Nessus @ Kali Linux

1.  Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment and is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey.Nessus allows scans for the following types of vulnerabilities:
 

-  Vulnerabilities that allow a remote hacker to control or access sensitive data on a system.

-  Misconfiguration (e.g. open mail relay, missing patches, etc.).
-  Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.

-  Denials of service against the TCP/IP stack by using mangled packets
-  Preparation for PCI DSS audits

2.   This post brings you screenshots for installing Nessus in Kali Linux for home users that's the free edition I am using here :

Firstly after installing Nessus from the site,Obtain the activation code for Nessus by registering at 

http://www.nessus.org/products/nessus/nessus-plugins/obtain-an-activation-code

Secondly Activate Nessus by executing the following command:

/opt/nessus/bin/nessus-fetch --register S56X-XXXX-XXXX-XXXX-4122

Where  S56X-XXXX-XXXX-XXXX-4122 should be your activation code received vide registered email.

Create a user account for the Nessus web interface:

/opt/nessus/sbin/nessus-adduser

To start the Nessus server, we simply invoke the following command:

/etc/init.d/nessusd start

KALI LINUX : UPDATING IN 3 TERMINAL COMMANDS

1.   No big deal for these three terminal commands which actually can suffice for updating any package.As Kali packages are constantly updated between releases, a newer set of tools are available than what were originally downloaded on your DVD ROM or came with any old iso image.

2.  So these go like this :

- Update the local package index with the latest changes made in the repositories:

apt-get update

- Upgrade the existing packages:

apt-get upgrade

- Upgrade to the latest version (if available):

apt-get dist-upgrade

3.  That's it.....do it as Root or add sudo su before u start

Installing Broadcom drivers : Kali Linux

1.     This post will show the installation of Broadcom's official Linux hybrid wireless driver. Using a Broadcom wireless USB adapter gives us the greatest possibility of success in terms of getting our wireless USB access point to work on Kali.

2.    Open a terminal window and download the appropriate Broadcom driver from http://www.broadcom.com/support/802.11/linux_sta.php

cd /tmp/

wget http://www.broadcom.com/docs/linux_sta/hybrid-portsrc_
x86_64-v5_100_82_112.tar.gz

3.     Extract the downloaded driver using the following script:

mkdir broadcom

tar xvfz hybrid-portsrc_x86_64-v5_100_82_112.tar.gz –C /tmp/broadcom

4.     Modify the wl_cfg80211.c file since there's a bug in version 5.100.82.112 that prevents compiling the code under kernel version 2.6.39

vim /tmp/broadcom/src/wl/sys/wl_cfg80211.c

Look at the following piece of code at line number 1814:

#if LINUX_VERSION_CODE > KERNEL_VERSION(2, 6, 39)

Replace it with the following:

#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 39)

Save the changes.

5.     Compile the code:

make clean
make
make install

6.     Update the dependencies:

depmod -a

7.     Find loaded modules by issuing the following:

lsmod | grep b43\|ssb\|bcma

8.     Remove the modules found by executing the following command:

rmmod b43

Where could be b43 or ssb or bcma.

9.     Blacklist the modules to prevent them from loading at system startup:

echo "blacklist " >> /etc/modprobe.d/blacklist.conf

Where could be b43 or ssb or bcma or wl.

10.     Finally, add the new module to the Linux Kernel to make it a part of the boot process:

modprobe wl

KALI LINUX : INSTALLATION SCREENSHOTS

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution.Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs). Kali Linux can be run from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.This post brings you the screen step wise shots during installation....

UPDATING METASPLOIT ON BACKTRACK3 : SOLVED

1.   Backtrack 5 comes with pre-installed  metasploit framework v4.0 but now Metasploit Community comes with updated  Web Ui version and others functionalities and even more exploits.To exploit the new features and functionalities it is important to upgrade the existing Metasploit version to its current stable version.But unlike in past it is not simply a matter of doing msfupdate in the msfconsole.Here I bring you few simple steps with screen shots to enable you to upgrade your version of Metasploit.

Firstly download the current available version ie Metasploit framework v4.5 which can be downloaded from Metasploit Framework site here

 

or click at  http://www.metasploit.com/download/

 

Secondly Installing Metasploit Community over the existing metasploit framework installation won't work for various reasons so the best way to start is by uninstalling the earlier version of Metasploit Framework first and this basically comes to the following terminal commands.

# cd /opt/metasploit/

# ls

# ./uninstall

 

Thirdly ,Make installer executable...so when you have downloaded the file with name "metasploit-latest-linux-installer.run", open new terminal window and enter the following commands.

# chmod u+x /root/metasploit-latest-linux-installer.run

Fourthly, Run Installer

# ./metasploit-latest-linux-installer.run

This will now be explained further till installation vide screen shots as below :

At the end of the installer, the metasploit web UI will open in your browser (https://localhost:3790/) and you follow the steps to register and choose the metasploit community edition for free....thats it!!!

Facebook and Law strings

1.   The way Facebook has made an impact pan globe in most of our lives is undoubtedly phenomenal.Facebook has become a way of life for many who are addicted...it gives us a medium to express self in the digital world with a digital self avatar.It is seen that people who remain silent in their physical lives may become more verbose on Facebook...people who generally remain non reactive in informal group discussions become unexpectedly high on expressing themselves ...and so it be that for the first few years when every one was expressing loudly on the Facebook ...it didn't matter but now with the IT act and laws propping up in each country...things are not so easy to express.Each time anyone expresses anger or happiness over something... it is associated and linked with a act which may or may not be legally authorized.Here in this post ahead I bring you few FAQs which each one of us will associate with our lives and associated punishments effected as per IT act 2008 amended (India).

FAQs ex ROHAS NAGPAL @ http://www.facebooklaw.in/

Is it legal to ridicule a Government official or Minister on Facebook?

NO. This is a very serious offence and could get someone in jail for life! And unlike what is shown in Hindi movies, life imprisonment means imprisonment for life and not just 14 years! Ridiculing a Government official or Minister on Facebook could be illegal under the following laws:

Sedition
Defamation
Sending offensive electronic messages

Plus, if the Minister or official is a woman, it could also be covered under indecent representation of women

Is it legal to ridicule a celebrity or even an ordinary person on Facebook?

No. This is a serious offence and could get someone in jail for upto 3 years! Ridiculing a celebrity or even an ordinary person on Facebook could be illegal under the following laws:

Defamation
Sending offensive electronic messages

Is it legal to ridicule a religion on Facebook?

No.This is a serious offence and could get someone in jail for upto 3 years! Ridiculing a religion on Facebook could be illegal under the following laws:

Promoting enmity on grounds of religion8
Outraging religious feelings9
Wounding religious feelings10
Sending offensive electronic messages11
Imputations, assertions prejudicial to national-integration

Is it legal to call someone an “idiot” on Facebook?

No.This is a serious offence and could get someone in jail for upto 3 years!The dictionary meaning of “idiot” is a “person of low intelligence” or a “mentally deficient person”.Since it is impossible to prove that a person is actually an “idiot”, calling someone an idiot would amount to defamation and would be punishable under two laws:

Defamation
Sending offensive electronic messages

I have ordered some stuff from a famous ecommerce website. They have not sent
it even after a month but my credit card has been charged for the transaction. Is it legal to post my complaint about this on my Facebook wall?

Is it legal to open a Facebook account in a fake name?

No.This is a serious offense and simply creating the account in a fake name (or someone else’s name) makes the creator liable for 2 years imprisonment.If the person sends even one message, posts one comment or sends even one friend request using this account, the liability could be another 3 years in jail!Simply creating the account in the fake name (or someone else’s name) amounts to forgery.If the account is used, then it amounts to sending offensive electronic messages.Further if the fake account was created for the purpose of harming someone’s reputation, then it amounts to forgery for purpose of harming reputation.

If I use asterisk marks instead of abusive words, can I still get into trouble?

Yes.Even if you use asterisk marks (e.g. instead of fool, you say f**l), if the meaning is apparent, then it would be punishable with upto 3 years imprisonment.

 

As a joke, I have put a morphed photo of my friend on Facebook. She has taken
it as a joke, but her father is very angry with this. Can he file a case against me?
What kind of posts can land me in prison?

Yes.If her father finds it offensive, he can file a case and it can be penalized as “sending offensive messages” and is punishable with upto 3 years imprisonment.If the photo is obscene then there is an additional liability for 3 years imprisonment.

Someone has sent me a threatening message on Facebook. Is that a crime?

Yes.Sending threatening messages on Facebook can be penalized as “sending offensive messages” and is punishable with upto 3 years imprisonment.Additionally, depending upon the threat in the message, additional punishment could vary from 2 years imprisonment to 7 years imprisonment.Additionally, if the threatening message is sent using a fake account (or in any manner to hide the name and details of the sender), then an additional 2 years punishment can be given.

FAQs ex ROHAS NAGPAL @ http://www.facebooklaw.in/