«
Expand/Collapse
34 items tagged "nessus"
Related tags:
download reports [+],
xmlrpc [+],
net [+],
BackTrack [+],
disclosure [+],
whitepaper [+],
tar [+],
ruby library [+],
ruby [+],
library [+],
android [+],
metasploit [+],
credential [+],
bridge [+],
txt [+],
scapy [+],
scanning tools [+],
scanning [+],
nessusd [+],
cross site scripting [+],
Tools [+],
Pentesting [+],
Final [+],
xd [+],
wintab [+],
web [+],
vulnerability assessment [+],
vulnerability [+],
vulnerabilities [+],
video [+],
version [+],
usa [+],
updating [+],
telnet environment [+],
telnet [+],
telecharge [+],
systemx [+],
solution [+],
software version [+],
sleep 2 [+],
renaud deraison [+],
quot quot [+],
quot [+],
project authors [+],
project [+],
problema [+],
pre [+],
openvas [+],
old software [+],
nesus [+],
nessus project [+],
kind [+],
hey guys [+],
hey [+],
generales [+],
ernest [+],
dll [+],
disperato [+],
dei [+],
day [+],
cxd [+],
cvss base [+],
cmss [+],
che [+],
c solution [+],
bugtraq [+],
bt4 [+],
browser default [+],
authors [+],
arbitrary code execution [+],
Wireless [+],
Software [+],
Related [+],
Newbie [+],
NON [+],
Issues [+],
Discussions [+],
Angolo [+],
tar gz [+]
-
-
8:27
»
Packet Storm Security Recent Files
Whitepaper called Using Metasploit With Nessus Bridge On Ubuntu. The author discusses using the autopwn feature in Metasploit, running Nessus from within Metasploit, choices of databases to use, and the benefits of each.
-
8:27
»
Packet Storm Security Misc. Files
Whitepaper called Using Metasploit With Nessus Bridge On Ubuntu. The author discusses using the autopwn feature in Metasploit, running Nessus from within Metasploit, choices of databases to use, and the benefits of each.
-
-
8:51
»
remote-exploit & backtrack
I am busy testing a system and Nessus reports that it is possible to exploit it and from the Nessus output it seems like Nessus was successful, see below. However, I cannot find any information anywhere on how to manually produce this vulnerability. Do not confuse it with the horde of other telnet vulnerabilities out there.
I thought it would be as simple is some of the old telnet environment variable vulnerabilities e.g. telnet -l '-fbin' systemx.com but it does not seem to work, any ideas?
Kerberos telnet Crafted Username Remote Authentication Bypass
Synopsis:
It is possible to log into the remote system using telnet without supplying any credentials
Description:
The remote version of kerberos telnet does not sanitize the user-supplied 'USER' environement variable. By supplying a specially malformed USER environment variable, an attacker may force the remote telnet server to believe that the user has already authenticated.
Risk factor:
High
CVSS Base Score:7.6
CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
Solution:
Apply the patch below or contact your vendor for a patch :
Plugin output:
It was possible to log in and execute "id" : ];root@systemx:~ [root@systemx ~]# uid=
Plugin ID:
24998
CVE:
CVE-2007-0956
BID:
23281
Other references:
OSVDB:34106
-
-
12:58
»
remote-exploit & backtrack
Salve ho grossi problemi con Nessus 4.2 la versione home.
Il problema è che riesco a scansionare i bug della mia rete quindi del mio ip, ma se voglio scansionare un'altro ip, o dominio che sia non riesco a farlo...
Cioè fà la scansione con completed ma esce come se non ci fosse riuscito...
Sto settando policies da non sò quanto tempo senza risultato apparte che se metto nei Preference :
seleziono l'opzione ping the remote host
Make the dead hosts appar in the reaport.
Alla fine della scansione mi esce il relativo dominio, ip che sia con un bug low che specifica esattamente quell'opzione...
Che cosa sbaglio? che devo configurare? Vi prego aiutatemi sono DISPERATO!!!
Uso windows xp e l'ho installato su di esso (anche se uso backtrack 4 pre-final ma non sono riuscito a metterci la chiave lì e l'ho installato su windows xp)
-
-
13:00
»
Packet Storm Security Misc. Files
Net::Nessus::XMLRPC is Perl interface for communication with the Nessus scanner over XMLRPC. It lets you start, stop, pause, and resume scans. It can display the progress and status of scans, download reports, etc.
-
13:00
»
Packet Storm Security Recent Files
Net::Nessus::XMLRPC is Perl interface for communication with the Nessus scanner over XMLRPC. It lets you start, stop, pause, and resume scans. It can display the progress and status of scans, download reports, etc.
-
-
20:00
»
Packet Storm Security Misc. Files
Net::Nessus::XMLRPC is Perl interface for communication with the Nessus scanner over XMLRPC. It lets you start, stop, pause, and resume scans. It can display the progress and status of scans, download reports, etc.
-
20:00
»
Packet Storm Security Recent Files
Net::Nessus::XMLRPC is Perl interface for communication with the Nessus scanner over XMLRPC. It lets you start, stop, pause, and resume scans. It can display the progress and status of scans, download reports, etc.
-
-
18:01
»
Packet Storm Security Misc. Files
Net::Nessus::XMLRPC is Perl interface for communication with the Nessus scanner over XMLRPC. It lets you start, stop, pause, and resume scans. It can display the progress and status of scans, download reports, etc.
-
18:00
»
Packet Storm Security Recent Files
Net::Nessus::XMLRPC is Perl interface for communication with the Nessus scanner over XMLRPC. It lets you start, stop, pause, and resume scans. It can display the progress and status of scans, download reports, etc.
-
-
19:44
»
remote-exploit & backtrack
Could anyone send me Nessus version 3.2.1 for linux(bt4) if they have it or a link somewhere to download it? The web based version is very glitchy in my opinion and prefer the old software version that you could install, but have been looking on the web and have not been able to find a place to download it.
-
-
16:32
»
Packet Storm Security Misc. Files
Net::Nessus::XMLRPC is Perl interface for communication with the Nessus scanner over XMLRPC. It lets you start, stop, pause, and resume scans. It can display the progress and status of scans, download reports, etc.
-
16:31
»
Packet Storm Security Recent Files
Net::Nessus::XMLRPC is Perl interface for communication with the Nessus scanner over XMLRPC. It lets you start, stop, pause, and resume scans. It can display the progress and status of scans, download reports, etc.
-
-
0:57
»
remote-exploit & backtrack
Hey guys, I was wondering if someone could tell me if Nessus is really required to run the tools in Backtrack. Aircrack tools specifically...thanks!
-
-
15:00
»
Packet Storm Security Tools
nessus-xmlrpc is a Ruby library for the Nessus XML-RPC interface. It comes with an example command line program that shows how easy it is to interact with the Nessus scanner.
-
15:00
»
Packet Storm Security Recent Files
nessus-xmlrpc is a Ruby library for the Nessus XML-RPC interface. It comes with an example command line program that shows how easy it is to interact with the Nessus scanner.
-
-
13:00
»
Packet Storm Security Tools
nessus-xmlrpc is a Ruby library for the Nessus XML-RPC interface. It comes with an example command line program that shows how easy it is to interact with the Nessus scanner.
-
13:00
»
Packet Storm Security Recent Files
nessus-xmlrpc is a Ruby library for the Nessus XML-RPC interface. It comes with an example command line program that shows how easy it is to interact with the Nessus scanner.
-
-
8:42
»
remote-exploit & backtrack
Bonjour a tous,
alors voila j'ai un probleme j'ai telecharge la machine virtuelle de Backtrack 4 pour VMware sur le site.
ensuite pour l'installation de Nessus 4.X, dans les tuto ils demandent et font reference a "rpm2tgz" seulement je ne l'ai pas. j"ai cherche partout pour l"installer moi-meme aucune solution trouvee.
Merci de votre aide
a bientot
-
-
7:12
»
remote-exploit & backtrack
Hi all,
i was getting tired of manually updating software by hand so i made this update script...
you may need to customize it here and there for your needs.
Please let me know what you think about it or have more to add to it.
Quote:
#!/bin/sh
#
# Avoid using root's TMPDIR
unset TMPDIR
Nessusplugins() {
read -p "Update Nessus Daemon? <y/n> "
if [ "$REPLY" = "y" ];then
echo ---------------------------------------------
echo Nessus Plugins
echo
KIND="Nessus Server"
echo -n $"Shutting down $KIND: "
test -f /opt/nessus/var/nessus/nessus-service.pid && kill `cat /opt/nessus/var/nessus/nessus-service.pid`
RETVAL=$?
sleep 4
if [ "$RETVAL" == "0" ]; then
rm -f /var/lock/subsys/nessusd
echo services stopped successfully
else
echo services were not running...
fi
echo
echo -n "Updating $KIND plugins: "
/opt/nessus/sbin/nessus-update-plugins
echo $KIND plugins updated successfully
echo -n $"Starting $KIND services: "
/opt/nessus/sbin/nessus-service -D -a 127.0.0.1 --ipv4-only
echo $KIND services started...
echo
echo ---------------------------------------------
sleep 2
else
cancel
fi
}
Openvasplugins() {
read -p "Update Openvas Daemon? <y/n> "
if [ "$REPLY" = "y" ];then
echo ---------------------------------------------
echo Openvas Plugins
echo
KIND="Openvas"
echo -n $"Shutting down $KIND services: "
test -f /opt/openvas/var/openvas/openvas-service.pid && kill `cat /opt/openvas/var/openvas/openvas-service.pid`
RETVAL=$?
sleep 4
if [ "$RETVAL" == "0" ]; then
rm -f /var/lock/subsys/openvasd
echo services stopped successfully
else
echo services were not running...
fi
echo -n "Updating $Kind plugins: "
/opt/openvas/sbin/openvas-nvt-sync
echo $Kind plugins updated successfully
echo -n $"Starting $KIND services: "
/opt/openvas/sbin/openvasd -D -a 127.0.0.1 -p 1242
echo $KIND services started...
RETVAL=0
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/openvasd
return $RETVAL
return 0
echo
echo ---------------------------------------------
sleep 2
else
cancel
fi
}
Saint() {
echo ---------------------------------------------
echo Saint Exploit
echo
KIND="Saint Exploit"
echo -n "Updating $Kind plugins: "
cd /opt/saint-7.2/
saint -VV
echo $Kind plugins updated successfully
echo
echo ---------------------------------------------
sleep 2
}
Nikto() {
echo ---------------------------------------------
echo Nikto
echo
KIND="Nikto"
echo -n "Updating $KIND plugins: "
nikto.pl -update
echo $KIND plugins updated successfully
echo
echo ---------------------------------------------
sleep 2
}
Amap() {
echo ---------------------------------------------
echo
echo Amap
echo
KIND="Amap"
echo Current version:
amap | grep amap | cut -d" " -f2,1 | tr ['Syntax: amap is /u r loc l b'] ' '
echo -n "Updating $KIND plugins: "
amap -W
echo $KIND plugins updated successfully
echo
echo ---------------------------------------------
sleep 2
}
Sqlmap() {
echo ---------------------------------------------
echo
echo Sqlmap
echo
KIND="Sqlmap"
echo -n "Updating $KIND plugins: "
python /pentest/database/sqlmap/sqlmap.py --update
echo $KIND plugins updated successfully
echo
echo ---------------------------------------------
sleep 2
}
Aircrackng() {
echo ---------------------------------------------
echo Aircrack-NG
echo
KIND="Aircrack-NG"
echo Current version:
echo
aircrack-ng | grep Aircrack-ng | cut -d"T" -f0,1 | tr ['tom'] ' '
echo
echo -n "Updating $KIND: "
echo
cd /pentest/wireless/
update-aircrack.sh
airodump-ng-oui-update
echo $KIND plugins updated successfully
echo
echo ---------------------------------------------
sleep 2
}
Rkhunter() {
echo ---------------------------------------------
echo Rootkit Hunter
echo
KIND="Rootkit Hunter"
echo Current version:
echo
rkhunter -V | grep Rootkit | cut -d"C" -f1,0 | tr [','] ' '
echo
echo -n "Updating $KIND database: "
rkhunter --update
echo $KIND plugins updated successfully
echo
echo ---------------------------------------------
sleep 2
}
Metasploit2() {
echo ---------------------------------------------
echo Framework Metasploit 2
echo
KIND="Metasploit 2"
echo Current version:
echo
cd /pentest/exploits/framework2
msfconsole -v
msfcli -v
echo -n "Updating $KIND plugins: "
cd /pentest/exploits/framework2/
svn update
echo $KIND plugins updated successfully
echo
echo ---------------------------------------------
sleep 2
}
Metasploit3() {
echo ---------------------------------------------
echo Framework Metasploit 3
echo
KIND="Metasploit 3"
echo Current version:
cd /pentest/exploits/framework3
msfconsole -v
echo
echo -n "Updating $KIND plugins: "
cd /pentest/exploits/framework3/
svn update
echo $KIND plugins updated successfully
echo
echo ---------------------------------------------
sleep 2
}
Milworm() {
echo ---------------------------------------------
echo Milw0rm Exploits
echo
KIND="Milworm exploits"
echo -n "Updating $KIND plugins: "
echo
cd /pentest/exploits/
update-milw0rm
echo $KIND plugins updated successfully
echo
echo ---------------------------------------------
sleep 2
}
Exploitdb() {
echo ---------------------------------------------
echo The Exploit Database
echo
KIND="The Exploit Database"
echo -n "Updating $KIND plugins: "
echo
cd /pentest/exploits/
svn co svn://devel.offensive-security.com/exploitdb
echo $KIND plugins updated successfully
echo
echo ---------------------------------------------
sleep 2
}
Pirana() {
echo ---------------------------------------------
echo Pirana Exploits "metasploit database"
echo
KIND="Pirana exploits"
echo Current version:
echo
cd /pentest/fuzzers/pirana/framework-2.5/
msfconsole -v
msfcli -v
echo -n "Updating $KIND: "
echo
svn update
echo $KIND plugins updated successfully
echo
echo ---------------------------------------------
sleep 2
}
all() {
Nessusplugins
Openvasplugins
Saint
Nikto
Amap
Sqlmap
Aircrackng
Rkhunter
Metasploit2
Metasploit3
Milworm
Exploitdb
Pirana
}
case "$1" in
Nessus)
Nessusplugins
;;
Openvas)
Openvasplugins
;;
Saint)
Saint
;;
Nikto)
Nikto
;;
Amap)
Amap
;;
Sqlmap)
Sqlmap
;;
Aircrackng)
Aircrackng
;;
Rkhunter)
Rkhunter
;;
Metasploit2)
Metasploit2
;;
Metasploit3)
Metasploit3
;;
Milworm)
Milworm
;;
Exploitdb)
Exploitdb
;;
Pirana)
Pirana
;;
all)
all
;; *)
echo "Usage: rc.updates {Nessus|Openvas|Saint|Nikto|Amap|Sqlmap|Aircrackng |Rkhunter|Metasploit2|Metasploit3|Milworm|Exploitd b|Pirana|all)"
exit 1
esac
exit $?
|
-
-
2:39
»
remote-exploit & backtrack
Hi
I've used Nessus off and on but never in ernest. I am now considering buying the plugin feed.
I've recently started to check out backtrack and noticed that it came with OpenVAS which is said to be a fork of Nessus.
Does anyone have any opinion on Nesus vs OpenVAS?
Thanks in advance.
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution
