[Gloucs] Virtual hacking

Matthew Phillips phillips321 at gmail.com
Fri Oct 22 09:34:06 UTC 2010 

Hi Will,

I would definitely recommend downloading nessus. Nessus is a vulnerability
assessment tool. Basically it'll scan all the devices on your home network
and then report about which ones are vulnerable and why.

The best way to do this would be a full udp and tcp scan of all the devices,
this would require turning them all on, PS3, printer, mobile phones, etc...

To use nessus you would have to register for a home feed as outlined below.
Then once you have registered you'll be able to download the latest
vulnerabilities (plugins).

Then goto nessus, and create a new scan pollicy with ports of 1-65535 and
tick tcp and udp.

The create a new scan and target all the devices on your home network (found
using arp-scan -l)

Then run the scan and check the results.

To test your wireless out i strongly recommend using wifite, it can be found
under /pentest/wireless/wifite.py run it and if your wifi card supports
monitor mode and injection of raw packets you'll be able to start trying to
crack into your own network.

WEP is fairly quick
WPA is much much longer but it will capture the 4way handshake for you

Any questions just ask. (check the video as this covers a full walk through
of nessus, just make sure you add more than 1 target in the new scan)

Matt




On 22 October 2010 10:20, Will Rendell <b19wll at gmail.com> wrote:

> Hi Matt (GnackTrack Matt)
>
> I have a few questions re Gnacktrack, I woke up at 4am and could not get
> back to sleep, so I read this post and had a look at your site. I have
> downloaded the live iso and have had a little play with it. So far all I
> have done is arp-scan and nmap via the terminal and I am amazed what
> information can be found out!
>
> I am at a loss on what to do with the info, in terms of running a
> penatration test against some of my devices on my LAN. Do you have a simple
> howto guide maybe or is it just a case of fiddling?
>
> Many thanks
>
>
> Will
>
> On 21 October 2010 17:42, Matthew Phillips <phillips321 at gmail.com> wrote:
>
> > Hi Matt,
> >
> > First of all using a telnet client is a good way to fingerprint a service
> > such as the 3 you have found, but an even better way to automate the
> finger
> > printing would be to use the nmap -A flag or simply use amap as thats a
> > purpose build fingerprinting tool.
> >
> > The main issue is that each service will have different ways of
> > communicating.
> >
> > For example to communicate with a HTTP service try the following:
> >
> > GET / HTTP/1.1[enter]
> > [enter]
> > [enter]
> >
> > (make sure you press enter twice as it looks for a two next line
> > characters)
> >
> > Your best bet for now would be to download and install nessus. It's a
> > vulnerability exploitation tool. If you download GnackTrack it already
> > comes
> > bundled, you'll just have to registyer for a free home feed to get the
> > plugins (http://www.nessus.org/plugins/?view=homefeed)
> >
> > Then run nessus against your windows XP target.
> > A demo of nmap, nessus and then metasploit to control the target is here:
> > http://www.youtube.com/watch?v=Bpafg8WQSqk (i recorded this before the
> > last
> > LUG talk in case something went wrong on the night. - watch in 720p to
> see
> > the text)
> >
> > If you want to target web applications directly it's worth downloading
> > wackopicko which is a vulnerable web application(it will be your target),
> a
> > vmware and livecd copy can be found on the gnacktrack website.
> >
> > Hope this helps
> >
> > Matt
> >
> > P.s. All of the apps mentioned above are preinstalled in GnackTrack,
> sorry
> > for the shameful plug ;-)
> >
> > On 21 October 2010 17:30, matt robbins <mrrobbins1 at live.co.uk> wrote:
> >
> > >
> > > Hi Guys,
> > >
> > > I've been attempting "hacking" into my windows xp os using my "virtual"
> > > linux ubuntu package.
> > > when I scanned with nmap it gave me 3 open ports, 139, 135 and 2869
> > > I then used Telnet to connect to the following ports and got these
> > results;
> > >
> > > port 135 hangs when i try to connect to it
> > > port 139 disconnects me
> > > port
> > >  2869 is http but i have not a clue what commands to use and how i
> > > should use them, I tried regular html etc but that did not work, it
> just
> > >  disconnected me back to the linux ubuntu terminal program.
> > >
> > > Any
> > > help would be appreciated as i am trying to learn more about security.
> I
> > >  thought the best bet would be to go on the "offensive" and learn to
> > > hack succesfully against myself for a while using different methods,
> > > then eventually I could go on the defensive and learn about
> preventative
> > >  measures and test them against myself etc.
> > >
> > > Regards,
> > >
> > > Matt R
> > > _______________________________________________
> > > gloucs mailing list
> > > gloucs at mailman.lug.org.uk
> > > https://mailman.lug.org.uk/mailman/listinfo/gloucs
> > >
> > _______________________________________________
> > gloucs mailing list
> > gloucs at mailman.lug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/gloucs
> >
>
>
>
> --
> William Rendell
> Web Site: www.williamrendell.com
> _______________________________________________
> gloucs mailing list
> gloucs at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/gloucs
>

More information about the gloucs mailing list