Nessus @ Kali Linux

1.  Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment and is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey.Nessus allows scans for the following types of vulnerabilities:
 

-  Vulnerabilities that allow a remote hacker to control or access sensitive data on a system.

-  Misconfiguration (e.g. open mail relay, missing patches, etc.).
-  Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.

-  Denials of service against the TCP/IP stack by using mangled packets
-  Preparation for PCI DSS audits

2.   This post brings you screenshots for installing Nessus in Kali Linux for home users that's the free edition I am using here :

Firstly after installing Nessus from the site,Obtain the activation code for Nessus by registering at 

http://www.nessus.org/products/nessus/nessus-plugins/obtain-an-activation-code

Secondly Activate Nessus by executing the following command:

/opt/nessus/bin/nessus-fetch --register S56X-XXXX-XXXX-XXXX-4122

Where  S56X-XXXX-XXXX-XXXX-4122 should be your activation code received vide registered email.

Create a user account for the Nessus web interface:

/opt/nessus/sbin/nessus-adduser

To start the Nessus server, we simply invoke the following command:

/etc/init.d/nessusd start

KALI LINUX : UPDATING IN 3 TERMINAL COMMANDS

1.   No big deal for these three terminal commands which actually can suffice for updating any package.As Kali packages are constantly updated between releases, a newer set of tools are available than what were originally downloaded on your DVD ROM or came with any old iso image.

2.  So these go like this :

- Update the local package index with the latest changes made in the repositories:

apt-get update

- Upgrade the existing packages:

apt-get upgrade

- Upgrade to the latest version (if available):

apt-get dist-upgrade

3.  That's it.....do it as Root or add sudo su before u start

Installing Broadcom drivers : Kali Linux

1.     This post will show the installation of Broadcom's official Linux hybrid wireless driver. Using a Broadcom wireless USB adapter gives us the greatest possibility of success in terms of getting our wireless USB access point to work on Kali.

2.    Open a terminal window and download the appropriate Broadcom driver from http://www.broadcom.com/support/802.11/linux_sta.php

cd /tmp/

wget http://www.broadcom.com/docs/linux_sta/hybrid-portsrc_
x86_64-v5_100_82_112.tar.gz

3.     Extract the downloaded driver using the following script:

mkdir broadcom

tar xvfz hybrid-portsrc_x86_64-v5_100_82_112.tar.gz –C /tmp/broadcom

4.     Modify the wl_cfg80211.c file since there's a bug in version 5.100.82.112 that prevents compiling the code under kernel version 2.6.39

vim /tmp/broadcom/src/wl/sys/wl_cfg80211.c

Look at the following piece of code at line number 1814:

#if LINUX_VERSION_CODE > KERNEL_VERSION(2, 6, 39)

Replace it with the following:

#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 39)

Save the changes.

5.     Compile the code:

make clean
make
make install

6.     Update the dependencies:

depmod -a

7.     Find loaded modules by issuing the following:

lsmod | grep b43\|ssb\|bcma

8.     Remove the modules found by executing the following command:

rmmod b43

Where could be b43 or ssb or bcma.

9.     Blacklist the modules to prevent them from loading at system startup:

echo "blacklist " >> /etc/modprobe.d/blacklist.conf

Where could be b43 or ssb or bcma or wl.

10.     Finally, add the new module to the Linux Kernel to make it a part of the boot process:

modprobe wl

KALI LINUX : INSTALLATION SCREENSHOTS

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution.Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs). Kali Linux can be run from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.This post brings you the screen step wise shots during installation....

UPDATING METASPLOIT ON BACKTRACK3 : SOLVED

1.   Backtrack 5 comes with pre-installed  metasploit framework v4.0 but now Metasploit Community comes with updated  Web Ui version and others functionalities and even more exploits.To exploit the new features and functionalities it is important to upgrade the existing Metasploit version to its current stable version.But unlike in past it is not simply a matter of doing msfupdate in the msfconsole.Here I bring you few simple steps with screen shots to enable you to upgrade your version of Metasploit.

Firstly download the current available version ie Metasploit framework v4.5 which can be downloaded from Metasploit Framework site here

 

or click at  http://www.metasploit.com/download/

 

Secondly Installing Metasploit Community over the existing metasploit framework installation won't work for various reasons so the best way to start is by uninstalling the earlier version of Metasploit Framework first and this basically comes to the following terminal commands.

# cd /opt/metasploit/

# ls

# ./uninstall

 

Thirdly ,Make installer executable...so when you have downloaded the file with name "metasploit-latest-linux-installer.run", open new terminal window and enter the following commands.

# chmod u+x /root/metasploit-latest-linux-installer.run

Fourthly, Run Installer

# ./metasploit-latest-linux-installer.run

This will now be explained further till installation vide screen shots as below :

At the end of the installer, the metasploit web UI will open in your browser (https://localhost:3790/) and you follow the steps to register and choose the metasploit community edition for free....thats it!!!