Archives

All posts for the month September, 2015

Hi Friends, this is a guide on how to reset nessus password in Windows. Open a command line terminal with administration privileges. Navigate to the installation folder of Nessus as shown below. That would be in program files.

nessuswrp1

Once you are in that folder, type “dir” command to see the contents of the folder as shown below.

nessuswrp2

Now type command ” nessuscli.exe lsuser ” to see all the nessus users. In my case there is only one user present. Now to reset his password, type command ” nessuscli.exe chpasswd root “. Then enter the new password twice as shown below. Congrats, you have successfully changed your nessus password.

nessuswrp3

 

See how to install Nessus in Kali Linux

Hi Friends, its common that we forget things. I have forgotten my nessus password so many times. Today we will see how to reset nessus password in Kali linux in case you have forgotten it. Open a terminal, and type the command “cd /opt/nessus/sbin” to navigate to the sbin directory. Here type “ls”  to see the contents of this directory as shown below.

nessuslrp1

Next type command “./nessuscli lsuser ” to see all the nessus users present. Here, we have only one.  Ok, let’s reset the password for user root. Type command ” ./nessuscli chpasswd root “. The system will prompt you to enter the new password. Enter the password two times as shown below. You have successfully changed the nessus password. Now logon with the new password.

nessuslrp2

Good Evening friends. Today we will see a step by step guide  on how to create a web application pentest lab .

For creating this lab, I am using a host machine with Windows 7 installed on it.  We also need the following softwares.

1. Wamp server ( Download here)

2. Vulnerawa ( Download here )

3. Vmware Workstation   or Oracle Virtualbox ( Download here )

4. Kali Linux ( Download here )

Download the above softwares to your system. Install Wamp server.  For this WAPT lab,  we will use vulnerawa as a vulnerable website or target website. Extract the contents of the vulnerawa.zip folder to the root folder of the wamp server. Now open a browser and and type localhost in the urlbar to see if you can see the victim webapp as shown below.

wapt1

Click on “Create Database” to create some data which we will use in our future howto’s.

wapt2

Now let’s change the permissions of the wamp server to access it from our attacker machine. Go to Apache>httpd.conf as shown below.

wapt3

You should see the httpd.conf as shown below.  Type CTRL+F and search for word “stuff”. After you find it, make changes  as shown below in the red box. Save the file by typing CTRL+S  and restart the wamp server.

wapt4

Now install Kali Linux in Vmware Workstation or Oracle Virtualbox (see how ). Set the network adapter to NAT. Now open command line in your host machine and check the IP address assigned to your host machine as shown below by typing command “ipconfig”. Since I am using Vmware Workstation my network adapter is Vmware network adapter vmnet8. The IP address assigned to my host machine is 192.168.64.1.

wapt5

Now start your attacker machine( Kali Linux ), open browser and type the address 192.168.64.1 in the url bar and see if you can access the victim web application as shown below.

wapt6

 

wapt7

Your web application pentest lab is ready. Happy hacking.

Good Evening friends.  Today we will see how to setup Vulnerawa in Wamp Server. For those newbies who don’t know what is vulnerawa, it is a vulnerable webapp coded by me to simulate a real website for practice. Read more about it here. First, download Wamp Server from here   as appropriate to your system requirements. We will use “WAMPSERVER (64 BITS & PHP 5.3.10) 2.2d″ for this howto. Install the Wamp Server. Open browser and type “localhost” in the urlbar to see if wamp server is working as shown below.

vwamp1

 

 

 

 

 

We can see that there are no projects available. Now download Vulnerawa from here. You will find a zip file as shown below. Now we will extract the contents of this file into the root folder of Wamp server. Right click on the zip file, go to 7-zip as shown below ( or any other unzipping software )  and select “Extract files” option. Extract the files to the folder “C:\\wamp\www” which is the root folder for Wamp server.

vwamp2

Now lets check the root folder to see if the files are extracted. Go to wamp server’s root directory and you should see the folder named “vulnerawa1.0.2” as shown below.

vwamp3

 

Now open your browser and type “localhost” once again. Now we can see our projectVulnerawa1.0.2 listed in the Projects section as shown below.

vwamp4

Click on the project. If you see the below webpage, then you have successfully setup Vulnerawa. If it gives you some error go to the url and type “http://localhost/vulnerawa1.0.2” directly. Happy hacking practice.

vwamp5

Here’s a video version of this howto.