Re: Post-Exploitation - Nessus

[Joshua Smith <lazydj98 () gmail com>]

Michael,
If you need it, it's needed.  The easiest thing to do is copy an existing post mod that does similar things 
(windows/manage/add_user_domain.rb might be a good one, but there are many good choices), or at least affects the same 
brand of OS, copy, modify to your liking.  If you need help, just ask.  This is how most of the existing post mods got 
written.  I'm happy to help, as are others.  Many of us enjoy post exploitation, among other perverse interests ;)

-Josh

On Jul 16, 2012, at 2:25 PM, Ing. Michael F. Schratt, MSc wrote:

> Hi everybody,
>  
> because I am new to that list, I would like to do a short introduction first.
>  
> My name is Michael Schratt and I am very interessted in all security related stuff. I work as Web/Application 
> Penetration Tester and achieved OSCP, CPTE, ECSA, CHFI, CEH and Security+.
>  
> So far so good – I would like to ask if there is a need for post-exploitation modules related to Nessus:
> -          Adding new users to an existing Nessus installation
> -          Changing passwords of existing users to read existing reports
>  
> I think of certain scenarios where unauthorized access has been granted to an attacker due to the exploitation of 
> outdated services. If Nessus is installed on any compromised machine, an attacker could gain access to it and read 
> former scan reports.
>  
> I am looking forward to hearing from you,
>  
> BR Michael
>  
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework