Introduction to the
The purpose of this chapter is to re-consolidate the foundation and strengthen the notes of daily training operations. There will be many operations and methods of leaping thinking in the foundation notes. We hope that we can learn something together.
Please note:
This paper is only for technical discussion and research. The terminals or servers reproduced in all the notes are self-built environments for infiltration. I will use Kali Linux as the attacker machine for this study. The technology used here is for educational purposes only. This site and the authors are not responsible for the use of the technology listed for any other purpose.
Quote:
What you are interested in determines what you can achieve in this field.
One, foreword
Nessus is the most widely used vulnerability scanning and analysis software in the world. In all, more than 75,000 organizations use Nessus as software to scan their computer systems.
Nessus is such a leader in application vulnerability assessment, Nessus is such a powerful and easy to use remote security scanner, it is free and updates extremely quickly. The function of the security scanner is to check the security of the specified network and find out whether there are security loopholes in the network. The free version only supports 0 to 16 IP scanning, and the number of IP scanning exceeds 16 will not be used.
Next, I will demonstrate the process of installing Nessus on an infiltrated Kali system and cracking the latest version of Nessus at the bottom for unlimited use.
In order to thank our readers for their support, we have prepared the following benefits for you: 1, more than 200 network security series of e-books (should have all) 2, the full set of toolkit (the most complete Chinese version, want to use which use which) 3, 100 SRC source technical documents (project learning, 4, Network security basic introduction, Linux, Web security, attack and defense video (2021 latest edition) 5, network security learning route (bid farewell to not popular learning) 6, CTF capture flag contest analysis (title analysis actual combat operation)
2. Install Nessus
1. Download the Nessus installation package
Website:
www.tenable.com/downloads/n…
Download Nessus-8.13.1-debian6_amd64.deb, which is installed in Linux. To install on Windows, download… -x64. Msi file, then the installation and decryption method principle is the same)
Enter the system DPKG command installation:
DPKG -i Nessus – 8.13.1 – debian6_amd64. Deb
Restart after installation:
service nessusd start
2. Nessus initializes
Access in a browser:
https://localhost:8834
Then click Managed Scanner and Continue to initialize.
Select Managed by’s tenable.sc and click Continue.
Register your account and password here and log in.
After login, Plugins are updated and initialized.
After the initialization is complete (about 7 to 8 minutes), you can see that only the modules with configuration and no IP limit scan can be displayed until Linsence and update package are imported.
3. Install Linsence and update packages
Two values are required to apply for Linsence and the update package on the official website.
Query Challenge value:
Command:
/opt/nessus/sbin/nessuscli fetch –challenge
Get the first value from the above command.
Then visit:
Zh-cn.tenable.com/products/ne…
In fact, here has been registered in the front, login can be. (Wait a few minutes for email)
[img-wkya8Gam-1635490846825] [upload_images.jianshu. IO /upload_imag…]
View mailbox messages for the second value.
Fill in the two values in turn and click Submit.
You can see the update pack and Linsence appear.
1. Click the link to download the update… All – 2.0. Tar. Gz
2. Click Nessus. License to download Linsence
3. Copy the command/opt/nessus/sbin/nessuscli fetch – register – offline. Nessus license (for import license)
4. Activate the vulnerability plug-in
Gz update package all-2.0.tar.gz and nessus. License in the directory on the Kali desktop.
/ opt/nessus/sbin/nessuscli update all - 2.0, tar, gz/opt/nessus/sbin/nessuscli fetch - register - offline. Nessus licenseCopy the code
It can be seen that: 202102012215
Remember this number. It’s for decryption later.
Restart Nessus.
service nessusd restart
Revisit:
https://localhost:8834
Wait 10 minutes to compile and initialize the plug-in!!
Log in after the initialization.
After nessus is initialized, the license limit is limited to 16 IP addresses.
5. License cracking is unlimited
Copy the plugins to any folder, in this case to the local desktop folder:
cp -r /opt/nessus/lib/nessus/plugins /root/Desktop/nessus
The folder is relatively large 947mb and takes a long time to copy.
Then create the plugin_feed_info.inc file:
The plugin_feed_info.inc file reads as follows:
PLUGIN_SET = 202102012215;
PLUGIN_FEED = "ProfessionalFeed (Direct)";
PLUGIN_FEED_TRANSPORT = "Tenable Network Security Lightning";
Copy the codePLUGIN_SET values are from previous updates to all-2.0.tar.gz!!
Then place the plugin_feed_info.inc files in:
/opt/nessus/lib/nessus/plugins/
/opt/nessus/var/nessus/
Copy the codeRestart Nessus.
service nessusd restart
Restart will be found and is the same as before, and/opt/nessus/lib/nessus/plugins/directory plug-ins are gone, normal! Keep going!
Copy the plugin_feed_info.inc directory again:
/opt/nessus/lib/nessus/plugins/
/opt/nessus/var/nessus/
Copy the codeRestart Nessus again.
service nessusd restart
You can see the limit has been lifted to unlimited!
6. Improve weapon plug-ins
Although the IP restriction is lifted, the weapon vulnerability plugins are missing. Now you need to copy the plugins folder back:
Drag and wait until the pasting is complete. After the pasting is complete, restart Nessus.
The login page continues to initialize after the restart.
After the login interface is initialized, the unrestricted version is cracked successfully. Nessus is an English version, and many people are unfamiliar with it.
3. Kali installs Google browser
1. Download the installation package
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
Copy the codeUse the above command to download the installation package.
2. Download the dependency packages
Continue downloading the Google dependencies:
sudo apt-get install gdebi
3. Google was successfully installed
gdebi google-chrome-stable_current_amd64.deb
The installation is successful.
Drag your browser to your desktop for easy use.
Four, Kali installation Chinese mode
Run the following command to install the Chinese plug-in:
apt-get install ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy
[img-bfraxow8-1635490846886] [upload_images.jianshu. IO /upload_imag…]
dpkg-reconfigure locales
Utf-8, zh_CN.GBK, and zh_CN. Utf-8 are *. After confirming the configuration, set zh_cn.utF-8 to the default value, and reboot kali.
5. A simple demonstration of Nessus missing sweep
Click on the upper right to create a new scan – Advanced scan.
Enter the IP address or IP address segment to be scanned.
You can see that 41 medium-high risk security vulnerabilities have been scanned.
Specific details.
Six, summarized
After the above procedure, you can crack the latest Nessus version installed in Kali environment. The same method can be used to crack the Nessus version installed in Windows environment.
1. If the PLUGIN_SET value is 0~16IP limit, check that the PLUGIN_SET value is the value of the previous update to all-2.0.tar.gz!
2. If the IP address limit is 0 to 16, repeat plugin_feed_info.inc to restart Nessus.
3. After the Nessus service is restarted, plugin_feed_info.inc is reset. As a result, all plug-ins in the Nessus /plugins directory are deleted and cannot be scanned.
I copied it a few times and cracked the latest version at various stages, all of which were easy to hack directly, and Nessus was a good choice for the company.
We hope that we can enhance security awareness, no network security, no national security!
So much for today’s solid foundation, although basic, but must be kept in mind.