[Gloucs] Virtual hacking

Matthew Phillips phillips321 at gmail.com
Fri Oct 22 12:55:35 UTC 2010 

Have you tried logging in using U:root P:toor

if that fails to work you'll need to create a new user
/usr/nessus/sbin/nessus-adduser

Let me know if it doesnt work

Matt

On 22 October 2010 13:25, Will Rendell <b19wll at gmail.com> wrote:

> Hello Matt
>
> I have now registered for a Nessus home feed and registered my code as per
> the instructions in the email from Nessus.
>
> I have started the nessus service and can see the log in screen in Firefox,
> however I cannot log in as root or the user I created during the install,
> am
> I missing something?  I logged into GnackTrack as root and started Nessus
> as
> root?
>
> Thanks for your help
>
>
> Will
>
> On 22 October 2010 10:54, matt robbins <mrrobbins1 at live.co.uk> wrote:
>
> >
> > Hi Matt,
> >
> > Thanks for that, its really useful!
> >
> > I'm about to download and install nessus and also run that get html
> command
> > on my http port.
> >
> > Only thing is I can't download the GnackTrack even though i would love to
> > because I only have a limited download size left this month.
> >
> > I installed ubuntu using Virtual Box, the iso i actually downloaded for
> > ubuntu was: Ubuntu 10.10-alternate-i386.iso. I actually tried installing
> it
> > directly from usb stick (after I used PE Builder to "attempt" to build a
> > bootable copy onto the usb stick) but it has a problem with the CD
> Drivers
> > in part of the installation process. I am using a Samsung Notebook so I
> do
> > not have a cd player.
> > Is there an easier way to install it as I have a spare partition of
> atleast
> > 20gigs ready and waiting for when i manage to install it.
> >
> > Regards,
> >
> > Matt R
> >
> > > Date: Thu, 21 Oct 2010 17:42:58 +0100
> > > From: phillips321 at gmail.com
> > > To: gloucs at mailman.lug.org.uk
> > > Subject: Re: [Gloucs] Virtual hacking
> > >
> > > Hi Matt,
> > >
> > > First of all using a telnet client is a good way to fingerprint a
> service
> > > such as the 3 you have found, but an even better way to automate the
> > finger
> > > printing would be to use the nmap -A flag or simply use amap as thats a
> > > purpose build fingerprinting tool.
> > >
> > > The main issue is that each service will have different ways of
> > > communicating.
> > >
> > > For example to communicate with a HTTP service try the following:
> > >
> > > GET / HTTP/1.1[enter]
> > > [enter]
> > > [enter]
> > >
> > > (make sure you press enter twice as it looks for a two next line
> > characters)
> > >
> > > Your best bet for now would be to download and install nessus. It's a
> > > vulnerability exploitation tool. If you download GnackTrack it already
> > comes
> > > bundled, you'll just have to registyer for a free home feed to get the
> > > plugins (http://www.nessus.org/plugins/?view=homefeed)
> > >
> > > Then run nessus against your windows XP target.
> > > A demo of nmap, nessus and then metasploit to control the target is
> here:
> > > http://www.youtube.com/watch?v=Bpafg8WQSqk (i recorded this before the
> > last
> > > LUG talk in case something went wrong on the night. - watch in 720p to
> > see
> > > the text)
> > >
> > > If you want to target web applications directly it's worth downloading
> > > wackopicko which is a vulnerable web application(it will be your
> target),
> > a
> > > vmware and livecd copy can be found on the gnacktrack website.
> > >
> > > Hope this helps
> > >
> > > Matt
> > >
> > > P.s. All of the apps mentioned above are preinstalled in GnackTrack,
> > sorry
> > > for the shameful plug ;-)
> > >
> > > On 21 October 2010 17:30, matt robbins <mrrobbins1 at live.co.uk> wrote:
> > >
> > > >
> > > > Hi Guys,
> > > >
> > > > I've been attempting "hacking" into my windows xp os using my
> "virtual"
> > > > linux ubuntu package.
> > > > when I scanned with nmap it gave me 3 open ports, 139, 135 and 2869
> > > > I then used Telnet to connect to the following ports and got these
> > results;
> > > >
> > > > port 135 hangs when i try to connect to it
> > > > port 139 disconnects me
> > > > port
> > > >  2869 is http but i have not a clue what commands to use and how i
> > > > should use them, I tried regular html etc but that did not work, it
> > just
> > > >  disconnected me back to the linux ubuntu terminal program.
> > > >
> > > > Any
> > > > help would be appreciated as i am trying to learn more about
> security.
> > I
> > > >  thought the best bet would be to go on the "offensive" and learn to
> > > > hack succesfully against myself for a while using different methods,
> > > > then eventually I could go on the defensive and learn about
> > preventative
> > > >  measures and test them against myself etc.
> > > >
> > > > Regards,
> > > >
> > > > Matt R
> > > > _______________________________________________
> > > > gloucs mailing list
> > > > gloucs at mailman.lug.org.uk
> > > > https://mailman.lug.org.uk/mailman/listinfo/gloucs
> > > >
> > > _______________________________________________
> > > gloucs mailing list
> > > gloucs at mailman.lug.org.uk
> > > https://mailman.lug.org.uk/mailman/listinfo/gloucs
> >
> > _______________________________________________
> > gloucs mailing list
> > gloucs at mailman.lug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/gloucs
> >
>
>
>
> --
> William Rendell
> Web Site: www.williamrendell.com
> _______________________________________________
> gloucs mailing list
> gloucs at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/gloucs
>

More information about the gloucs mailing list