how to....

[Newbie From Banten]

salam kenal dari saya, mudah2an kita selalu bisa silaturahmi dalam
bentuk apapun baik virtual syukur" kopdar tentunya, dan ilmu ini
digunakan untuk kemajuan bersama....

mo tanya ke agan" tentang pengoperasian nessus ? contohnya digunakan
untuk menscan mssql server untuk mendapatkan passwordnya.

trim's

[Novizul Evendi]

Langsung aja scan biasa saja, bingung langsung lihat videonya nich.. :

klo dapatin password,  di bruteforce saja dengan hydra:

karuwak@darkstar:~$ hydra 

Hydra v5.4 [http://www.thc.org] (c) 2006 by van Hauser / THC <v...@thc.org>

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e ns]

 [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-f] [-s PORT] [-S] [-vV]

 server service [OPT]

Options:

  -R        restore a previous aborted/crashed session

  -S        connect via SSL

  -s PORT   if the service is on a different default port, define it here

  -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE

  -p PASS  or -P FILE try password PASS, or load several passwords from FILE

  -e ns     additional checks, "n" for null password, "s" try login as pass

  -C FILE   colon seperated "login:pass" format, instead of -L/-P options

  -M FILE   server list for parallel attacks, one entry per line

  -o FILE   write found login/password pairs to FILE instead of stdout

  -f        exit after the first found login/password pair (per host if -M)

  -t TASKS  run TASKS number of connects in parallel (default: 16)

  -w TIME   defines the max wait time in seconds for responses (default: 30)

  -v / -V   verbose mode / show login+pass combination for each attempt

  server    the target server (use either this OR the -M option)

  service   the service to crack. Supported protocols: telnet ftp pop3[-ntlm]   imap[-ntlm] smb smbnt http[s]-{head|get} http-{get|post}-form http-proxy cisco  cisco-enable vnc ldap2 ldap3 mssql mysql oracle-listener postgres nntp socks5   rexec rlogin pcnfs snmp rsh cvs svn icq sapr3 ssh2 smtp-auth[-ntlm] pcanywhere  teamspeak sip vmauthd

  OPT       some service modules need special input (see README!)

Use HYDRA_PROXY_HTTP/HYDRA_PROXY_CONNECT and HYDRA_PROXY_AUTH env for a proxy.

Hydra is a tool to guess/crack valid login/password pairs - use allowed only

for legal purposes! If used commercially, tool name, version and web address

must be mentioned in the report. Find the newest version at http://www.thc.org

tu, banyak yang di support oleh hydra.... 

2011/12/8 Newbie From Banten <m.yusuf...@gmail.com>

--
To post to this group, send email to tech...@googlegroups.com
For more info, visit at http://techno-os.net/
For your support community mail to : kar...@techno-os.com

--
T'Lab
Technology Open Source Laboratory

web: http://tlab.co.id

Hosting + DataCenter : http://wakhost.com  

Twitter News Update: http://twitter.com/TLabUpdate 

Office: Jl. Jati Mataram No.254, Mlati – Monjali, Yogyakarta
Community web: http://techno-os.net