Sunday, June 27, 2004

Hacking from Mac OS X Panther (Installing nmap, Nessus, and others)

In continuation of my previous post about installing Ethereal on OS X using Darwin Ports, I present to you an article on installing some basic tools to perform initial security audits from the Mac using OS X Panther (10.3.x).

You have to have Darwin Ports installed on your system to follow these instructions. Just follow the instructions from the link above. I'll wait until you have it done. Promise.

Back already? Good. Besides, no 'Security Workstation' is any good without Ethereal.

First we're going to install nmap, a command-line based port scanner. This one is easy, from a terminal window:

sudo port install nmap (remember this will ask you for your USER password, not your root password. The 'su' command asks for the root password.)

Wait a little while, and you've got it.

Since you are using a Mac, it would be a shame not to have a graphics front end. Therefore, the next step is to install nmapFE (nmap Front End). Just download and install it from the link I just gave you. It installs like any other 'normal' Mac program

Oh, and as I mentioned in the Ethereal post, you can install MacStumbler as well.

Now for the grand-daddy of Auditing tools, Nessus, a vulnerability scanner that can be pointed at a single host or range of hosts and probe for missing patches, open ports, or other OS and Application weaknesses. It's a bit of a bear to install, but using my favorite, Darwin Ports, it can be done. Here are the step-by-step instructions...

- Nessus normally needs wget and/or lynx to allow it to install the script 'nessus-update-plugins', which downloads the latest lists of vulnerabilities that nessus uses to perform it's tests. So from a terminal session, issue the following commands:

1. sudo port install wget
2. sudo port install lynx
(or you can just 'su' to start, and leave off the sudo on these commands)

lynx is a cool text-based browser, which can come in handy from time to time to check out some not-so-trustable webpages. wget allows you to retrieve files, sort of like ftp, but different.

- Now we're going to install Nessus itself. First, the libraries, then the core, then the plugins. You can do it all by starting with step 3, because Ports will get all the dependent programs/files needed, but I like to be complete:

1. sudo port install nessus-libraries
2. sudo port install nessus-core
3. sudo port install nessus-plugins

- Now you need to add Nesses to your PATH variable:

1. export PATH=$PATH:/opt/local/bin:/opt/local/sbin

This line should be added to .profile from the Terminal, and .bashrc in X11. In fact, I now is the time to switch from Terminal, and to X11's xterm. If you don't want to restart your sessions, issue the command on the xterm line. Be sure you are su'd to root.

- Now we have some other commands needed to finish setting nessus up. You must create a Certificate for nessus clients to run against, and add a user (different from your login), and update your plugins:

1. nessus-update-plugins
2. nessus-adduser
3. nessus-mkcert

You can do these in any order, and follow the instructions (except for nessus-update-plugins, it just loads).

- Now something different. If you don't follow this step, you will get the nasty GTK error similar to the one I saw with Ethereal.

1. With your normal user login issue the command 'xhost +' (without quotes) this will allow anyone to connect to the local display.
2. Change to root, by issuing the 'su' command (without quotes)
3. Now type the following command: export DISPLAY=:0.0

- As root, you can start the nessus server:

1. nessusd -D (This will take a little while to load)

- I would suggest placing these last 4 command into a script. First 'vi startnessus.sh' (without quotes) to start the VI editor. Then press 'i' on your keyboard to enter insert mode, and place the following 4 lines in the file:

xhost +
su
export DISPLAY=:0.0
nessusd -D

press [escape key]:wq to save the file and exit VI.
Now issue this command: chmod 777 startnessus.sh
Leave startnessus.sh in your Users/Username directory, or place it somewhere in your PATH. Now you can start nessus by typing startnessus.sh on a line by itself.

-If all goes well, you can now issue the 'nessus' command (without quotes) to start the GUI client interface. Enter your username and password you created in the nessus-adduser step, and click on 'login'. You will be asked to accept a certificate. Select option #2 for accepting the Cert (or like the instructions say, if you are paranoid, choose 1 or 3).

Now wait.

It took a long time for the login process to complete on my system. In fact, the GUI stopped responding, and I thought it was 'locked up'. It just takes a long time to load.

Congratulations, you now have all the basic tools to poke around your network or any network you are authorized to snoop. If you need help in running any of the programs above, check their websites and RTFM, and if you still have questions, stop by my IT Forum at www.nmpforum.com, and I'll help you out if you ask intelligent questions. :)