Penetration Testing mailing list archives
Re: Taking my name in vain and fun security stuff
From: Paul Asadoorian <paul () pauldotcom com>
Date: Mon, 05 May 2008 10:05:26 -0400
I've been playing around with the new Nessus release and really like it. The coolest addition is the new "nessuscmd" tool, which lets you easily run nessus from the command line. I showed an example on the last podcast:http://pauldotcom.com/wiki/index.php/Episode106 ("Tech Segment: Probe, Exploit, and Crack for Free")
I used the "nessuscmd" to scan for an MS06_040 vulnerability, then metasploit to exploit and deploy SAM juicer, download LANMAN hashes, and use john to crack them.
Cheers, Paul -- Paul Asadoorian Email: paul /at/ pauldotcom.com Web: http://pauldotcom.com IRC: #pauldotcom | irc.freenode.net Join our mailing list: http://groups.google.com/group/pauldotcom Erin Carroll wrote:
On Thu, 1 May 2008, r0cketgrl () yahoo com wrote:Hi Erin, I heard you were taking my name in vain. :-) I saw you in your monkey suit in FL, - but it so frightened me, I just couldn't bring myself to do introductions.Yeah, I seem to have that effect on people. I think it's the shaved head and eyebrow piercings.I want to hear more about the new release of Nessus. Anyone have anything to say?I haven't had a chance to play with the new Nessus yet so I'd like to hear some details from anyone who is currently using it. Pro? Cons? -- Erin Carroll Moderator, SecurityFocus pen-test mailing list "Do Not Taunt Happy-Fun Ball" ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today!http://www.cenzic.com/downloads ------------------------------------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Taking my name in vain and fun security stuff r0cketgrl (May 01)
- Re: Taking my name in vain and fun security stuff Erin Carroll (May 02)
- Re: Taking my name in vain and fun security stuff Paul Asadoorian (May 05)
- Re: Taking my name in vain and fun security stuff Erin Carroll (May 02)