I've been playing around with the new Nessus release and really like it.
The coolest addition is the new "nessuscmd" tool, which lets you easily
run nessus from the command line. I showed an example on the last podcast:
http://pauldotcom.com/wiki/index.php/Episode106 ("Tech Segment: Probe,
Exploit, and Crack for Free")
I used the "nessuscmd" to scan for an MS06_040 vulnerability, then
metasploit to exploit and deploy SAM juicer, download LANMAN hashes, and
use john to crack them.
Cheers,
Paul
--
Paul Asadoorian
Email: paul /at/ pauldotcom.com
Web: http://pauldotcom.com
IRC: #pauldotcom | irc.freenode.net
Join our mailing list: http://groups.google.com/group/pauldotcom
Erin Carroll wrote:
> On Thu, 1 May 2008, r0cketgrl_at_yahoo.com wrote:
>
>> Hi Erin, I heard you were taking my name in vain. :-) I saw you in
>> your monkey suit in FL, - but it so frightened me, I just couldn't
>> bring myself to do introductions.
>
> Yeah, I seem to have that effect on people. I think it's the shaved
> head and eyebrow piercings.
>
>> I want to hear more about the new release of Nessus. Anyone have
>> anything to say?
>
> I haven't had a chance to play with the new Nessus yet so I'd like to
> hear some details from anyone who is currently using it. Pro? Cons?
>
>
> -- Erin Carroll Moderator, SecurityFocus pen-test mailing list "Do
> Not Taunt Happy-Fun Ball"
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW? Cenzic finds more, "real"
> vulnerabilities fast. Click to try it, buy it or download a solution
> FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
Received on May 05 2008
Intro
