[OWASP-BLR]Queries regarding NIKTO and Nessus

Mayank Bhatnagar mayank.ncst at gmail.com
Wed May 31 09:46:45 EDT 2006


Hi Gaurav,

> NIKTO
> ---------
> I want to use NIKTO from a windows XP machine to explore vulnerabilities
> in
> my IIS 5.0 Server running on another windows XP machine. I have downloaded
> the latest vesion from the CIRT website but i have not been able to
> install
> it on windows. Any idea how can i install it on windows?


Dd you verify whether you have correctly installed perl module
libwhisker.pmNikto requires this module to generate attacks.

NESSUS
> -----------
> When i use Nessus to scan my system, it gives me a list of the open ports
> on
> my server system. I want to check if my program running as a service is
> having any buffer overflow or not. Does anybody have an idea from where
> can
> i get the plugin for buffer overflow.


As rightly mentioned by Akash, for working on buffer overflow, and if your
requirements is for a framework kind of environment, you may use metasploit.
Here you get option to select exploit and then select various payloads for
the exploits.

Specifically if you woud like to target a particular application, then you
may need to search the vulnerability (CVE id) which might have affected this
application, and then search for an exploit/proof of concept payload which
will carry out BOA.

Enjoy Buffing... :-)
Mayank

Thanks,
> Gaurav Gupta
>
>
>
>
> -------------------------------------------------------
> All the advantages of Linux Managed Hosting--Without the Cost and Risk!
> Fully trained technicians. The highest number of Red Hat certifications in
> the hosting industry. Fanatical Support. Click to learn more
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-bangalore
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20060531/93bced38/attachment.html 


More information about the Owasp-bangalore mailing list