- [00:19:23]*atomicturtle (~sshinn@pool-71-126-141-53.washdc.fios.verizon.net) has quit (Quit: Leaving.)
- [01:07:21]*flock3 (~flock3@cpc3-harg4-2-0-cust46.7-1.cable.virginm.net) has quit (Remote host closed the connection)
- [02:03:57]*ingenius (~syntax@181.31.74.27) entered the channel
- [05:05:10]*Aristocles (~Aristocle@203.166.90.14) has quit (Quit: Going.. going... gone)
- [05:24:49]*Aristocles (~Aristocle@203.166.90.14) entered the channel
- [06:47:43]*Suchy (~suchy@user-164-127-254-90.play-internet.pl) entered the channel
- [06:48:14]*mattm (~mattm@105-237-225-80.access.mtnbusiness.co.za) entered the channel
- [07:11:27]*planet_bob (~bob@fa0-0.akl-grafton-vpn2.ihug.net) has quit (Quit: <Azer> i'm actually in a NSA bunker.)
- [09:06:08]*aheinecke (~quassel@194-118-56-19.adsl.highway.telekom.at) entered the channel
- [09:11:38]*flock3 (~flock3@5751df21.skybroadband.com) entered the channel
- [09:18:16]*Ltning (~Adium@134.90.150.202) entered the channel
- [09:28:06]*karel-barel (~jirka@x.proofreason.com) entered the channel
- [09:39:23]*Ltning (~Adium@134.90.150.202) has quit (Quit: Leaving.)
- [09:46:15]*Ltning (~Adium@134.90.150.202) entered the channel
- [10:18:31]*circ-user-2e9Yl (~circuser-@85-18-250-182.ip.fastwebnet.it) entered the channel
- [10:19:39]circ-user-2e9YlHi why if I control my OpenVAS scan with tcpdump the port scanned it's different to the port set on my configuration ?
- [10:22:28]circ-user-2e9YlPort List setting "T:20-21,2111"
- [10:28:22]mimecirc-user-2e9Yl: what the problem? scan is touching ports outside your configured range?
- [10:29:23]circ-user-2e9Ylyes
- [10:29:53]circ-user-2e9Yland the scan not touch the port set on my list
- [10:37:48]circ-user-2e9YlNTV Families = FTP 168 of 168
- [10:37:57]circ-user-2e9YlNVT...
- [10:38:38]mimedo you have a port scanner (nmap (nasl wrapper)) enabled?
- [10:39:11]*Ltning (~Adium@134.90.150.202) has quit (Quit: Leaving.)
- [10:39:33]circ-user-2e9YlNmap version 6.47 ( http://nmap.org ) Platform: x86_64-unknown-linux-gnu Compiled with: nmap-liblua-5.2.3 openssl-1.0.1e libpcre-8.30 libpcap-1.3.0 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select
- [10:39:51]*Ltning (~Adium@134.90.150.202) entered the channel
- [10:40:02]mimeis nmap enabled in the family "port scanners"?
- [10:40:15]mimein your scan config
- [10:44:53]circ-user-2e9Ylsorry..do you talk about Nmap NSE or Nmap NSE net ?
- [10:49:06]mimeFamily Port scanners -> Nmap (NASL wrapper)
- [10:58:03]circ-user-2e9YlI'm not sure found exactly the option.... I using Greenbone Desktop
- [10:58:18]mimethe qt gui?
- [10:58:30]circ-user-2e9YlScan Config -> New -> add FTp, Nmap NSE
- [10:58:41]mimeno, not nmap nse
- [10:58:56]mimeyou have a family "Port scanners" within a config
- [11:00:00]circ-user-2e9YlScan Config -> NVT Preverences -> Nmap (NASL wrapper) -> set yes the option Fragment IP, Identify remote OS, RPC port scan, Service scan, Use hidden option
- [11:00:31]mimethoose the options for the nvt. you still have to enable it
- [11:04:20]circ-user-2e9Ylwhen you talk about "Port scanners within a config", it's the Task config, Scan config or OpenVas config ?
- [11:04:29]mimeScan config
- [11:05:15]circ-user-2e9YlFound
- [11:14:34]circ-user-2e9YlOk now I see the port that I had specified, and other port not specified from me
- [11:14:37]circ-user-2e9Yl09:12:22.214956 06:16:9b:52:63:df > 06:17:94:00:00:02, ethertype IPv4 (0x0800), length 54: 172.17.2.151.5024 > xx.yy.zz.ww.20: Flags [S], seq 1610626168, win 16, length 0 09:12:22.215224 06:16:9b:52:63:df > 06:17:94:00:00:02, ethertype IPv4 (0x0800), length 54: 172.17.2.151.5024 > xx.yy.zz.ww.21: Flags [S], seq 1610626186, win 16, length 0 09:12:22.340308 06:16:9b:52:63:df > 06:17:94:00:00:02, ethertype IPv4 (0x0800), length 54:
- [11:15:01]circ-user-2e9Ylcopy on notepad++
- [11:16:23]mimewhich ports are touched which you have not confgured?
- [11:18:04]circ-user-2e9Yl53,80,135,137,139,143,135,23,25,443,445,443,3128,8080
- [11:18:36]mimethis could be from the host alive test.
- [11:19:01]circ-user-2e9Ylhow I can disable it ?
- [11:25:02]mimeScan Config -> "Port scanners" -> ping host. Disable this NVt or (better) change the alive test to "Do an ICMP ping" only...
- [11:36:00]circ-user-2e9YlOk ok thank you, now the scan it's limited to the port that I have specified
- [11:36:12]mimecool :)
- [11:39:50]circ-user-2e9YlOther problem, the remote host have on tcp 2111 the proftpd 1.3.3d, and this server is affected by CVE-2011-4130 and vulnerability in the function ‘sql_prepare_where()’ (http://www.scip.ch/en/?nasldb.51366) but OpenVAS it's block at 4%
- [11:44:43]mime"but OpenVAS it's block at 4%"? However...for CVE-2011-4130 you have to set (scan config) "Report paranoia" to "Paranoid" ot you have to enable local security checks...
- [11:46:39]circ-user-2e9YlSorry...What NVT Preferences have the value "Report Paranoia"?
- [11:46:58]mimeglobal settings
- [11:49:04]circ-user-2e9YlFound! and the test is ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution VVulnerability
- [11:49:33]mimeright...
- [12:14:08]circ-user-2e9YlCan I create and NVT Profile with only this test check ?
- [12:15:13]circ-user-2e9YlI guess the remote firewall block my check, everytime OpenVAS freeze at 4%
- [12:19:11]mimecreate an empry config and enable only nmap (nasl wrapper), ping host and the nvt "ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability".
- [12:24:50]circ-user-2e9Ylneed to unselect 168 test...urp!
- [12:34:54]circ-user-2e9YlOk done
- [12:35:17]circ-user-2e9YlStart new scan task with only this test
- [12:44:55]*LassMiRanda (~LassMiRan@his1.his.de) entered the channel
- [12:45:00]*Ltning (~Adium@134.90.150.202) has quit (Quit: Leaving.)
- [12:45:37]*LassMiRanda (~LassMiRan@his1.his.de) has quit ()
- [12:49:49]circ-user-2e9Ylmime you are a boss, now work Report with High alert created.
- [12:52:00]mime:)
- [12:55:31]circ-user-2e9Yldo you know if metasploit had the correct exploit for this bug?
- [12:58:56]mimedon't know.
- [13:03:25]circ-user-2e9Yleheheheh ....ok ok...
- [13:29:18]*Ltning (~Adium@134.90.150.218) entered the channel
- [13:29:53]*circ-user-2e9Yl (~circuser-@85-18-250-182.ip.fastwebnet.it) has quit (Remote host closed the connection)
- [13:32:43]*ingenius (~syntax@181.31.74.27) has quit (Remote host closed the connection)
- [13:49:17]*mdpeters (~mdpeters@ip72-223-5-228.ph.ph.cox.net) entered the channel
- [13:50:39]mdpetersI've been looking for instructions on how to use my issued SSL certificate with OpenVAS and Greenbone Security Assistant without success. Any help would be appreciated.
- [13:51:06]*flock3_ (~flock3@host81-132-89-251.range81-132.btcentralplus.com) entered the channel
- [13:52:35]*circ-user-KE26b (~circuser-@85-18-250-182.ip.fastwebnet.it) entered the channel
- [13:55:57]*circ-user-KE26b (~circuser-@85-18-250-182.ip.fastwebnet.it) has quit (Remote host closed the connection)
- [13:58:43]*flock3 (~flock3@5751df21.skybroadband.com) has quit (Ping timeout: 480 seconds)
- [14:03:16]*circ-user-TiFAr (~circuser-@85-18-250-182.ip.fastwebnet.it) entered the channel
- [14:09:12]*mdpeters (~mdpeters@ip72-223-5-228.ph.ph.cox.net) has quit (Quit: Leaving)
- [14:12:54]*flock3 (~flock3@5751df21.skybroadband.com) entered the channel
- [14:20:10]*flock3_ (~flock3@host81-132-89-251.range81-132.btcentralplus.com) has quit (Ping timeout: 480 seconds)
- [14:42:12]*circ-user-TiFAr (~circuser-@85-18-250-182.ip.fastwebnet.it) has quit (Remote host closed the connection)
- [14:46:11]*ingenius (~syntax@201.216.193.237) entered the channel
- [14:59:25]*ramaro (~ramaro@a95-95-107-36.cpe.netcabo.pt) has left the channel ()
- [15:15:52]*atomicturtle (~sshinn@pool-71-126-141-53.washdc.fios.verizon.net) entered the channel
- [16:12:06]*bogart (~bogart@2001:1868:a004:b08:3d22:9cad:f0e0:92b0) entered the channel
- [17:42:36]*bogart (~bogart@2001:1868:a004:b08:3d22:9cad:f0e0:92b0) has quit (Remote host closed the connection)
- [18:00:44]*Ltning (~Adium@134.90.150.218) has quit (Quit: Leaving.)
- [18:30:36]*flock3 (~flock3@5751df21.skybroadband.com) has quit (Remote host closed the connection)
- [19:01:04]*npanone (~npanone@static-108-9-164-28.tampfl.fios.verizon.net) entered the channel
- [19:01:48]npanoneGreetings, has anyone seen this error before "openvassd: symbol lookup error: /lib64/libopenvas_nasl.so.7: undefined symbol: ssh_get_serverbanner" while installing openvas on Centos 7?
- [19:02:58]npanonethe libssh version is 0.5.5 according to yum, it was pulled from atomic's repo.
- [19:06:40]atomicturtlehmm... I wonder if that got linked against something weird
- [19:06:47]atomicturtlewheres your libssh from?
- [19:58:13]npanoneI just followed the install instructions from the website.
- [19:58:21]npanoneI installed Centos 7 Minimal
- [19:58:29]npanoneinstalled wget
- [19:58:30]npanoneran
- [19:58:31]npanonewget -q -O - http://www.atomicorp.com/installers/atomic |sh
- [19:58:42]npanonethen yum upgrade
- [19:58:46]npanonethen yum install openvas
- [20:00:00]atomicturtleIm trying to duplicate this in an image here, bare with me
- [20:04:36]*aheinecke (~quassel@194-118-56-19.adsl.highway.telekom.at) has quit (Remote host closed the connection)
- [20:05:17]npanoneNo problem, I appreciate the help
- [20:05:36]atomicturtleok no dice in my running instance, Im resetting to do an install
- [20:18:10]atomicturtleok no errors on install
- [20:18:28]npanonehmm
- [20:18:40]npanoneSo you had no issues getting the openvas-setup to work ?
- [20:18:43]atomicturtleah what libssh do you have?
- [20:18:47]npanone0.5.5
- [20:19:21]atomicturtleIve got libssh 0.6.3
- [20:19:26]npanonehmm
- [20:19:27]npanoneName : libssh Arch : x86_64 Version : 0.5.5 Release : 2.el7.art Size : 313 k Repo : installed From repo : atomic
- [20:19:39]npanoneWhich repo did it come from?
- [20:20:27]atomicturtlehang on I'll push it to atomic
- [20:20:34]npanoneSweet :D
- [20:32:38]*karel-barel (~jirka@x.proofreason.com) has quit (Ping timeout: 480 seconds)
- [20:45:48]*Ltning (~Adium@cm-84.209.99.48.getinternet.no) entered the channel
- [20:46:28]atomicturtlesome of the mirrors are being silly. Its on www3 I can see, the others are lagging still
- [20:46:50]*flock3 (~flock3@cpc3-harg4-2-0-cust46.7-1.cable.virginm.net) entered the channel
- [20:49:20]atomicturtleha, I spoke too soon
- [20:49:35]atomicturtlethey're up to date now
- [20:59:18]npanoneAwesome thanks so much!
- [21:02:04]npanoneWoot! success! Thank you atomicturtle!
- [21:02:37]*flock3 (~flock3@cpc3-harg4-2-0-cust46.7-1.cable.virginm.net) has quit (Remote host closed the connection)
- [21:02:52]atomicturtleawesome
- [21:08:08]*ramaro (~ramaro@a95-95-107-36.cpe.netcabo.pt) entered the channel
- [21:31:13]*ramaro (~ramaro@a95-95-107-36.cpe.netcabo.pt) has quit (Ping timeout: 480 seconds)
- [21:43:38]*flock3 (~flock3@host81-154-109-247.range81-154.btcentralplus.com) entered the channel
- [21:59:07]*flock3 (~flock3@host81-154-109-247.range81-154.btcentralplus.com) has quit (Quit: Leaving...)
- [22:21:26]*ramaro (~ramaro@2.80.221.97) entered the channel
- [22:36:00]*planet_bob (~bob@fa0-0.akl-grafton-vpn2.ihug.net) entered the channel
- [22:55:28]*mattm (~mattm@105-237-225-80.access.mtnbusiness.co.za) has quit (Quit: Leaving.)
- [23:44:38]*ingenius (~syntax@201.216.193.237) has quit (Remote host closed the connection)
- [23:48:15]*npanone (~npanone@static-108-9-164-28.tampfl.fios.verizon.net) has quit (Ping timeout: 480 seconds)
- [23:59:48]*Suchy (~suchy@user-164-127-254-90.play-internet.pl) has quit (Ping timeout: 480 seconds)
Last 30 days: