Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: How does Nessus work without compromising the target?

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: How does Nessus work without compromising the target?
Date: Fri, 29 Jul 2005 09:55:58 -0400 
On Thu, Jul 28, 2005 at 01:20:55PM -0400, Lu, Xi wrote:


Can someone help me understand how Nessus works without crashing the
target machine?


It does this in the same way you'd probably do it if you didn't have a
tool such as Nessus to use; eg,

  o Get the installed version locally
    With the right credentials, Nessus may be able to gather
    version information from the target locally by, say,
    checking the registry or running rpm.

  o A banner check
    These aren't always reliable because banners can generally be
    hidden / faked, and software distributed as part of a package
    often fixes the flaw without changing the banner.

  o Check for an associated flaw.
    If the software is affected by multiple flaws, one of which
    is a buffer overflow and others are not, you may be able
    to check for the other flaws and be reasonably sure the
    buffer overflow exists.

Even so, there are some cases in which the only option is to try to
exploit the flaw directly, and Nessus will use that too provided safe
checks have been disabled (they're not, by default).

George
-- 
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Wireless access point scanning (was Re: New error in my nessu s.dump file), Renaud Deraison
Next by Date:  Re: nessus registration question, George A. Theall
Previous by Thread:  How does Nessus work without compromising the target?, Lu, Xi
Next by Thread:  More policy auditing, Alec H. Peterson
Indexes:  [Date] [Thread] [Top] [All Lists]