Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Services and NASL Plugins

from [Christopher J Bidwell] Network Security [Permanent Link]
Subject: Services and NASL Plugins
Date: Thu, 16 Sep 2004 11:21:23 -0600 
All,

I'm in the middle of running a series of tests with my nessus profile.
I've removed all plugins and only have the following:

begin(SCANNER_SET)
 10180 = no
 10277 = no
 10278 = no
 10331 = no
 10335 = no
 10841 = no
 10336 = yes
 10796 = no
 11219 = no
 11840 = no
end(SCANNER_SET)

begin(SERVER_PREFS)
 max_hosts = 252
 max_checks = 2
 log_whole_attack = no
 cgi_path = /cgi-bin:/scripts
 port_range = default
 optimize_test = no
 language = english
 checks_read_timeout = 5
 non_simult_ports = 139, 445
 plugins_timeout = 320
 safe_checks = yes
 auto_enable_dependencies = yes
 use_mac_addr = no
 save_knowledge_base = yes
 kb_restore = yes
 only_test_hosts_whose_kb_we_dont_have = no
 only_test_hosts_whose_kb_we_have = no
 kb_dont_replay_scanners = no
 kb_dont_replay_info_gathering = no
 kb_dont_replay_attacks = no
 kb_dont_replay_denials = no
 kb_max_age = 864000
 plugin_upload = no
 plugin_upload_suffixes = .nasl, .inc
 slice_network_addresses = yes
end(SERVER_PREFS)

begin(PLUGINS_PREFS)
 Misc information on News server[entry]:From address : = Nessus
<listme@listme.dsbl.org>
 Misc information on News server[entry]:Test group name regex : =
f[a-z]\.tests?
 Misc information on News server[entry]:Max crosspost : = 7
 Misc information on News server[checkbox]:Local distribution = no
 Misc information on News server[checkbox]:No archive = no
 SMB use host SID to enumerate local users[entry]:Start UID : = 1000
 SMB use host SID to enumerate local users[entry]:End UID : = 1200
 HTTP login page[entry]:Login page : = /
 HTTP login page[entry]:Login form fields : = user=%USER%&pass=%PASS%
 Unknown CGIs arguments torture[checkbox]:Send POST requests = no
 Brute force login (Hydra)[entry]:Number of simultaneous connections : = 4
 Brute force login (Hydra)[checkbox]:Brute force telnet = no
 Brute force login (Hydra)[checkbox]:Brute force FTP = no
 Brute force login (Hydra)[checkbox]:Brute force POP3 = no
 Brute force login (Hydra)[checkbox]:Brute force IMAP = no
 Brute force login (Hydra)[checkbox]:Brute force cisco = no
 Brute force login (Hydra)[checkbox]:Brute force cisco-enable = no
 Brute force login (Hydra)[checkbox]:Brute force VNC = no
 Brute force login (Hydra)[checkbox]:Brute force SOCKS 5 = no
 Brute force login (Hydra)[checkbox]:Brute force rexec = no
 Brute force login (Hydra)[checkbox]:Brute force NNTP = no
 Brute force login (Hydra)[checkbox]:Brute force HTTP = no
 Brute force login (Hydra)[checkbox]:Brute force ICQ = no
 Brute force login (Hydra)[checkbox]:Brute force PCNFS = no
 Brute force login (Hydra)[checkbox]:Brute force SMB = no
 Brute force login (Hydra)[checkbox]:Brute force LDAP = no
 Ping the remote host[entry]:TCP ping destination port(s) : = built-in
 Ping the remote host[checkbox]:Do a TCP ping = no
 Ping the remote host[checkbox]:Do an ICMP ping = no
 Ping the remote host[entry]:Number of retries (ICMP) : = 10
 Ping the remote host[checkbox]:Make the dead hosts appear in the report =
no
 Ping the remote host[checkbox]:Log live hosts in the report = no
 Web mirroring[entry]:Number of pages to mirror : = 20
 Web mirroring[entry]:Start page : = /
 Global variable settings[checkbox]:Enable experimental scripts = no
 Global variable settings[checkbox]:Thorough tests (slow) = no
 Global variable settings[radio]:Report verbosity = Normal
 Global variable settings[radio]:Report paranoia = Normal
 Global variable settings[radio]:Log verbosity = Normal
 Global variable settings[entry]:Debug level = 0
 SMB Scope[checkbox]:Request information about the domain = no
 Nmap[radio]:TCP scanning technique : = connect()
 Nmap[checkbox]:UDP port scan = no
 Nmap[checkbox]:RPC port scan = no
 Nmap[checkbox]:Ping the remote host = yes
 Nmap[checkbox]:Identify the remote OS = no
 Nmap[checkbox]:Use hidden option to identify the remote OS = no
 Nmap[checkbox]:Fragment IP packets (bypasses firewalls) = no
 Nmap[checkbox]:Get Identd info = no
 Nmap[radio]:Port range = User specified range
 Nmap[checkbox]:Do not randomize the  order  in  which ports are scanned =
no
 Nmap[entry]:Source port : = any
 Nmap[radio]:Timing policy : = Insane
 Services[entry]:Number of connections done in parallel : = 5
 Services[entry]:Network connection timeout : = 5
 Services[entry]:Network read/write timeout : = 5
 Services[entry]:Wrapped service read timeout : = 2
 Services[radio]:Test SSL based services = All
 ftp writeable directories[radio]:How to check if directories are writeable
: = Trust the permissions (drwxrwx---)
 SMB use domain SID to enumerate users[entry]:Start UID : = 1000
 SMB use domain SID to enumerate users[entry]:End UID : = 1200
 SMTP settings[entry]:Third party domain : = example.com
 SMTP settings[entry]:From address : = nobody@example.com
 SMTP settings[entry]:To address : = postmaster@[AUTO_REPLACED_IP]
 NIDS evasion[radio]:TCP evasion technique = none
 NIDS evasion[checkbox]:Send fake RST when establishing a TCP connection =
no
 HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET = no
 HTTP NIDS evasion[radio]:URL encoding = none
 HTTP NIDS evasion[radio]:Absolute URI type = none
 HTTP NIDS evasion[radio]:Absolute URI host = none
 HTTP NIDS evasion[checkbox]:Double slashes = no
 HTTP NIDS evasion[radio]:Reverse traversal = none
 HTTP NIDS evasion[checkbox]:Self-reference directories = no
 HTTP NIDS evasion[checkbox]:Premature request ending = no
 HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator = no
 HTTP NIDS evasion[checkbox]:Parameter hiding = no
 HTTP NIDS evasion[checkbox]:Dos/Windows syntax = no
 HTTP NIDS evasion[checkbox]:Null method = no
 HTTP NIDS evasion[checkbox]:TAB separator = no
 HTTP NIDS evasion[checkbox]:HTTP/0.9 requests = no
 HTTP NIDS evasion[checkbox]:Random case sensitivity (Nikto only) = no
 Login configurations[entry]:FTP account : = anonymous
 Login configurations[password]:FTP password (sent in clear) : =
nessus@nessus.org
 Login configurations[entry]:FTP writeable directory : = /incoming
 Login configurations[checkbox]:Never send SMB credentials in clear text =
no
 Login configurations[checkbox]:Only use NTLMv2 = no
 HTTP login page[entry]:Login form : =
 Brute force login (Hydra)[file]:Logins file : =
 Brute force login (Hydra)[file]:Passwords file : =
 Brute force login (Hydra)[entry]:Web page to brute force : =
 Nmap[entry]:Data length : =
 Nmap[entry]:Ports scanned in parallel (max) =
 Nmap[entry]:Host Timeout (ms) : =
 Nmap[entry]:Min RTT Timeout (ms) : =
 Nmap[entry]:Max RTT Timeout (ms) : =
 Nmap[entry]:Initial RTT timeout (ms) =
 Nmap[entry]:Minimum wait between probes (ms) =
 Nmap[file]:File containing nmap's results : =
 Services[file]:SSL certificate : =
 Services[file]:SSL private key : =
 Services[password]:PEM password : =
 Services[file]:CA file : =
 HTTP NIDS evasion[entry]:HTTP User-Agent =
 HTTP NIDS evasion[entry]:Force protocol string : =
 Login configurations[entry]:HTTP account : =
 Login configurations[password]:HTTP password (sent in clear) : =
 Login configurations[entry]:NNTP account : =
 Login configurations[password]:NNTP password (sent in clear) : =
 Login configurations[entry]:POP2 account : =
 Login configurations[password]:POP2 password (sent in clear) : =
 Login configurations[entry]:POP3 account : =
 Login configurations[password]:POP3 password (sent in clear) : =
 Login configurations[entry]:IMAP account : =
 Login configurations[password]:IMAP password (sent in clear) : =
 Login configurations[entry]:SMB account : =
 Login configurations[password]:SMB password : =
 Login configurations[entry]:SMB domain (optional) : =
 Login configurations[entry]:SNMP community (sent in clear) : =
end(PLUGINS_PREFS)

begin(SERVER_INFO)
 server_info_nessusd_version = 2.0.12
 server_info_libnasl_version = 2.0.12
 server_info_libnessus_version = 2.0.12
 server_info_thread_manager = fork
 server_info_os = Linux
 server_info_os_version = 2.4.21-15.0.3.ELsmp
end(SERVER_INFO)

begin(RULES)
end(RULES)

This is it.  Why, now do I still see

dont_scan_printers.nasl
snmp_default_communities.nasl
nmap_wrapper.nes
ike_detect.nasl
mdns.nasl
sheerdns_traversal.nasl
etherleak.nasl
etc.

With the info that I have in my profile, I don't see where I'm asking for
these plugins to run.

Anyone know what exactly I'm missing?

Thanks,

Chris


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: debian plugins, Javier Fernandez-Sanguino
Next by Date:  Re: Services and NASL Plugins, Renaud Deraison
Previous by Thread:  cannot start nessusd -D, Songsak Parinyarat
Next by Thread:  Re: Services and NASL Plugins, Renaud Deraison
Indexes:  [Date] [Thread] [Top] [All Lists]