|
Penetration Testing
mailing list archives
Re: Taking my name in vain and fun security stuff
From: Paul Asadoorian <paul () pauldotcom com>
Date: Mon, 05 May 2008 10:05:26 -0400
I've been playing around with the new Nessus release and really like it.
The coolest addition is the new "nessuscmd" tool, which lets you easily
run nessus from the command line. I showed an example on the last podcast:
http://pauldotcom.com/wiki/index.php/Episode106 ("Tech Segment: Probe,
Exploit, and Crack for Free")
I used the "nessuscmd" to scan for an MS06_040 vulnerability, then
metasploit to exploit and deploy SAM juicer, download LANMAN hashes, and
use john to crack them.
Cheers,
Paul
--
Paul Asadoorian
Email: paul /at/ pauldotcom.com
Web: http://pauldotcom.com
IRC: #pauldotcom | irc.freenode.net
Join our mailing list: http://groups.google.com/group/pauldotcom
Erin Carroll wrote:
On Thu, 1 May 2008, r0cketgrl () yahoo com wrote:
Hi Erin, I heard you were taking my name in vain. :-) I saw you in
your monkey suit in FL, - but it so frightened me, I just couldn't
bring myself to do introductions.
Yeah, I seem to have that effect on people. I think it's the shaved
head and eyebrow piercings.
I want to hear more about the new release of Nessus. Anyone have
anything to say?
I haven't had a chance to play with the new Nessus yet so I'd like to
hear some details from anyone who is currently using it. Pro? Cons?
-- Erin Carroll Moderator, SecurityFocus pen-test mailing list "Do
Not Taunt Happy-Fun Ball"
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW? Cenzic finds more, "real"
vulnerabilities fast. Click to try it, buy it or download a solution
FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature
 By Date 
By Thread
Current thread:
|
Intro
