Tadek’s Blog

I just came across this website: , , They have a large dictionaries of unsalted MD5/SHA passwords. I played with it for a little bit. It’s amazing and scary how little entropy there is in a simple dictionary-based passwords with few modifications! Another conclusion is that you should never use unsalted passwords in your programs.

I’ve recently tired to do a nessus scan from an X-less gentoo machine. The task is quite simple, but there are a few quirks that are not obvious.

The easy part:

1. emerge nessus
2. nessus-mkcert
3. nessus-user-add
4. register at nessus website to get the actiovation code for plugin feeds (FYI: #GPL plugins: 1299, #registered plugins: 9575), so unless you register you get a very small subset of (probably outdated) scanners.
5. nessus-fetch –register <activation-code>
6. nessus-update-plugins (it probably makes sense to add it to cron).

Ok, now for scanning the most obvious choice is to run a nessus client with GTK interface. If we don’t want to do this we can either:

- run the graphical console remotely
- run a command-line interface.

The tricky part:
Scanning using command line interface:

nessus -V -q 127.0.0.1 1241

It works fine although generates a warning that “potentially unsafe plugins have been disabled”. While it makes sense for a big and critical network, you may also want to do the “unsafe” scan occasionally. How to enable it?

The first trick, is that nessus creates a “.nessusrc” file in your home directory. The first try — “safe_checks=no” – doesn’t help.
Second, you figure out that there is also a nessus-wide file /etc/nessus/nessusd.conf”, which has the same option (overriding the local one) by default set to “yes”. Unfortuantely, no warning is generated when this happenes. Unfortunately, this doesn’t help either

I found the solution analyzing the config file that was created after using nessus with a GUI (with all the plugins enabled). It turns out that such a file the following entry is being added:

begin(PLUGIN_SET)
14250 = yes
15094 = yes
15185 = yes
…
end(PLUGIN_SET)

So all the plugins are explicitly enabled. Only then AND if both safe_checks in the global and local config files are set to “no”, unsafe plugins are executed. Unfortuantely, I don’t know how to set this option from the command line. Also as the new plugins are being instaled, the list would need to be kept updated (does nessus client do this?).

Another solution can be using Net::Nessus::ScanLite from CPAN (unfortunately it seems a bit outdated ~Dec 2003). I haven’t tried it, but it looks ok, and also it supports reading of plugins (so that we can enable/disable some) and also relieves us from parsing the NBE file.
Problem: Net::Nessus::ScanLite uses Net:Nessus::Client, which doesn’t compile (for a number of reasons) and, moreover, is not aware that Nessus uses SSL. Surprisingly enough, ScanLite is aware of this and it somehow works around this. How — I don’t know.

Recently learned about .ssh/config file, in which you can customize parameters used for connecting to different hosts. The complete syntax is described in “man ssh_config”, here is just a few highlights:

Host <short hostname>
Hostname <full hostname>
Port port
User user
LocalForward 54320 localhost:5432
Dynamic Forward 9050

As simple as that:
cat id_*.pub | ssh servername “cat >> ~/.ssh/authorized_keys”