Shell is only the Beginning

One of my favorite tools in my toolbox is the Vulnerability Scanner Nessus, in part because of it’s accuracy and because I’m part of one of the teams that works adding new cool stuff to it during the day. So I was super happy to see it included as part of Backtrack. Ever since I started working professionally in security Nessus has been part of my toolkit, once nessuscmd was out it became more integral in to my workflow because I could automate stuff for my customers. Before I had to always follow some weird procedures some times to get Nessus installed on the early versions of Backtrack and those procedures where always prone to breaking when I had to update to a latest version. I would like to share how to activate your copy of Nessus in Backtrack and some of the caveats that are present when activating it depending of your setup. The first step is to have Bactrack installed as a virtual machine on your pentest/audit rig or installed locally on the hard drive of the machine. Do not try to activate by running it from the bootable DVD or from a USB Drive if you intend of using it on several physical machines because the registration process marries the activation to that specific host. So moving the VM from one host to another or the USB drive depending on how you configured Backtrack is more than likely to require re-activation of your copy of Nessus. So one of the first thing you need to do if using a professional feed go to http://support.tenable.com and log in and go in to Manage Activation Codes and get your professional feed activation code. If you will be using a Home Feed you will have to go to http://www.nessus.org/products/nessus/nessus-plugins/obtain-an-activation-code and register for a Home Feed, you will receive your activation code to the email you provided. Once you have the activation code you can proceed to activate it on your Backtrack Machine running as root:

root@bt:~# /opt/nessus/bin/nessus-fetch --register M4D0-EWWQ-1EZU-3KSN
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.

And yes the activation code in the example if a fake one for demonstration purposes only.

The next step is to add an admin user on this box so it can connect, create profiles, policies and launch scans:

root@bt:~# /opt/nessus/sbin/nessus-adduser
Login : carlos
Login password : 
Login password (again) : 
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that carlos has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done : 
(the user can have an empty rules set)
Login             : carlos
Password         : ***********
This user will have 'admin' privileges within the Nessus server
Rules             :
Is that ok ? (y/n) [y] 
User added

Once the user has been created we can launch the Nessusd Daemon:

root@bt:~# /etc/init.d/nessusd start
Starting Nessus : .

Do keep in mind that since this is the first time you will be running the daemon it will take a while for it to load and configure all the checks. You can run top on the system and use the capital P to sort by CPU and then the capital R to change the order if needed, you will see that while loading nessusd will take close to 100% of you CPU and when finished it will normalize. Once it does you just need to connect with your web browser to https://localhost:8834/ or if connecting remotely the IP of the machine instead of localhost. Make sure that NoScript is set to allow script from localhost or the machines address depending your case.