Re: Gain Root Remotely plugin (command line)

On Sep 22, 2006, at 12:00 AM, Gonzalez, Matthew wrote:

> Hello Everyone,
>
>
>
>             I am currently taking a Network Defense and  
> Countermeasures course for my degree. Anyway; one of our projects  
> is to use Nessus to run a certain plugin. I am using the command- 
> line version of Nessus on Mandriva, because some dependencies on  
> packages for the GUI are giving me problems and time is against me  
> so to speak. The plugin that I have to demo is the Gain Root  
> Remotely plugin.
Well, taking a look in my plugins, i don't have one named "Gain Root  
Remotely". however, there is a family of plugins named gain root  
remotely. It's more than one though :)

> I was wondering if there is a way to choose just that plugin  
> through the command line or if it’s a “dangerous plugin” to enable  
> it to be p
> art of the scan. This scan would be taking place on the loopback  
> address (127.0.0.1) of the Mandriva system.
Well, i would pick a system that does have a gui and select the  
plugin, then save the .nessusrc file and pass that to nessus using  
the -c option. If you take a look at the nessusrc file, you'll see  
that the option to enable is merely changing a "no" to a "yes" on the  
plugin that you want to run - check after the part that says "begin 
(PLUGIN_SET)". In your case, it sounds more like you want to run a  
family of plugins, so it'll be a little harder, if you don't have a  
gui, as you'll have to dig out a lot of plugin ids. there are 245  
according to my find and grep count. I was able to extract all the  
numbers with the following brief bash script (I apologize for the  
uglies):

for i in `find ./ -exec grep -l "Gain root remotely" {} \;`
do
grep script_id $i | awk -F\( '{print $2}' | awk -F\) '{print $1}'
done

that will at least get you a list of ids that are in the gain root  
remotely family, assuming that I didn't miss something (double check!)
> Also, are there any tips to make the system be able to be picked up  
> as gaining root remotely when the scan is run? This way when I run  
> a demonstration it will work and show in the generated report. I  
> would appreciate all help and comments.
you're scan will show that it was able to gain root remotely in the  
report. You might also consider tailing the nessusd.dump and  
nessusd.messages log files using tail -f.

> Thank you,
>
>
>
> Matthew Gonzalez
>
> Network Administration (BT)
>
> Morrisville State College
>
> Morrisville, NY
>
>
>
>
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus


Doug Nordwall
Unix Administrator
EMSL Computer and Network Support
Unclassified Computer Security
Phone: (509)372-6776; Fax: (509)376-0420
The best book on programming for the layman is "Alice in Wonderland";  
but that's because it's the best book on anything for the layman.


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus