noting that over 50% of organizations leverage the Log4j library. - We will use our browser and head to the mcversions site to download outdated version of Minecraft Server. - [mcversion.net](https://mcversions.net/download/1.18.1) - We will download the 1.18.1 Server version for this project demonstration by clicking on it.- We will right click on the download .jar file and click on Show in folder.
- Inside the folder: right click server.jar > 7-Zip > Extract Here.
- Three new files will be extracted.
- We will extract one more time by: Clicking on META-INF > versions > 1.18.1 . - Inside the folder: right click on "server-1.18.1.jar" > 7-Zip > Extract Here.
- The folder will extract into 4640 items.
We have successfully installed three vulnerable software into our Windows VM. We will use Advanced Nessus Scan next for scanning the new vulnerable softwares.