Re: Taking my name in vain and fun security stuff

[Paul Asadoorian <paul () pauldotcom com>]

I've been playing around with the new Nessus release and really like it.
 The coolest addition is the new "nessuscmd" tool, which lets you easily
run nessus from the command line.  I showed an example on the last podcast:

http://pauldotcom.com/wiki/index.php/Episode106 ("Tech Segment: Probe, 
Exploit, and Crack for Free")

I used the "nessuscmd" to scan for an MS06_040 vulnerability, then 
metasploit to exploit and deploy SAM juicer, download LANMAN hashes, and 
use john to crack them.

Cheers,
Paul

--
Paul Asadoorian
Email:   paul /at/ pauldotcom.com
Web:     http://pauldotcom.com
IRC:     #pauldotcom | irc.freenode.net

Join our mailing list: http://groups.google.com/group/pauldotcom

Erin Carroll wrote:
> On Thu, 1 May 2008, r0cketgrl () yahoo com wrote:
>
> > Hi Erin, I heard you were taking my name in vain. :-) I saw you in
> >  your monkey suit in FL, - but it so frightened me, I just couldn't
> >  bring myself to do introductions.
>
> Yeah, I seem to have that effect on people. I think it's the shaved
> head and eyebrow piercings.
>
> > I want to hear more about the new release of Nessus.  Anyone have 
> > anything to say?
>
> I haven't had a chance to play with the new Nessus yet so I'd like to
>  hear some details from anyone who is currently using it. Pro? Cons?
>
>
> -- Erin Carroll Moderator, SecurityFocus pen-test mailing list "Do
> Not Taunt Happy-Fun Ball"
>
> ------------------------------------------------------------------------
>  This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW? Cenzic finds more, "real"
> vulnerabilities fast. Click to try it, buy it or download a solution
> FREE today!
>
> http://www.cenzic.com/downloads 
> ------------------------------------------------------------------------

Attachment: signature.asc
Description: OpenPGP digital signature