On Thu, 16 Jan 2003, Javier Fernandez-Sanguino wrote: ->Datdamwuf of wolf wrote: -> ->> Another issue, I am looking at prefs, if I elect to brute force ->> Telnet, FTP, etc - where is the files that Nessus uses for this ->> purpose? I need to configure them too...eyes burning out of head, ->> simply not seeing them, doh! -> ->If you are talking about the Hydra plugin (brute force various ->authentication mechanisms) you need to setup these files yourself. There ->are no user/passwords files at the moment provided by Nessus. However, ->it can be pretty easy to setup a list for default (system) users in UNIX ->systems (see below, comments welcome). As for passwords, either use the ->same file (to look for username=password combinations) or make your own ->dictionary. -> ->IIRC the Openwall project provides a nice file with common password list ->in John the Ripper (http://www.openwall.com/john/). More ->dictionaries/wordlist are available at ->
I have some problems with .nessusrc also. It is hard to find the plugins based on the id (compare, why were hostnames invented instead of finding hosts based on the IP addresses). It is a bit strange that why for example plugin 10330, which is a service checking plugin has to be among the normal plugins, because it is more generic than just a normal plugin. I hope there will be some improvements in the way nessus is configured. It is hard to compare two configuration files and why do they give different results. Jukka
