Comments for WIKISECURE BLOGS http://wikisecure.net Chown the web!!! Thu, 29 Jul 2010 04:37:41 +0000 hourly 1 http://wordpress.org/?v=3.0.1 Comment on How to install OpenVAS 3 in Ubuntu 9.10 by XyluX http://wikisecure.net/security/how-to-install-openvas-ubuntu9/comment-page-1#comment-621 XyluX Thu, 29 Jul 2010 04:37:41 +0000 http://wikisecure.net/?p=670#comment-621 Sevyls, thanks for this useful update!!! Sevyls, thanks for this useful update!!!

]]> Comment on How to install OpenVAS 3 in Ubuntu 9.10 by sevyls http://wikisecure.net/security/how-to-install-openvas-ubuntu9/comment-page-1#comment-617 sevyls Wed, 28 Jul 2010 07:48:06 +0000 http://wikisecure.net/?p=670#comment-617 with ubuntu 10.04 you need "uuid-dev" as an requirement before compiling the libraries with ubuntu 10.04 you need “uuid-dev” as an requirement before compiling the libraries

]]> Comment on How to install OpenVAS 3 in Ubuntu 9.10 by XyluX http://wikisecure.net/security/how-to-install-openvas-ubuntu9/comment-page-1#comment-477 XyluX Tue, 22 Jun 2010 03:53:52 +0000 http://wikisecure.net/?p=670#comment-477 HI Kingston, Its a pleasure to know that it worked for you without any problem. :) I got so many mails regarding the GSA installation manual as well. However, as of now I don't have any tutorial on installing GSA. As I am busy in doing some other protocol related research these days so I didn't get any time to get my hands dirty on GSA. I will install GSA this weekend in my Lappie (I hope I will manage some spare times this weekend) and will let you know. For the time being I don't have any tutorial link too, on how to install it but I hope it won't be difficult at all. Anyways, I will give it a try this time and will update you about its status. Just wait for 2-3 more days :) - XyluX HI Kingston,
Its a pleasure to know that it worked for you without any problem. :) I got so many mails regarding the GSA installation manual as well. However, as of now I don’t have any tutorial on installing GSA. As I am busy in doing some other protocol related research these days so I didn’t get any time to get my hands dirty on GSA. I will install GSA this weekend in my Lappie (I hope I will manage some spare times this weekend) and will let you know. For the time being I don’t have any tutorial link too, on how to install it but I hope it won’t be difficult at all. Anyways, I will give it a try this time and will update you about its status. Just wait for 2-3 more days :)

- XyluX

]]> Comment on How to install OpenVAS 3 in Ubuntu 9.10 by J. Kingston http://wikisecure.net/security/how-to-install-openvas-ubuntu9/comment-page-1#comment-476 J. Kingston Mon, 21 Jun 2010 22:34:42 +0000 http://wikisecure.net/?p=670#comment-476 Great how-to on installing Openvas. I had no problems installing it. Do you have a how-to on the GSA or can you point me to some help installing it? Thanks Great how-to on installing Openvas. I had no problems installing it. Do you have a how-to on the GSA or can you point me to some help installing it?

Thanks

]]> Comment on Extracting RAR Archives in Linux by XyluX http://wikisecure.net/linux/extracting-rar-archives-in-linux/comment-page-1#comment-453 XyluX Sun, 13 Jun 2010 18:13:51 +0000 http://wikisecure.net/?p=791#comment-453 Veerendra, Yeah of course you can do that too. But it has always been a reliable method to rely on RPMs/DEBs rather than wine installers as sometimes they suck. You never know when your running app is going to crash. ;) Take an example "Microsoft .Net". You can install in Linux through Wine, but try running the .Net through wine package and see how many times your Linux box is crashing. :P Hope it clarifies. - XyluX Veerendra,
Yeah of course you can do that too. But it has always been a reliable method to rely on RPMs/DEBs rather than wine installers as sometimes they suck. You never know when your running app is going to crash. ;) Take an example “Microsoft .Net”. You can install in Linux through Wine, but try running the .Net through wine package and see how many times your Linux box is crashing. :P Hope it clarifies.

- XyluX

]]> Comment on Extracting RAR Archives in Linux by Veerendra http://wikisecure.net/linux/extracting-rar-archives-in-linux/comment-page-1#comment-443 Veerendra Mon, 07 Jun 2010 12:07:53 +0000 http://wikisecure.net/?p=791#comment-443 Also you can install "WinRAR" using wine as well to do the same job with ease.. :) Also you can install “WinRAR” using wine as well to do the same job with ease.. :)

]]> Comment on How to install OpenVAS 3 in Ubuntu 9.10 by XyluX http://wikisecure.net/security/how-to-install-openvas-ubuntu9/comment-page-1#comment-441 XyluX Sun, 06 Jun 2010 19:22:00 +0000 http://wikisecure.net/?p=670#comment-441 Atout, Sorry for the delayed response buddy as I was bit away and didn't get time to look into the post comments. Anyways, Lets come to the topic now. Well, "Credentials" tab is one of the most important tab while you scan because, let's say if you want to check for a vulnerability in the target machine and the plugin needs remote machine credentials to scan the target, then you have to give the SMB/SSH Credentials (NTLMSSP is enabled now so it should work in any new OS e.g. Windows7, Win2008 or Vista). In that case only your scripts will scan the target. But if you want to check some HTTP related stuffs then you don't have to pass any credentials of that target machine. - No need to load most of the plugins as it will eat your time unnecessarily unless you require all 17k scripts badly. Unloading ipchain is required because sometimes if you are scanning a remote linux box but the built-in firewall inside Linux blocks the inbound traffic then your scanner won't be able to communicate with the system further. So its better to unload the firewall and launch the scan. After the scanning is complete, you can enable the iptables ($sudo service iptables restart) though. - You will find all the scripts which OpenVAS clients from, "/usr/local/lib/openvas/plugins/". Just cd to that path and ls for *.nasl files. Those are your script files. I hope it will give you some more hints to perform your required task. If still you face any problems then do let me know. - XyluX Atout,
Sorry for the delayed response buddy as I was bit away and didn’t get time to look into the post comments. Anyways, Lets come to the topic now. Well, “Credentials” tab is one of the most important tab while you scan because, let’s say if you want to check for a vulnerability in the target machine and the plugin needs remote machine credentials to scan the target, then you have to give the SMB/SSH Credentials (NTLMSSP is enabled now so it should work in any new OS e.g. Windows7, Win2008 or Vista). In that case only your scripts will scan the target. But if you want to check some HTTP related stuffs then you don’t have to pass any credentials of that target machine.
- No need to load most of the plugins as it will eat your time unnecessarily unless you require all 17k scripts badly. Unloading ipchain is required because sometimes if you are scanning a remote linux box but the built-in firewall inside Linux blocks the inbound traffic then your scanner won’t be able to communicate with the system further. So its better to unload the firewall and launch the scan. After the scanning is complete, you can enable the iptables ($sudo service iptables restart) though.
- You will find all the scripts which OpenVAS clients from, “/usr/local/lib/openvas/plugins/”. Just cd to that path and ls for *.nasl files. Those are your script files.

I hope it will give you some more hints to perform your required task. If still you face any problems then do let me know.

- XyluX

]]> Comment on How to install OpenVAS 3 in Ubuntu 9.10 by atout001 http://wikisecure.net/security/how-to-install-openvas-ubuntu9/comment-page-1#comment-424 atout001 Thu, 27 May 2010 07:17:56 +0000 http://wikisecure.net/?p=670#comment-424 Ok ... Where do you find this script or how can I create it ? :) I use Openvas-Client v3.0.0 and I tried to follow what you wrote for avinash. So first, for the port scanner, i left it by default. I checked "Openvas TCP Scanner" I disabled "Silent" in Plugins Options I logged into my account I loaded most of the plugins :) I did nothing in "Credentials" because I don't really understand this section I chose the right target I did nothing in "Prefs" too I enable KB saving and Testy all hosts (In /usr/local/var/lib/openvas/users//kbs/ I found file named my target and the last thing you said I don't understand ( Issue iptables -F to unload the ipchains and give it a try.) I don't find any script :) Ok
… Where do you find this script or how can I create it ? :)

I use Openvas-Client v3.0.0 and I tried to follow what you wrote for avinash.
So first, for the port scanner, i left it by default.
I checked “Openvas TCP Scanner”
I disabled “Silent” in Plugins Options
I logged into my account
I loaded most of the plugins :)
I did nothing in “Credentials” because I don’t really understand this section
I chose the right target
I did nothing in “Prefs” too
I enable KB saving and Testy all hosts (In /usr/local/var/lib/openvas/users//kbs/ I found file named my target
and the last thing you said I don’t understand ( Issue iptables -F to unload the ipchains and give it a try.)

I don’t find any script :)

]]> Comment on How to install OpenVAS 3 in Ubuntu 9.10 by XyluX http://wikisecure.net/security/how-to-install-openvas-ubuntu9/comment-page-1#comment-423 XyluX Wed, 26 May 2010 16:01:16 +0000 http://wikisecure.net/?p=670#comment-423 The first one is required to check if your script is having errors or not and the second one is to run the script in the command line only. GUI doesn't come into the picture here. Btw the script which you are scanning, if the script has something like get_kb_item("Abc/Def/Ghi") then better you scan the plugin through GUI mode as KB items wont be fetched in command line scans. - XyluX The first one is required to check if your script is having errors or not and the second one is to run the script in the command line only. GUI doesn’t come into the picture here. Btw the script which you are scanning, if the script has something like get_kb_item(“Abc/Def/Ghi”) then better you scan the plugin through GUI mode as KB items wont be fetched in command line scans.

- XyluX

]]> Comment on How to install OpenVAS 3 in Ubuntu 9.10 by atout001 http://wikisecure.net/security/how-to-install-openvas-ubuntu9/comment-page-1#comment-422 atout001 Wed, 26 May 2010 15:29:44 +0000 http://wikisecure.net/?p=670#comment-422 So i don't really need to execute : "$ openvas-nasl -pLX script_name.nasl" and "#openvas-nasl -tX script_name target_ip" ? How can i resolve my problem to launch a scan in command line? :) So i don’t really need to execute : “$ openvas-nasl -pLX script_name.nasl” and “#openvas-nasl -tX script_name target_ip” ?
How can i resolve my problem to launch a scan in command line? :)

]]>