4/09/2011

NESSUS - Vulnerability Scanner

First thing you should do is a nessus registration. Go to this link and select the home user http://tenable.com/products/nessus/nessus-plugins/obtain-an-activation-code . An email will be sent to you with the activation code. Now download and install both the Nessus Server and Client from their website. Register using the code provided in the mail.


Now start the Server. It will look like this;
Now Click on Manage Users and add a user and a password. Now click on Start Nessus Server. Your server must be running now.
Start the Nessus Client. Enter the username and password you provided while adding new user.
Nessis client will now open in your browser. Click on Policies, ADD. Now you can provide your choices of port numbers, types of scans etc.

You can click next for more options and submit.
Now select scan, ADD.
Give a name and the policy which you just created. Enter the target. Launch Scan.
When its done, goto reports. You can see the various vulnerabilites according to their severity. I did a scan on my landlord's XP machine, I got 1 severe vulnerability



Now scroll down for more info
It has a public exploit available. Look at the CVSS score, its 7.5(pretty high). All I need to do is a bit of googling on the vulnerability and I can hack my landlord's computer whenever I wish. Of course I am not doing that!!! I mean it. Really!!
I can use metasploit and mess up the XP machine now. See this link
http://www.offensive-security.com/metasploit-unleashed/Working_With_NeXpose


It's that easy.

1 comment:

  1. Hosting a blog composing facility (in a broad sense) requires unlimited space. So I suggest you to discover such web hosting (internet space provider) that give flexibility inside your internet space.
    earn money online without investment

    ReplyDelete