Nessus has detected that API access on this scanner is disabled.

Nessus displays warning “Nessus has detected that API access on this scanner is disabled” during usage.

To fix this issue, the Nessus service must be stopped, the configuration reset, Nessus restarted and then registered using your previous registration key.

1. Stop the Nessus service:
service nessusd stop

2. Reset the configuration:
/opt/nessus/sbin/nessuscli fix --reset

3. Start the Nessus service:
service nessusd start

4. Register Nessus using your previous registration key:
/opt/nessus/sbin/nessuscli fetch --register xxxx-xxxx-xxxx-xxxx-xxxx

5. Login to Nessus to update plugins.

Searching for binaries for privilege escalation exploit

During the attacking phase of a pen test once access has been gained to a shell, we can try to own the system through a privilege escalation exploit in order to obtain root access. We can verify the system identification of the user by using the following command to ascertain SUID permissions:

$ id
uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),114(bluetooth)

Then we can use the following command, to find a list of executable file SUID permissions on the system:

find / -perm -u=s -type f 2>/dev/null

Here, the find command will search from root (/) looking for user SUID permissions configured to execute (-perm -u=s), and to find directories (-type f). The result of this search, will be redirected to standard error and use a null device to suppress output (2>/dev/null).

Example show below:

$ find / -perm -u=s 2>/dev/null

Note that if redirect to stdout (>) or (1>) was used instead of stderr (2>), we would see a list of permission denied errors. As given from the above example, we could look to use Python2.7 binary in an attempt to gain root access using a privilege escalation exploit. We can use the following command to achieve this in using our above example:

/usr/bin/python2.7 -c ‘import pty;pty.spawn(“/bin/sh”)’

This command will get a TTY shell after a reverse shell connection using Python2.7. This should result in the system permitting root access, and this can be seen from the following commands:

# id
uid=1000(user) gid=1000(user) euid=0(root) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),114(bluetooth)
# whoami

We can see that the system user now has root access, denoted from the above by euid=0(root) and root identified from whoami command.

Fix “Could not validate this preference file” in Nessus

If you receive the below error message when downloading the latest Nessus plugin updates, the following fix may help:

/opt/nessus/sbin/nessuscli update --plugins-only

----- Fetching the newest updates from -----

Could not validate this preference file. Have installation files been copied from another system?
Nessus Plugins: Failed

The first step to fix the error, is to request a new activation code from Tenable for the Nessus program: Link.

Then you will need to register your new activation key, received by email and associate to Nessus:
/opt/nessus/sbin/nessuscli fetch --register

Alien Vault – How to Prepare to Take the OSCP

Offensive Security Certified Professional (OSCP) – Most recognized penetration testing certification in the industry.

  1. Earn after passing the 24-hour performance based exam
  2. Pre-requisite Course: Penetration Testing with Kali Linux (PWK)
  3. Certification proves you have a clear and practical understanding of the penetration testing process and life-cycle
  4. Virtual network containing targets of varying configurations and operating systems
  5. An OSCP is able to identify vulnerabilities and execute attacks in a controlled and focused manner.

Alien Vault – How to Prepare to Take the OSCP: Link

How to install Hyperion in Linux

Hyperion is a runtime encrypter for 32-bit portable executables. It is a reference implementation and bases on the paper “Hyperion: Implementation of a PE-Crypter”.

Hyperion is not included in Kali Linux repositories. To install Hyperion in Linux, run the following commands:

Download the files from Github:

Unzip the archive file:

Invoke the MingGW compiler to compile Hyperion in to a executable file:
i686-w64-mingw32-c++ Hyperion-1.2/Src/Crypter/*.cpp -o hyperion.exe

How to install Ming C compiler in Linux

MinGW, a contraction of “Minimalist GNU for Windows”, is a minimalist development environment for native Microsoft Windows applications.

MinGW provides a complete Open Source programming tool set which is suitable for the development of native MS-Windows applications, and which do not depend on any 3rd-party C-Runtime DLLs. (It does depend on a number of DLLs provided by Microsoft themselves, as components of the operating system; most notable among these is MSVCRT.DLL, the Microsoft C runtime library. Additionally, threaded applications must ship with a freely distributable thread support DLL, provided as part of MinGW itself).

The Ming compiler is included in Kali Linux repositories, but is not installed by default. To install Ming C compiler in Linux, run the following command:

apt-get install mingw-w64

MinGW (mingw-w64) is the successor to mingw32.

Kali Linux: Ruby Gem Bundler Errors (Ruby libraries) for Metasploit

An error occurred while installing pcaprub (0.12.4), and Bundler cannot
Make sure that `gem install pcaprub -v '0.12.4'` succeeds before bundling.

This occurs during the installation process for Bundled Gems in Metasploit and within its local Git repository, e.g.:

cd ~/git/metasploit-framework/
bundle install

Note, ~/git/metasploit-framework/ is my locally defined directory for my Github repository in Kali Linux.

In the top example (see above), the error effects the “pcaprub” Gem. To fix this issue, run the following command:

sudo apt-get install libpcap-dev

This will install the package for libpcap-dev (development library for libpcap) – libpcap-dev Debian package

Once the libpcap-dev package has been installed, the bundle install command can be ran:

cd ~/git/metasploit-framework/
bundle install

Note, for other Gem installation errors during bundle install, it is likely to be an issue with missing packages in your system. The missing packages can be installed via sudo apt-get install [package_name].

Adding a new user in Kali Linux

Open a terminal using Ctrl+Alt+T or clicking on the icon – logged in as root

From the console issue the add user command with “-m” to create user home directory – #useradd -m

Create a password for the user – #passwd

Add user to sudo group – #usermod -a -G sudo

Change default shell of user to bash – #chsh -s /bin/bash

Initiate SSLv3/TLS Connections with Nmap Script

Locate Nmap scripts folder (location varies by platform – “find / -name ‘*.nse'”

Confirm “ssl-enum-ciphers” exists in folder. Download from Nmap if required –

Invoke Nmap and run command – “nmap -p 80,443 -T4 –script ssl-enum-ciphers <hostname>.