Sweet Moses Nessus!
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Sweet Moses Nessus!

  1. #1
    Senior Member
    Join Date
    Sep 2003
    Posts
    500

    Sweet Moses Nessus!

    If you use any *nix OS and you want to secure your system, use nessus. The program more or less hacks the F*** out of your computer with whatever you want it to (it has just about every method of hacking available to test with). Just log on to a virtual server that it creates on your system, choose what you want to throw at yourself, and start the scan. Depending on what all you select it might take a while. Then it gives you this very nice output with plenty of info on everything and you can save it all in a log file of your format choosing (html, txt, etc...). It is like nmap on crack! Get it now:

    http://www.nessus.org/nessus_2_0.html

  2. #2
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852

    Re: Sweet Moses Nessus!

    Originally posted here by Lansing_Banda
    If you use any *nix OS and you want to secure your system, use nessus. The program more or less hacks the F*** out of your computer with whatever you want it to (it has just about every method of hacking available to test with). Just log on to a virtual server that it creates on your system, choose what you want to throw at yourself, and start the scan. Depending on what all you select it might take a while. Then it gives you this very nice output with plenty of info on everything and you can save it all in a log file of your format choosing (html, txt, etc...). It is like nmap on crack! Get it now:

    Very true indeed....

    And even if you don't have a Linux system up and running available for you to use, you are not out of luck... Go and download the Knoppix Security Tools Distribution available at http://www.knoppix-std.org... Burn the downloaed ISO to CD, then you'll have a CD-bootable Linux distro that you can plug into any machine and boot to a working Linux distro - complete with Nessus setup and ready to go for you, along with a slew of other security tools...

  3. #3
    Member
    Join Date
    Sep 2002
    Posts
    74
    the problem is if you are using it to attempt to hack a system it basically says "we are attacking the **** out of you"

  4. #4
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    Originally posted here by wassup
    the problem is if you are using it to attempt to hack a system it basically says "we are attacking the **** out of you"

    Well, crackers shouldn't be using Nessus at crack, hack, or attack systems in the first place. Network administrators with the authority and permission should be the users (in a corporate environment) of Nessus for vulnerability testing. That way, results such as a DoS that might happen to the servers that are being tested can be expected and the red flag won't be raised at the onset of the testing.

  5. #5
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    I would suggest turning the exploits off if you are using it as an administration tool. You don't want to start taking down your servers with it, but that is just my opinion.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563

  6. #6
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    Originally posted here by sysmin770
    I would suggest turning the exploits off if you are using it as an administration tool. You don't want to start taking down your servers with it, but that is just my opinion.

    If I don't test my servers to the fullest possible extent, who will - crackers, hackers? I'd rather expolit it on the front end, take care of any holes, etc. that are exposed, then get back to business... At some point vuln. testing is part of the process - at least if I crash a system, I'm testing full well knowing that I can crash it - better me in my environment than a cracker while the server is in full production...

  7. #7
    Senior Member
    Join Date
    Mar 2003
    Posts
    301
    Very true indeed. The only true way to defend is to know what you are defending against. If it takes taking down your system to do it. So be it.

    PeacE
    -BoB
    #!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
    ($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
    Sa2/d0<X+d*La1=z\\U$n%0]SX$k\"[$m*]\\EszlXx++p|dc`,s/^.|\\W//g,print pack(\'H*\'
    ,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)

  8. #8
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    Originally posted here by fl34bit3
    Very true indeed. The only true way to defend is to know what you are defending against. If it takes taking down your system to do it. So be it.

    PeacE
    -BoB

    Exactly - it's the same principle of when corporations hire crackers or legit firms that will attempt in every way possible to break-in... The risks are there, but at some point it has to be done..

  9. #9
    Member
    Join Date
    Mar 2003
    Posts
    55
    maverick811 im downloading Knoppix Security Tools Distribution now and was wondering if it was possible for this distro to read the nessus updates of a floppy somehow or is the only way to update nessus attacks by downloading knoppix again with the updates Just currious
    \"An eye for an eye and the world would be blind\"
    (I dunno who said this)

    sniper0wolf0 told me it was Ghandi Thanks

  10. #10
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    was wondering if it was possible for this distro to read the nessus updates of a floppy somehow or is the only way to update nessus attacks by downloading knoppix again with the updates Just currious
    all you have to update is the scripts.

    After you get knoppix booted, config your netcard (if you don't have DHCP enabled) and goto the nessus site and DL the file that contains all the plugins/scripts. extract to the proper location.

    You don't have to download knoppix-std everytime. I think they have been using that version for some time now anyway.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •