Archive

Posts Tagged ‘tools’

Kali Linux Issue Starting Metasploit/Postgres

March 13, 2014 Leave a comment

When trying to start Metasploit from the Application menu or starting postgresql from the command line I got the following error:

“Starting PostgreSQL 9.1 database server: main[….] The PostgreSQL server failed to start. Please check the log output”

I was also running low on available space in my VM too, so clearing out the /tmp directory and running ‘apt-get clean’ seemed to help.  I updated the /usr/sbin/update-rc.d file and commented out postgres in the black list and wrote it in enabled in the white list section.  Then, after rebooting, I just had to start postgres manually:

su postgres -c "/usr/lib/postgresql/9.1/bin/postgres -D /etc/postgresql/9.1/main/" &


Advertisements

Nmap

January 14, 2009 Leave a comment

Scanning tools are useful both to hackers and system administrators.  Nmap is a very useful, free scanning utility.  The first objective is to find out what hosts are out on a network.  Issuing the command “nmap -sP 192.168.100.*” would bring back all the hosts on the 192.168.100.0 network.

example of using nmap -sP

example of using nmap -sP

The next step is to stack fingerprint the network using the command “nmap -sT 192.168.100.102”:

nmap -sT

nmap -sT

To see what Nmap is doing, you can use Wireshark to capture the packets that go to and from the target computer.  Here’s an example of nmap hitting port 80 on the target computer:

wireshark_nmap_st1

This command (nmap -sT) shows you the ports open on the target system, as well as the services running on those ports.  This can help you identify what operating system the computer is running which allow you to probe deeper and find out, for example, the type of server and version.  If you’re worried about your scan showing up on the target computer’s logs (as evident in the three-way handshake completed when identifying port 80 as open in the above image), you can do a stealth mode scan with “nmap -sS x.x.x.x”.

Running the command “nmap -O x.x.x.x” will have Nmap guess the operating system on the machine.  I didn’t have much success with that command (from the command line), but using the GUI and command “nmap -T4 –version-light -sV -F -O 192.168.100.102”, it guessed the OS as Windows along with a list of possible versions.

nmap_gui_os_scan

Nmap GUI

Network traffic generated from using Nmap, shown by its signature, can be very detectable.  Nmap can be configured to mask its signature from being easily detected.

Security Tools

October 13, 2008 Leave a comment

The following are a few tools of which I am currently aware.  I’ve used some, and plan to dive deeper into each of them, and hopefully discover others along the way.  I’ll republish this list as I get further along.

  1. Backtrack – live CD, combination of Auditor and WHAX, tons of security/forensics tools
  2. Helix – live CD, can also run as an application in Windows, forensic tools
  3. SecurityDistro – more live CD’s with loads of security tools
  4. WebGoat – a tutorial on web security
  5. p0f – OS fingerprinting tool, for profiling your targets
  6. MetaSploit – ” useful information to people who perform penetration testing, IDS signature development, and exploit research”
  7. KeePass – “a free open source password manager, which helps you to manage your passwords in a secure way”
  8. Wigle.net – Wireless Geographic Logging Engine
Categories: Security Tools Tags: