Nessus - How to do full port Scan + Installation steps for nessus

Add Comment

For Installing Nessus on your machine:- 

=> For installing Nessus on your machine or on kali there are many blog but this blog scope is to show you how to do full port scan so i have shared few blog link for installation of Nessus.

I Strongly recommend you to install Nessus on VM machine, but WHY ? At the end of this blog i explained.

Then to if you find any problem you can comment below, ill make separate blog for that :)

Link 1         Link 2     Link 3

Full Port Scan using Nessus :-


=> Follow below configuration on your Nessus while doing FULL Port Scan :-

There are two GUI which nessus supports one is html and secound is flash you can use either of them as per your convenience

=> FLASH View 
https://127.0.0.1:8834/flash.html#/

=> HTML View 
https://127.0.0.1:8834/html5.html#/

I will be showing you full port scan by taking FLASH view .

1) In Nessus Go to Policies and click on Add


2) General Setting :-

This step is critical step as you are doing full port scan setting here only
Name : Name of your scan
Visibility : Set it Private (you can set according to client requirement)
Under Port Scanner : Make sure Ping Host and TCP Scan should be unchecked
Under Port Scan Options : Give port Scan range 1-65535



3) Go to Credentials :-
Just skip this step as it is



4) Got to Plugins:-

Under Plugins make sure you disable Denail of Service. 

Note: If client want to test their environment for DOS attack then you need to take permission from respective client then after you can perform this activity.
But i strongly recommend to disable this field while doing full port sacn.



5) Go to Preferences :

Just skip this step as it is and click on Submit button.

Note: While scanning any particular server OR any machine which is password set that time we use this feature where we specifically ask client to put the credentials of machine which we are scanning generally for configuration audit we use this feature






Now at this moment your Full port scan policy is configured .

Lets see how to scan ip address.

Step 1:-  Click on Scans



Step 2 : Under Scans

Give the name , type of Scan which you are performing and policy which you just created


i.e
Name: Full port Scan

Type : There are  3 type under this, As we are doing full port scan so we will select Run Now.
           you can select Scheduled or Template as required by you .
       

Policy : Select the policy which we just created



Step 3: Scanning Ip address

Put the IP address as shown below and then click on Launch Scan.



HAPPY SCANNING ..


Few TIPS and NOTES need to remember :- 

1) TYPE OF IP ADDRESS

Below is few notes which you need to know before scanning ip address

Types of IP address :

Internal Scan :- you are scanning private ip address of the organisation
                       Private ip address include :  10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16

External Scan:- you are scanning public ip address of the organization

Public IP address vs Private IP address  


2) WHERE TO INSTALL NESSUS

I Strongly recommend you to install Nessus on VM machine loaded with Kali linux or backtrack  

Reason 1 : If you are using Home feed version you can only scan 16 IP 
Reason 2 : For scanning more than 16 IP either you need to uninstall nessus again or you require another mail id to generate new registration code 

Now to solve above issue you can refer my blog how we use home feed version of nessus and scan more than 16 IP :) 

How To Fix Error Message : In Order To Configure TCP/IP , You Must Install And Enable Network Adapter Error In Windows

21 Comments

This article applies to a different version of Windows than the one you are using.

SYMPTOMS:-
When you try to open the TCP/IP properties of your network adapter, you may receive the following error message:
Microsoft TCP/IP
In order to configure TCP/IP, you must install and enable a network adapter card.

CAUSE:-
This behavior can occur if your network adapter has been changed to another model of network adapter without first being properly uninstalled by using the Add/Remove Hardware tool in Control Panel.
OR
Often when device drivers are updated for network interface card, the mismatch between previous model of network adapter and newer one (or the newer driver) can cause a weird error which pops up when trying to access TCP/IP properties and looks something like this :



But there is a very simple fix for this and works on all versions of Windows. To remove this error.
I will show you step by step process here  :

Step 1: Right click on your desktop computer icon and go to manage


Step 2: Now Computer management dialog box will open, under that click on 
            Device manager ==>Network adapters


Step 3: Now drill down to the specific network adapter and select “Uninstall”.





Now click on OK so it will be uninstalled

Step 4:  After it’s removed, now click on  Actions ==> Scan for hardware changes.




Step 5: Now to check whether the error prompt goes or not go to start ==> Run ==> ncpa.cpl and press enter


Now you can see network connection under that right click on Ethernet (or your wirless connection where issue persisting ) and then click on Internet Protocol version 4 



Step 6: The network adapter will once again show up in installed devices list.

Now try accessing the TCP/IP properties for that adapter, the error will no longer pop-up and the IP settings can be changed as needed.



Burp suite not capturing https traffic - Burp Certificate issue

Add Comment


Step -1 

If you are using Burp Suite Professional v1.6beta and if you are not able to capture https traffic that means you are using java version 8 or latest.

In order to solve this issue you need to degrade to java below version OR uninstall the current java which you have installed and install Java 7 Installation setup .

Step-2 

Download the burp certificate as follow

==>
1. Start burp
2. Configure firefox for loopback proxy (127.0.0.1:8080)
3. type http://burp in firefox and enter ( make sure your burp's intercept should be on  )
4. Click on CA certificate, and download it.
5. In firefox Goto Options > Advanced > Certificates > View Certificates > In Authorities Tab > Import the downloaded certificate .
6. Restart the browser

==> Also refer Installing burp's Burp CA Certificate  Article.



How to Reset Burp Suite completely

Add Comment
if mistakenly you have done any setting in burp suite and you are not able to revert on the same then you can either reset entire burp suite or you can manually reset particular fields.

=> I will show you both the way 

1) Resetting particular field 

Suppose i have to reset Intercept Client Request field in burp then follow below steps:

Fig 1:- Resetting Intercept Client request 



Fig 2 : Click on the arrow as shown in above 

Similarly you can reset any field on which you have done changes.

2) Resetting entire burp suite

In order to reset entire burp suite setting follow below steps 

Go to help-->  Clear burp from computer



         Fig 3 


Fig -4 

Fig -5 Only select 2 fields

As shown in Fig 5 only select Remove temporary files and Remove saved preferences, after that click on Next .

Just close your burp suite and start again.

After doing this your entire burp setting will be reset to default.



5 C’s to Run An Effective Business

Add Comment



Success has never come to anyone. Leaders went and created it for themselves. Most never
had someone to carefully guide them, or offer mentorship, which is why it’s so important
to learn from their previous choices.
If you want to be one step closer to obtaining that success, here are 5 C’s I’ve learned
to pickup over my course of doing business, and learning from others.

==> Clear 



When you’re leading a team, you expect your team to make proper decisions. However, you
still must be clear on what they need to accomplish. If you’re clear to them about what
needs to be done, and they have the approval from you to make decisions, your product will
turn out a win.

==> Concise 




We’ve all heard the acronym, KISS (Keep It Simple Stupid). The more complicated you try to
make it, the more your customers are going to want to shy away, and the longer your team
will take to understand and produce.

==> Confidence 




Confidence triumphs everything. Whether it’s walking into a meeting to pitch, giving a
demo to a customer, or being out and about in the city, confidence will always put the
icing on the cake. If you have confidence, you will know there is nothing in the world
that can stop you. Confidence allows you to exude being limitless.

==> Courteous 




No matter what you’re doing, it’s important to be courteous to others. There’s no excuse
for disrespect, ever.

==> Complete Understanding 




Don’t just look at one task, or one job. Look at the whole picture. How are you going to
benefit 3 years down the road? How will the rest of the team benefit with this success?

As Churchill once said, “Success is not final, failure is not fatal: it is the courage to
continue that counts.” 

Bypass Captcha Verification in Chrome, Firefox Automatically

Add Comment
We often encounter human verification (CAPTCHA) inside registration pages, comment sections, or any other kinds of submission forms. But, dealing with CAPTCHAs every time we try to fill out any forms, is a frustrating job. Sometimes, we do not recognize some letters in a certain CAPTCHA.

Rumola, a new browser addon, will be helpful in this situation which lets you bypass captcha verification and automatically fills the captcha codes in websites.

How to Bypass Captcha verification using Rumola

Open an account at Rumola. (you’ll get 10 free trials at registration)

Install the addon required for your browser.

For Chrome  : https://chrome.google.com/webstore/detail/rumola-bypass-captcha/bjjgbdlbgjeoankjijbmheneoekbghcg

For Firefox : https://addons.mozilla.org/en-US/firefox/addon/rumola-bypass-captcha/

After installing the addon, restart your browser if required and once the plugin is activated, it will automatically start filling captchas for you.

Demo time :

Fig -1 Showing browser extension for chrome- Rumola




Fig -2 

Fig 3


Fig -4 Automatically CAPTCHA generated 


Conclusion : You can bypass any CAPTCHA but one thing to note is its not free so make sure you are using your trial version on testing some critical application.

Thank you 


17 Comments
Hi. I'm Nilesh Sapariya.
Ethical Hacker | Security Researcher |  Engineer | Info Sec Geek 


Welcome to my blog post!  It is with great excitement that I take my first step into the world of blogging. I will be writing primarily about all the things relevant to IT Security, Bug Bounty, Technology and Lessons Learnt.

This blog is my playground, a place where I pin down my thoughts, opinions and anything that I find worth keeping and sharing with other like minded people.

The learning process never stops, so make sure to pick up new information along the way. So here I am creating this blog.

My blog section is divided into 5 parts. For your easy convenience, each blog section comprises of contents that I have covered. 

1. IT Security 
2. Bug Bounty 
3. Honors And Awards
    3.1 Hall Of Fame
    3.2 Conference Talks
4. About
5. My Blogs 
    5.1 Technology
    5.2 Lessons Learnt

This will help you to select topics which you would be further interested in reading.


IT Security :- 



I am a Web Security Researcher from India, in IT Security domain my area of interest is Application Security Testing (Web & Mobile),API Testing, Vulnerability Assessment & Penetration Testing,Wireless Security Audit and hacking the planet. 

Apart from this I am an active speaker at Null Mumbai chapter and has been invited in many security conference talks.

So here I will update all the Information security related posts

Content covered:- Click here to see the contents of IT Security


Bug Bounty :- 





I am actively involved in Bug Hunting and have been acknowledged by Google, Microsoft, Yahoo, Adobe, RedHat, OWASP, AT&T(10Times), Blackberry, Sony and other companies. 

This is my favorite section and the reason why I started this blog in the first place. In this section I will be writing about Vulnerabilities/bugs that I found under various web sites.


Content covered:- Click here to see the contents of Bug Bounty


Honors And Awards :- 

Hall of fame :-  
In this section, I have mentioned the acknowledgements which I had received from many companies by detecting vulnerabilities in their Platform. 

Hall of fame:- Reference Link


Conference Talks:- 



Being an active speaker, I have conducted many Security Talks at different colleges and events which I will be listing in this section.

If you want to conduct Security Conference Talks at your colleges, then drop an email. I would love to share the knowledge. 


Conference Talks:- Reference Link

Technology :-   



Here I will update all the basic and simple tricks related to computer which any one can refer, including #NON IT people as well.

Content covered:-  Click here to see the contents of Technology


Lessons Learnt :- 




I like motivational quotes that inspire me, so I will be posting a few of them here.

Content covered:- Click here to see the contents of Lessons Learnt



I hope this blog will help you to learn something new.

I always follow one "MANTRA" ==> " NEVER GIVE UP" and  “DON’T LOSE HOPE"  and keep trying as much as you can..keep learning as much as you can.

Thank you.



John the Ripper password cracking tool - How to use Step by step guide

Add Comment
I will give 1min theory lec on this first :P

John the Ripper is free open source password cracking tool for Linux , Unix and Mac OS X .
A windows version is also available.
This tool can detect weak password .

Refer this link: http://www.openwall.com/john//

Note: If you are downloading the windows version then make sure your Antivirus software is off other wise it will block it .

So lets start practical how to use john the ripper .

First of all you all know it is password cracking tool i will take one example here to demonstrate how it crack the password :
I am using bWAPP ;)
http://www.itsecgames.com/


                                                                         Fig -1

Soon i will be uploading all bWAPP solution ;)
Urhh where we are ?? okk so we have password hash
The user name is bee and password is in hash ..

NOTE: Now this is hash so how to check which hashing type its using  So we will first identifie the  Hash type

How to do that ..well i have alredy made a blog for that pls refer this link below :
https://nileshsapariya.blogspot.in/2014/10/how-to-identifies-hash-type-if-password.html


I am using John the ripper in kali :

1) where it is in kali ?



Now copy the hash value as shown in fig -1 and save it in the notepad.



==> Time to crack this hash

root@Shield:~# john /root/Desktop/john.txt --format=raw-sha1

Note: /root/Desktop/john.txt is my directory where i have save this file

As we came to know the hash is basically sha1, so i we will use --format=raw-sha1


So here we got the password ;)

Happy hacking ;)

How to identifies Hash type if password is hashed - Step by step entire process for beginner .

Add Comment
Many a time password are in hash format to crack the hash we prefer password cracking tool such as john the ripper , cain and abel and many more .

But here our scope is how to identify the hash type so we will deep dive into it lets start .

Now in order to find out which hash type is, you need to download hash-identifier :-

https://code.google.com/p/hash-identifier/downloads/list


Note :- hash-identifier is basically written in python so after downloading to use this file make sure you have installed python on your machine, if you have installed then it will work if not then download python as follow :-
Go to this link and download the setup file
https://www.python.org/downloads/


You can download either of the version as require by you .

So where we are ? 

We have to find out hash type ==> So we first need to download hash-identifier ==> As its written in python we downloaded python software .

now open the python file hash-identifier :-



So we need to put hash value here..

To give real time example i have used bWAPP password hash which i will put here .
If you dont know bWAPP ==> refer this http://www.itsecgames.com/


We have hash now so we will put this hash in Hash-identifier 



So the password hash is basically SHA-1 :) 

ummm you have a password hash well wana crack tht ??

I will use john the ripper Now you dont know how to use john the ripper no worries i have you can refer my this blog :) 

http://shield4you.blogspot.in/2014/10/john-ripper-password-cracking-tool-how.html

=> 

Password is bug .

Moral of the story :-

In order to crack the password if it is in hash format then make sure you know the type of hash it is .

After finding the hash type you can crack with any password cracking tool .
Here we have used john the ripper .

Happy hacking ;) N