Post-Exploitation - Nessus

["Ing. Michael F. Schratt, MSc" <mschratt () mfs-enterprise com>]

Hi everybody,

 

because I am new to that list, I would like to do a short introduction
first.

 

My name is Michael Schratt and I am very interessted in all security related
stuff. I work as Web/Application Penetration Tester and achieved OSCP, CPTE,
ECSA, CHFI, CEH and Security+.

 

So far so good - I would like to ask if there is a need for
post-exploitation modules related to Nessus:

-          Adding new users to an existing Nessus installation

-          Changing passwords of existing users to read existing reports

 

I think of certain scenarios where unauthorized access has been granted to
an attacker due to the exploitation of outdated services. If Nessus is
installed on any compromised machine, an attacker could gain access to it
and read former scan reports. 

 

I am looking forward to hearing from you,

 

BR Michael 

 

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework