Nessus @ Kali Linux

1.  Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment and is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey.Nessus allows scans for the following types of vulnerabilities:
 

-  Vulnerabilities that allow a remote hacker to control or access sensitive data on a system.

-  Misconfiguration (e.g. open mail relay, missing patches, etc.).
-  Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.

-  Denials of service against the TCP/IP stack by using mangled packets
-  Preparation for PCI DSS audits

2.   This post brings you screenshots for installing Nessus in Kali Linux for home users that's the free edition I am using here :

Firstly after installing Nessus from the site,Obtain the activation code for Nessus by registering at 

http://www.nessus.org/products/nessus/nessus-plugins/obtain-an-activation-code

Secondly Activate Nessus by executing the following command:

/opt/nessus/bin/nessus-fetch --register S56X-XXXX-XXXX-XXXX-4122

Where  S56X-XXXX-XXXX-XXXX-4122 should be your activation code received vide registered email.

Create a user account for the Nessus web interface:

/opt/nessus/sbin/nessus-adduser

To start the Nessus server, we simply invoke the following command:

/etc/init.d/nessusd start

Installing Broadcom drivers : Kali Linux

1.     This post will show the installation of Broadcom's official Linux hybrid wireless driver. Using a Broadcom wireless USB adapter gives us the greatest possibility of success in terms of getting our wireless USB access point to work on Kali.

2.    Open a terminal window and download the appropriate Broadcom driver from http://www.broadcom.com/support/802.11/linux_sta.php

cd /tmp/

wget http://www.broadcom.com/docs/linux_sta/hybrid-portsrc_
x86_64-v5_100_82_112.tar.gz

3.     Extract the downloaded driver using the following script:

mkdir broadcom

tar xvfz hybrid-portsrc_x86_64-v5_100_82_112.tar.gz –C /tmp/broadcom

4.     Modify the wl_cfg80211.c file since there's a bug in version 5.100.82.112 that prevents compiling the code under kernel version 2.6.39

vim /tmp/broadcom/src/wl/sys/wl_cfg80211.c

Look at the following piece of code at line number 1814:

#if LINUX_VERSION_CODE > KERNEL_VERSION(2, 6, 39)

Replace it with the following:

#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 39)

Save the changes.

5.     Compile the code:

make clean
make
make install

6.     Update the dependencies:

depmod -a

7.     Find loaded modules by issuing the following:

lsmod | grep b43\|ssb\|bcma

8.     Remove the modules found by executing the following command:

rmmod b43

Where could be b43 or ssb or bcma.

9.     Blacklist the modules to prevent them from loading at system startup:

echo "blacklist " >> /etc/modprobe.d/blacklist.conf

Where could be b43 or ssb or bcma or wl.

10.     Finally, add the new module to the Linux Kernel to make it a part of the boot process:

modprobe wl

KALI LINUX : INSTALLATION SCREENSHOTS

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution.Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs). Kali Linux can be run from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.This post brings you the screen step wise shots during installation....

Whonix : Not just another ANONYMOUS OS!!!

1.     When u simply Google on "How to surf Anonymously on the web ? ".....u get a whooping 5,510,000 results in 0.19 seconds!!!!!but when u have such a plethora of options..how do u actually decide on which is actually worth? So there is TOR, then there is Anonymous OS.....did some one think Incognito?....:-)..so we have millions in the line!...so now what I am going to mention here is about Whonix OS.....few points about this as follows :

- An anonymous general purpose Operating System based on Virtual Box, Debian GNU/Linux and Tor.

- By Whonix design, IP and DNS leaks are impossible.

- Not even malware with root rights can find out the user's real IP/location.

- Whonix consists of two (virtual) machines.

-  One VM solely runs Tor and acts as a gateway, which we call Whonix-Gateway.

-  The other VM, which we call Whonix-Workstation, is on a completely isolated network.

-  Only connections through Tor are possible.

2.  When you download the image from the source forge site at http://sourceforge.net/projects/whonix/files/whonix-0.5.6/ you get basically three files.Two in the appliance format and one as a vmdk.So here is the basic diagram explaining the working architecture in WHONIX.

(Click on the image to enlarge)

3.   There is a small difference when we install this OS.Unlike the regular OSs wherein you get the .iso image of the OS and you install it in the typical manner,here the files you need to install are actually virtual appliances in form of .ovf and .ova format.How the installation is done is shown in the video cast below :

BACKTRACK 6.0 aka KALI LINUX

1.      This will  be a surprise news for those who have were updated till Backtrack 5R3....the same team has come up with some thing more powerful thats named...KALI LINUX....:-)....and not BACKTRACK 6.0......few key points about KALI....

-    Based upon Debian Linux, instead of Ubuntu 

-    New streamlined repositories synchronize with the Debian repositories 4 times a day.

-   Another great feature introduced is that, because of Debian compliant system, it is now able to Bootstrap a Kali Installation/ISO directly from Kali repositories. This allow any user to easily build their own customization of Kali, as well as perform enterprise network installs from a local or remote repository...now start distributing your own ISO....

-   More than 300 penetration testing tools, completely free, Open source, Vast wireless device support, GPG signed packages and repos, Multi-language, Completely customizable make this distribution one of the best available masterpiece of  hacking community.

-    Once again, default root password is same “toor“, you can download Kali Linux here.

2.    My download will start tomorrow morning....will keep me busy for few days and hours...:-)

3.     Thanks http://thehackernews.com