Monday, September 30, 2013

Nessus On Windows

Nessus On Windows


Nessus is one of the well known and most used vulnerability scanner program. Nessus was built for UNIX platform but now also supports Windows platform. Nessus runs as client server program and available as free and professional version. Download and register your e-mail with them and they will send you information about how to register and use it. Once installation is done you will have two icons one with name Nessus Server another withNessus Client first of all open Nessus Server and add users in it. Then open Nessus Clientand log in, after log in you will see interface as follows,
Please Open Images In New Tab
First of all you will have to define some scan policy to scan target system. For that click on “Policies” then “Add Policy”. Its not difficult to understand how to define general section in policy but if you don't know much about different OS and networking I would better suggest let other options to their defaults.
Next step is to add scan, click on “Scan” and then “Add Scan”, type IP address you want to scan else you can also insert a text file with IP addresses of targets but for now just scan your own computer. Once you press “Launch” button your scan will begin. After scan is complete have your look on vulnerabilities found in target system. 
 
For now don't bother about how to exploit vulnerabilities for hacking purpose that we will cover in “Enumeration” and “Gaining Access/System Hacking” phase. As an honest advice I would recommend you not to limit your self to this tutorial and find more tutorials onwww.YouTube.com . Thanks for reading and keep visiting.

Saturday, September 21, 2013

How to Reveal Asterisks Password on Log In Page

The following tips and trick I've tried on latest Mozilla Firefox, Google Chrome, Opera, Internet Explorer

Requirement:
1. Internet browser.
2. Understand Javascript.

How to Reveal Asterisks Password on Log In Page:

1. As I've already tell above about the browser condition of my friend, I start to think maybe while she's surfing a website she also save the passwords while the browser pop up alerting whether she want to save our password or not. And when I type Gmail and Yahoo web address on her browser, I got this preview:
She save all her e-mail username and password
When see that, I start to make a small games with my friend (Including her) about "How to Reveal Asterisks Password on Log In Page" without view the passwords directly on the show password options menu.
2. Finally I gave the answers to them. Firstly we view the source code of the page where the asterisks appears and find out the ID of the element where asterisks appears. I give example on Yahoo log in page using Opera dragonfly. (right click the asterisks and click inspect element)
the ID value is passwd.
3. After get the ID, we back again to the browser. On the browser address bar, type:
javascript: alert(document.getElementById('passwd').value);
the script above tells the browser to alerting the value of the textbox where asterisks was appeared.
4. Here is the result when the script was executed.
How to Reveal Asterisks Password on Log In Page
Conclusion:
1. This tips and trick only for fun, because you also can view the saved password directly without viewing source code and typing a javascript code.
2. Do not save your password on your browser, but save it in your mind. That's the safest place

Hope its useful