[Gloucs] Virtual hacking

Will Rendell b19wll at gmail.com
Fri Oct 22 12:25:21 UTC 2010 

Hello Matt

I have now registered for a Nessus home feed and registered my code as per
the instructions in the email from Nessus.

I have started the nessus service and can see the log in screen in Firefox,
however I cannot log in as root or the user I created during the install, am
I missing something?  I logged into GnackTrack as root and started Nessus as
root?

Thanks for your help


Will

On 22 October 2010 10:54, matt robbins <mrrobbins1 at live.co.uk> wrote:

>
> Hi Matt,
>
> Thanks for that, its really useful!
>
> I'm about to download and install nessus and also run that get html command
> on my http port.
>
> Only thing is I can't download the GnackTrack even though i would love to
> because I only have a limited download size left this month.
>
> I installed ubuntu using Virtual Box, the iso i actually downloaded for
> ubuntu was: Ubuntu 10.10-alternate-i386.iso. I actually tried installing it
> directly from usb stick (after I used PE Builder to "attempt" to build a
> bootable copy onto the usb stick) but it has a problem with the CD Drivers
> in part of the installation process. I am using a Samsung Notebook so I do
> not have a cd player.
> Is there an easier way to install it as I have a spare partition of atleast
> 20gigs ready and waiting for when i manage to install it.
>
> Regards,
>
> Matt R
>
> > Date: Thu, 21 Oct 2010 17:42:58 +0100
> > From: phillips321 at gmail.com
> > To: gloucs at mailman.lug.org.uk
> > Subject: Re: [Gloucs] Virtual hacking
> >
> > Hi Matt,
> >
> > First of all using a telnet client is a good way to fingerprint a service
> > such as the 3 you have found, but an even better way to automate the
> finger
> > printing would be to use the nmap -A flag or simply use amap as thats a
> > purpose build fingerprinting tool.
> >
> > The main issue is that each service will have different ways of
> > communicating.
> >
> > For example to communicate with a HTTP service try the following:
> >
> > GET / HTTP/1.1[enter]
> > [enter]
> > [enter]
> >
> > (make sure you press enter twice as it looks for a two next line
> characters)
> >
> > Your best bet for now would be to download and install nessus. It's a
> > vulnerability exploitation tool. If you download GnackTrack it already
> comes
> > bundled, you'll just have to registyer for a free home feed to get the
> > plugins (http://www.nessus.org/plugins/?view=homefeed)
> >
> > Then run nessus against your windows XP target.
> > A demo of nmap, nessus and then metasploit to control the target is here:
> > http://www.youtube.com/watch?v=Bpafg8WQSqk (i recorded this before the
> last
> > LUG talk in case something went wrong on the night. - watch in 720p to
> see
> > the text)
> >
> > If you want to target web applications directly it's worth downloading
> > wackopicko which is a vulnerable web application(it will be your target),
> a
> > vmware and livecd copy can be found on the gnacktrack website.
> >
> > Hope this helps
> >
> > Matt
> >
> > P.s. All of the apps mentioned above are preinstalled in GnackTrack,
> sorry
> > for the shameful plug ;-)
> >
> > On 21 October 2010 17:30, matt robbins <mrrobbins1 at live.co.uk> wrote:
> >
> > >
> > > Hi Guys,
> > >
> > > I've been attempting "hacking" into my windows xp os using my "virtual"
> > > linux ubuntu package.
> > > when I scanned with nmap it gave me 3 open ports, 139, 135 and 2869
> > > I then used Telnet to connect to the following ports and got these
> results;
> > >
> > > port 135 hangs when i try to connect to it
> > > port 139 disconnects me
> > > port
> > >  2869 is http but i have not a clue what commands to use and how i
> > > should use them, I tried regular html etc but that did not work, it
> just
> > >  disconnected me back to the linux ubuntu terminal program.
> > >
> > > Any
> > > help would be appreciated as i am trying to learn more about security.
> I
> > >  thought the best bet would be to go on the "offensive" and learn to
> > > hack succesfully against myself for a while using different methods,
> > > then eventually I could go on the defensive and learn about
> preventative
> > >  measures and test them against myself etc.
> > >
> > > Regards,
> > >
> > > Matt R
> > > _______________________________________________
> > > gloucs mailing list
> > > gloucs at mailman.lug.org.uk
> > > https://mailman.lug.org.uk/mailman/listinfo/gloucs
> > >
> > _______________________________________________
> > gloucs mailing list
> > gloucs at mailman.lug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/gloucs
>
> _______________________________________________
> gloucs mailing list
> gloucs at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/gloucs
>



-- 
William Rendell
Web Site: www.williamrendell.com

More information about the gloucs mailing list