© 2004-2007 Tadeusz Pietraszek
I just came across this website: http://md5.rednoize.com, http://md5.cryptobitch.de, http://passcracking.com They have a large dictionaries of unsalted MD5/SHA passwords. I played with it for a little bit. It’s amazing and scary how little entropy there is in a simple dictionary-based passwords with few modifications! Another conclusion is that you should never use unsalted passwords in your programs.
I’ve recently tired to do a nessus scan from an X-less gentoo machine. The task is quite simple, but there are a few quirks that are not obvious.
The easy part:
Ok, now for scanning the most obvious choice is to run a nessus client with GTK interface. If we don’t want to do this we can either:
The tricky part: Scanning using command line interface:
nessus -V -q 127.0.0.1 1241 <user> <password> <host file> <output file.nbe>
It works fine although generates a warning that “potentially unsafe plugins have been disabled”. While it makes sense for a big and critical network, you may also want to do the “unsafe” scan occasionally. How to enable it?
The first trick, is that nessus creates a “.nessusrc” file in your home directory. The first try — “safe_checks=no” - doesn’t help.
Second, you figure out that there is also a nessus-wide file /etc/nessus/nessusd.conf”, which has the same option (overriding the local one) by default set to “yes”. Unfortuantely, no warning is generated when this happenes. Unfortunately, this doesn’t help either 
I found the solution analyzing the config file that was created after using nessus with a GUI (with all the plugins enabled). It turns out that such a file the following entry is being added:
begin(PLUGIN_SET)
14250 = yes
15094 = yes
15185 = yes
...
end(PLUGIN_SET)
So all the plugins are explicitly enabled. Only then AND if both safe_checks in the global and local config files are set to “no”, unsafe plugins are executed. Unfortuantely, I don’t know how to set this option from the command line. Also as the new plugins are being instaled, the list would need to be kept updated (does nessus client do this?).
Another solution can be using Net::Nessus::ScanLite from CPAN (unfortunately it seems a bit outdated ~Dec 2003). I haven’t tried it, but it looks ok, and also it supports reading of plugins (so that we can enable/disable some) and also relieves us from parsing the NBE file. Problem: Net::Nessus::ScanLite uses Net:Nessus::Client, which doesn’t compile (for a number of reasons) and, moreover, is not aware that Nessus uses SSL. Surprisingly enough, ScanLite is aware of this and it somehow works around this. How — I don’t know.
Recently learned about .ssh/config file, in which you can customize parameters used for connecting to different hosts. The complete syntax is described in “man ssh_config”, here is just a few highlights:
Host <short hostname> Hostname <full hostname> Port port User user LocalForward 54320 localhost:5432 Dynamic Forward 9050
As simple as that: cat id_*.pub | ssh servername “cat >> ~/.ssh/authorized_keys”