• You are currently browsing the archives for the Things category.

    • So much to do.

    Going to write up a bit of a “todo” list here of all the things I need to work on.

    1. Nessus IVIL wrapper for Seccubus V2 – I had a wonderful talk with Frank from seccubus a couple of weeks back and we came up with the idea of “IVIL” which is basically a common XML format to report findings in from just about any tool.  I’m going to write an example IVIL aware wrapper for Nessus that will let you create scans, download reports and output in IVIL format to be loaded into seccubus V2.  Ideally anyone could write a wrapper for any tool and convert the tools output to IVIL to be loaded into seccubus for reporting.
    2. Bug fixes for the Nessus plugin.  I need to diff out all the new things in the code that are not currently in metasploit and submit that.  Also work on a couple of tweaks and new features people have suggested.
    3. Watch some more ruby videos and read some more of my ruby book.
    4. Fix up my dev environment.  I am trying to swap over to using Netbeans as my IDE and SVN over SSH to connect to remote servers to test.  Carlos Perez has been great in showing me how this works.  Probably look at moving my dev to a vm on my laptop to repurpose the current hardware as an Astaro box.
    5. Look into using meterpreter more and learning about meterpreter scripting in order to use meterpreter as an OVAL interpreter.
    6. Work more on learning nasl.  Also looking to create a nasl script to do OVAL scanning of remote hosts directly with nessus.  Lots to do here and nasl is a bit clunky after working with ruby.  Funtimes though.
    7. Keep working on my highly threaded http scanning engine.  Basically want something that is fast and scalable for finding http(s) servers on any port.  If one exists now that grabs all kinds of info on what the server/service is, love to see it.  Emphasis on the fast and scalable, talking scanning thousands of hosts and all ports.

    That’s all that springs to mind right now.  Still getting over being sick and the whole family being sick after returning from Hack3rcon.

    Speaking of Hack3rcon, I had a blast.  I’ll sign off here by embedding my talk on Nessus/MSF Integration.  My first ever talk and I learnt a great deal about presenting with live demo’s.  Redt of the talks are available on irongeek.com

    Nessus Bridge for Metasploit Zate Berg from Adrian Crenshaw on Vimeo.

    Post to Twitter

    Written on November 2nd, 2010 , Bananas, Security, Stuff, Technology, Things Tags: , , , , , , , , , , ,
    Presenting the Nessus Bridge at #Hack3rcon this weekend.

    This weekend (Oct 23rd and 24th) I will be in Charleston WV presenting/demoing the Nessus Bridge for Metasploit at Hack3rcon.  This will be the first time I’ll have presented anything outside of work and should be lots of fun.  Quite a few great speakers that I look forward to meeting.

    I’ll post the presentation up here once it’s done for everyone else to take a look at.  Actually going to be presenting a few new commands that are not in the metasploit svn version of the plugin.

    After Hack3rcon I’ll be back into high gear adding some new functionality to the plugin and branching out into writing a wrapper for Nessus to speak IVIL for Seccubus v2.  This is pretty exciting stuff for me.  Coming up with a xml format to speak “findings” that is tool agnostic is going to be a great thing.  It will mean moving findings between tools, or comparing findings between tools, will be much much easier.  Keep a look out for that one.

    There has been some talk on the metasploit mailing list this week about using tools such as Nessus to scan through a MSF pivot and into another network.  Some interesting discussion and I think it’s something I will dive into in these next few weeks.  Start to examine what some of the limitations are and how we might overcome or avoid them.

    that’s it for now.  have a good weekend.

    Post to Twitter

    Written on October 21st, 2010 , Bananas, Security, Stuff, Technology, Things Tags: , , , , , , , , , , , , , , ,
    Nessus Bridge for Metasploit :: Plugin Commands

    Welcome to part 5 of my Nessus Bridge for Metasploit coverage.  Here is part 1part 2part 3 and part 4 if you are just joining us.

    Next up are the plugin commands.  These helpful little beasts are all about showing you what plugins are available on your nessus server, and how many of them you have.

    • nessus_plugin_list
    • nessus_plugin_family
    • nessus_plugin_details
    • nessus_plugin_prefs

    Given that nessus has over 38,000 plugins, simply asking it to list them all would result in a very large list returned from the server.  Nessus gets around this by breaking the request down into several parts. Read the rest of this entry »

    Post to Twitter

    Written on October 6th, 2010 , Bananas, Security, Stuff, Technology, Things Tags: , , , , , , , , , , , , , , , , ,
    Streaming Parser for Nessus Plugin up for testing.

    A few late night sessions of coding and I have a version of the plugin up on github.com that uses REXML Streaming Listener to parse the NessusV2 Reports.  The benefits of this is being able to handle much larger scans, much faster as it will itterate over each host and add it as it parses it, instead of the DOM/Tree method which loads the entire file into memory before parsing.

    What I’d like is a few people to test it.

    streaming_parser

    So, grab the code from here, unpack it and then over write your metasploit install with the files in that archive.  Should be 4 of them.

    Once you have done that, test it, connect to a Nessus server, import some reports, test all the other functions and maybe even just test some importing of nmap etc too if you like.

    Report any bugs to me to be fixed and then when you want to remove these files, just delete these 4 from your metasploit install and then do “svn update”.

    Post to Twitter

    Written on October 1st, 2010 , Bananas, Security, Stuff, Technology, Things Tags: , , , , , , , , , ,
    It’s the small victories…

    So one of the major “issues” with the Nessus for Metasploit Plugin right now is that it does not handle large reports well.  Not even the usual db_import_nessus handles large reports well and this is because it reads the entire file in one big blob then parses it.

    The nexpose importer and the nmap importer both use REXML Stream Processors.

    So tonight I copied the nmap_xml.rb file and am working on making it process Nessus v2 files.  I am hoping that both the Nessus plugin, and the db_import will benefit from these changes.

    I’ve been looking at it for a few days and kind of avoiding it because it’s difficult and is going to require large portions of my time fumbling through learning how the current one works enough to know how/what to modify.

    Well turns out it’s simpler than I thought. Read the rest of this entry »

    Post to Twitter

    Written on September 28th, 2010 , Bananas, Security, Stuff, Technology, Things Tags: , , , , , ,
    Nessus Bridge for Metasploit :: Scan Commands

    Welcome to part 4 of my Nessus Bridge for Metasploit coverage.  Here is part 1 and part 2 and part 3 if you are just joining us.

    The Scan Commands are where this plugin starts to really differ from previously importing nessus scans from flat files.  With these commands we can stay within the metasploit framework and reach out and examine things with Nessus.  We can then use the Report Commands we just learnt about to pull that data back to later pwn stuff.

    Scan Commands are as follows:

    • nessus_scan_new
    • nessus_scan_status
    • nessus_scan_pause
    • nessus_scan_pause_all
    • nessus_scan_stop
    • nessus_scan_stop_all
    • nessus_scan_resume
    • nessus_scan_resume_all Read the rest of this entry »

    Post to Twitter

    Written on September 28th, 2010 , Bananas, Security, Stuff, Technology, Things Tags: , , , , , , , , , , , , , , , , , , , ,
    Nessus Bridge for Metasploit :: Intro

    One of the most frustrating things for me when I started with metasploit (known as msf from here in) was not exploiting something, but finding something to exploit.  I had all these exploits at my finger tips but my ability to find something to pwn was limited by having to move back and forth between a bunch of tools and cross reference things.

    This changed when I did my PwB v3 course, I got much better at determining when and how to use msf to take advantage of something I found.  There was still a lot of moving between tools but I was at least able to identify vulnerable hosts.

    I use Nessus in my day job to scan for vulns and sometimes I need to be able to turn those results into demonstrations or do false positive checking.  It was a little annoying to run the scan either from the cli, or usually from the Nessus Web Client and then have to manually import the Nessusv2 report.

    At the same time MSF Express came out.  WoW, that is some slick shit. Read the rest of this entry »

    Post to Twitter

    Written on September 26th, 2010 , Bananas, Security, Stuff, Technology, Things Tags: , , , , , , , , ,
    Time for a new phone

    Apr 11 my contract with T-Mobile is up.  We currently have a family plan, with 2 Blackberries on it.  My work no longer reimburses for my part of the account so no real need for me to have a Blackberry anymore (only reason was because of enterprise integration).  So now the time is right to make the switch to something else.

    Something else being Iphone or Android.  Lets examine the choices.

    • Iphone 3GS 16 or 32 GB.
    • Nexus One
    • Droid
    • HTC Desire?

    In terms of plan, I am looking for unlimited everything.  Unlim voice minutes, texting and data.

    So, I just priced the Iphone 3GS 16GB x2 on AT&T’s website, $495 upfront and $210 a month.  Holy crap!   Read the rest of this entry »

    Post to Twitter

    Written on March 12th, 2010 , Stuff, Technology, Things Tags: , , , , , , ,
    What I want from Drupal 7

    So tonight, I didn’t feel much like anything.  Logged into Wow, meh.  Logged into EVE, meh.  Don’t feel like playing any of the games I have installed, don’t feel like reading on the nook, watching TV or anything really.

    meh.

    And then I got an email.  An email telling me, that a plugin on Aharon’s blog needed updating.  I mean that isn’t exactly earth shattering news, but it has got me thinking on why I still use wordpress for my blogs, but love Drupal so much.

    Simple reason.  Updates.  Drupal BLOWS for updating compared to WordPress.  Let me walk you through what it takes for me to update a plugin in wordpress, or even upgrade wordpress itself to a new version. Read the rest of this entry »

    Post to Twitter

    Written on March 11th, 2010 , Stuff, Things Tags: , , , , , , , ,
    So much to learn, so little time.

    I’m having some major schizophrenia with learning these days.  Just so many disparate things I want to learn and I’m not making as much progress learning as I used to.  I used to be able to suck up a new subject once or twice a week.  Like totally suck it up, have a great understanding and be able to expand on it and move it in new directions.

    Right now I am on like month 3 of several things.  I think it’s a case of trying to do to much.

    I have a course coming up soon on Pen Testing with Backtrack (PWB) that I am pretty excited about.  It’s 30 days of labs, a bunch of video lectures and a final exam that is 24H long.  Yes, 24H exam, I cannot wait.  I haven’t had anything really challenge me in a while.

    Read the rest of this entry »

    Post to Twitter

    Written on March 10th, 2010 , Bananas, Fatherhood, Games, Security, Stuff, Things Tags: , , , , , , , , ,
    << Older Entries

    Things and Stuff is proudly powered by WordPress and the Theme Adventure by Eric Schwarz
    Entries (RSS) and Comments (RSS).

    Things and Stuff

    A Blog about things and stuff.