Packt+ | Advance your knowledge in tech

You're reading from Kali Linux Intrusion and Exploitation Cookbook Powerful recipes to detect vulnerabilities and perform security assessments

Product type Paperback

Published in Apr 2017

Publisher

ISBN-13 9781783982165

Length 512 pages

Edition 1st Edition

Tools

Kali Linux

Concepts

Penetration Testing

Authors (2):

Dhruv Shah

Ishan Girdhar

View More author details

Table of Contents (18) Chapters

Title Page

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Customer Feedback

Preface

1. Getting Started - Setting Up an Environment

2. Network Information Gathering FREE CHAPTER

3. Network Vulnerability Assessment

4. Network Exploitation

5. Web Application Information Gathering

6. Web Application Vulnerability Assessment

7. Web Application Exploitation

8. System and Password Exploitation

9. Privilege Escalation and Exploitation

10. Wireless Exploitation

Pen Testing 101 Basics

Configuring Nessus and Metasploit

In this recipe, we will you how to install, configure, and start running Nessus and Metasploit.

Getting ready

For this recipe, we will be Nessus home feed and register for a valid license.

How to do it...

Perform the steps for this recipe:

Open Firefox and go to http://www.tenable.com/products/nessus/select-your-operating-system and select the home version. On the next page, select the operating system as 6 and 7 (as Kali is based on Debian Jessie) as shown in the following screenshot:

To the Nessus, open the command in the terminal and type:

      dpkg -i Nessus-6.2.0-debian6_amd64.deb

Now, your Nessus has been installed as shown in the following screenshot:

Once the installation is complete, start the Nessus service using the following command:

      /etc/init.d/nessusd start

Open link https://kali:8834 as shown in the screenshot:

By default, during installation, Nessus is configured for using self-signed certificates to the traffic between your browser and the Nessus server; therefore, you are seeing page shown in the preceding screenshot. If you have downloaded the Nessus from a tenable website, you can consider it safe to click on I understand the risk and accept the certificate to continue and you will see the following page:

Click on Continue, and you will be shown the initial account setup page, as in following screenshot:

Enter the username and password combination you want to create and click on Continue. On the next page, you will be required to enter the code as shown in following screenshot:

To obtain the activation, go to http://www.tenable.com/products/nessus-home and fill the form on the right-hand side of the page to receive the activation code. You will receive your activation code on your e-mail account. Copy the activation and enter it on this screen and continue:

Now, the Activation has been completed and Nessus will update the plugins and the tool will be ready for your use.

We now have Nessus in place. So, let's set up Metasploit. Metasploit is installed by default during OS installation. To invoke, you will need to start the following services:

      # service postgresql start
      [ ok ] Starting PostgreSQL 9.1 database server: main.
      root@Intrusion-Exploitation:~#
      root@Intrusion-Exploitation:~# msfconsole
      [ ok ] Starting Metasploit rpc server: prosvc.
      [ ok ] Starting Metasploit web server: thin.
      [ ok ] Starting Metasploit worker: worker.

Metasploit will be started as shown in following screenshot:

How it works...

In this recipe, we have downloaded Nessus home feed and started the service. We completed the basic initial account setup and entered the account activation key to activate our home feed version of Nessus and finally updated the plugins.

Later on, we turned on PostgreSQL and Metasploit services, and finally, using msfconsole we started an instance of Metasploit.

There's more...

Nessus is a scanner and is an exploitation framework from Rapid7. However, most network environments require only vulnerability assessment and not in-depth exploitation. But, if in some cases it is needed, Metasploit is one of the best frameworks available. Similar to Nessus, Rapid7 has also launched their own vulnerability scanner called Nexpose. can be configured to be integrated with Metasploit, which allows Metasploit to use NexPose for vulnerability scanning and select exploits based on the information gathered by and thus it provides better experience as compared to using Nessus with Metasploit. For more information, visit http://www.rapid7.in/products/nexpose/ .