1 1 00:00:02,760 --> 00:00:03,593 In this lecture, 2 2 00:00:03,593 --> 00:00:06,920 I'd like to talk about the tool called Nexpose. 3 3 00:00:06,920 --> 00:00:08,970 Nexpose is made by Rapid7. 4 4 00:00:08,970 --> 00:00:10,950 So it's made by the same people 5 5 00:00:10,950 --> 00:00:14,330 that made Metasploit and Metasploit Community. 6 6 00:00:14,330 --> 00:00:16,450 And it's similar to Metasploit Community 7 7 00:00:16,450 --> 00:00:18,950 in a sense that it has a web GUI 8 8 00:00:18,950 --> 00:00:21,210 and it allow us to discover, assess 9 9 00:00:21,210 --> 00:00:24,103 and act on discovered vulnerabilities. 10 10 00:00:25,420 --> 00:00:29,220 It also maps these vulnerabilities to existing exploits. 11 11 00:00:29,220 --> 00:00:33,300 But the difference is Metasploit Community on showed us 12 12 00:00:33,300 --> 00:00:36,640 exploits that can be used within Metasploit. 13 13 00:00:36,640 --> 00:00:39,850 Whereas with Nexpose, it actually show us exploits 14 14 00:00:39,850 --> 00:00:42,240 that have been published somewhere else 15 15 00:00:42,240 --> 00:00:43,890 other than Rapid7 and Metasploit. 16 16 00:00:45,110 --> 00:00:48,250 So it works on a larger scale. 17 17 00:00:48,250 --> 00:00:50,450 It shows us more vulnerabilities. 18 18 00:00:50,450 --> 00:00:52,930 And it also help us to create a report 19 19 00:00:52,930 --> 00:00:54,920 at the end of the scan, 20 20 00:00:54,920 --> 00:00:57,470 so that we can share it with the technical people 21 21 00:00:57,470 --> 00:01:01,890 and smaller report which is of a high level 22 22 00:01:01,890 --> 00:01:04,353 that can be shared with the managers. 23 23 00:01:05,430 --> 00:01:08,570 It also help us create a scheduled scans, 24 24 00:01:08,570 --> 00:01:10,620 so that, for example, if you have a company 25 25 00:01:10,620 --> 00:01:13,330 or if you're working on a big infrastructure, 26 26 00:01:13,330 --> 00:01:16,910 and you want to do regular scans every week or every month, 27 27 00:01:16,910 --> 00:01:19,340 then you can do that using this tool. 28 28 00:01:19,340 --> 00:01:21,820 Let me show you how to install it and run it, 29 29 00:01:21,820 --> 00:01:24,093 and the differences will become more clear. 30 30 00:01:26,010 --> 00:01:28,760 So Nexpose doesn't come in installed in Kali Linux, 31 31 00:01:28,760 --> 00:01:30,840 we have to install it manually. 32 32 00:01:30,840 --> 00:01:32,700 To download it, you need to download it 33 33 00:01:32,700 --> 00:01:34,100 from the following link. 34 34 00:01:34,100 --> 00:01:37,220 It'll ask you to fill up your name and address and all that, 35 35 00:01:37,220 --> 00:01:38,520 fill it up and download. 36 36 00:01:38,520 --> 00:01:41,840 I downloaded the community version, which is free. 37 37 00:01:41,840 --> 00:01:43,530 So I have it right here. 38 38 00:01:43,530 --> 00:01:46,880 Now what I'm going to do before we can install it, 39 39 00:01:46,880 --> 00:01:48,450 the first thing we're going to do 40 40 00:01:48,450 --> 00:01:53,450 is stop the PostgreSQL service that comes in installed with, 41 41 00:01:55,010 --> 00:01:57,920 or that is running in Kali Linux. 42 42 00:01:57,920 --> 00:01:59,663 So I'm gonna do service, 43 43 00:02:01,080 --> 00:02:01,913 post 44 44 00:02:03,280 --> 00:02:08,280 stop, that will stop the service, the SQL service. 45 45 00:02:09,830 --> 00:02:12,470 Now, I'm actually already at the Downloads folder. 46 46 00:02:12,470 --> 00:02:15,916 So usually when you run your Terminator, you will be here. 47 47 00:02:15,916 --> 00:02:19,650 So if you do an ls, you'll see all the directories 48 48 00:02:19,650 --> 00:02:21,740 and you'll need to change your directory 49 49 00:02:21,740 --> 00:02:25,140 to the Downloads directory by using the cd command. 50 50 00:02:25,140 --> 00:02:27,623 So cd and type in Downloads. 51 51 00:02:31,010 --> 00:02:32,190 Now once we're in the Downloads, 52 52 00:02:32,190 --> 00:02:34,370 we can list all the available files. 53 53 00:02:34,370 --> 00:02:37,530 And we can see that we have Nexpose right here. 54 54 00:02:37,530 --> 00:02:39,220 Now usually, you'll have this, 55 55 00:02:39,220 --> 00:02:41,560 you'll need to change the permissions of this 56 56 00:02:41,560 --> 00:02:43,260 to an executable, 57 57 00:02:43,260 --> 00:02:46,010 I've already changed it, that's why it's in green. 58 58 00:02:46,010 --> 00:02:48,220 So for you for the first time, 59 59 00:02:48,220 --> 00:02:50,900 you need to run a command, the chmod command, 60 60 00:02:50,900 --> 00:02:54,280 to change the permissions so that we can execute that file. 61 61 00:02:54,280 --> 00:02:56,270 So the command will be chmod 62 62 00:02:59,050 --> 00:03:01,610 plus x, and you type in the file name 63 63 00:03:01,610 --> 00:03:03,300 that you want to change the permission. 64 64 00:03:03,300 --> 00:03:04,833 And for us it's Nexpose. 65 65 00:03:07,590 --> 00:03:09,880 And that's it, the permissions are changed. 66 66 00:03:09,880 --> 00:03:11,480 Now to run this installer, 67 67 00:03:11,480 --> 00:03:14,090 to run any executable in Linux systems, 68 68 00:03:14,090 --> 00:03:16,930 all you have to do is dot and forward slash, 69 69 00:03:16,930 --> 00:03:19,340 then type the file that you wanna run. 70 70 00:03:19,340 --> 00:03:21,293 So for us it's Nexpose. 71 71 00:03:24,440 --> 00:03:27,500 Now as you can see, you get a nice installer for it. 72 72 00:03:27,500 --> 00:03:29,580 So I'm gonna click Next. 73 73 00:03:29,580 --> 00:03:31,773 Now it's asking me to accept the agreement. 74 74 00:03:36,800 --> 00:03:40,503 And I'm gonna install the console with the scan engine. 75 75 00:03:42,460 --> 00:03:46,150 Now as you can see, one of the problems that I have here 76 76 00:03:46,150 --> 00:03:47,700 is that it's not supported 77 77 00:03:47,700 --> 00:03:49,410 with the Kali Linux version that I have. 78 78 00:03:49,410 --> 00:03:52,290 I have the latest Rolling version of Kali Linux, 79 79 00:03:52,290 --> 00:03:54,780 and Nexpose is not compatible with it, 80 80 00:03:54,780 --> 00:03:56,540 so it's not gonna let me install it. 81 81 00:03:56,540 --> 00:03:59,970 Now it's only compatible with Kali 2. 82 82 00:03:59,970 --> 00:04:03,530 So, if we want to proceed and go ahead with this, 83 83 00:04:03,530 --> 00:04:07,290 we're going to modify two files on our local system 84 84 00:04:07,290 --> 00:04:09,670 to make our system look like Kali 2, 85 85 00:04:09,670 --> 00:04:13,090 so that the installer will let us install it on our system. 86 86 00:04:13,090 --> 00:04:14,430 Now hopefully in your case, 87 87 00:04:14,430 --> 00:04:16,080 by the time you watch this video, 88 88 00:04:17,040 --> 00:04:18,700 there will be a supported version. 89 89 00:04:18,700 --> 00:04:21,310 So you can just click Next in this step. 90 90 00:04:21,310 --> 00:04:23,320 But for me, I'm gonna have to go in 91 91 00:04:23,320 --> 00:04:27,410 and modify two files to make my system look like Kali 2. 92 92 00:04:27,410 --> 00:04:30,013 So follow the steps that I'm gonna do now, 93 93 00:04:30,013 --> 00:04:31,573 only if you get this error. 94 94 00:04:33,400 --> 00:04:36,623 So I clicked on Finish, and I'm gonna go here, 95 95 00:04:40,170 --> 00:04:42,980 I'm gonna attach a file that contains the instructions 96 96 00:04:42,980 --> 00:04:45,570 that you need to do to fill 97 97 00:04:45,570 --> 00:04:48,820 or to change the version of your system to Kali 2. 98 98 00:04:48,820 --> 00:04:50,933 So I have it here in the documents. 99 99 00:04:51,980 --> 00:04:53,600 The two files that need to be changed 100 100 00:04:53,600 --> 00:04:58,220 are the lsb-release and the os-release. 101 101 00:04:58,220 --> 00:05:02,910 So I'm going to open two tabs in here, one for each file. 102 102 00:05:02,910 --> 00:05:05,493 And the first one is in etc, 103 103 00:05:09,120 --> 00:05:14,120 And it's called lsb-release, and we can see the file here. 104 104 00:05:14,470 --> 00:05:15,960 Now before I modify this file, 105 105 00:05:15,960 --> 00:05:19,470 I'm actually gonna copy it and store a backup of it. 106 106 00:05:19,470 --> 00:05:20,990 Because after we finished this step, 107 107 00:05:20,990 --> 00:05:24,560 I'm gonna restore it to the way it was. 108 108 00:05:24,560 --> 00:05:25,980 So I'm gonna create a new folder 109 109 00:05:25,980 --> 00:05:27,430 and I'm gonna call it backup. 110 110 00:05:30,450 --> 00:05:32,533 And I'll paste this file here. 111 111 00:05:34,270 --> 00:05:37,330 And after I do that, I'm gonna modify the file 112 112 00:05:37,330 --> 00:05:39,850 according to the instructions. 113 113 00:05:39,850 --> 00:05:42,050 So I'm gonna open it with Leafpad. 114 114 00:05:43,300 --> 00:05:46,673 And I'm gonna copy all of this, 115 115 00:05:51,730 --> 00:05:52,633 I'm gonna save it, 116 116 00:05:53,780 --> 00:05:54,613 and quit it. 117 117 00:05:56,490 --> 00:05:58,880 I'm gonna do the same with the next file, 118 118 00:05:58,880 --> 00:06:01,110 which is the os-releases, 119 119 00:06:01,110 --> 00:06:05,193 which is stored in User os-releases. 120 120 00:06:15,310 --> 00:06:18,683 So I'm gonna copy this and put it in my backup. 121 121 00:06:26,850 --> 00:06:31,433 Then I'm gonna modify it according to the instructions. 122 122 00:06:40,810 --> 00:06:42,810 Okay, now everything is done. 123 123 00:06:42,810 --> 00:06:46,870 I'm going to go back and run the installer again. 124 124 00:06:46,870 --> 00:06:49,800 And it should think that I have Kali 2 installed 125 125 00:06:49,800 --> 00:06:52,333 and let me proceed through the installation. 126 126 00:06:56,334 --> 00:06:58,857 So again, scroll down, Accept, Next. 127 127 00:07:04,596 --> 00:07:07,050 And as you can see that it thinks I have Kali 2, 128 128 00:07:07,050 --> 00:07:10,210 so it's letting me proceed through the installation. 129 129 00:07:10,210 --> 00:07:13,103 Now I'm gonna put my name, my last name and the company. 130 130 00:07:18,400 --> 00:07:20,580 And now it's asking me to put the port 131 131 00:07:20,580 --> 00:07:25,050 for the database that's going to be used with Nexpose. 132 132 00:07:26,200 --> 00:07:28,640 Now that port is already being used 133 133 00:07:28,640 --> 00:07:30,960 with an already installed database. 134 134 00:07:30,960 --> 00:07:33,803 So I'm gonna make the port 5435. 135 135 00:07:36,720 --> 00:07:38,000 And as you can see, it's telling me 136 136 00:07:38,000 --> 00:07:40,160 that the port is valid and can be used. 137 137 00:07:40,160 --> 00:07:42,300 So I'm gonna go next. 138 138 00:07:42,300 --> 00:07:44,710 Now it's asking me to make a username 139 139 00:07:44,710 --> 00:07:46,210 and a password for login. 140 140 00:07:46,210 --> 00:07:48,510 So I'm gonna make a username and call it zaid, 141 141 00:07:49,940 --> 00:07:51,840 and then I'm gonna select my password. 142 142 00:07:56,380 --> 00:07:58,640 And make sure you don't check this box. 143 143 00:07:58,640 --> 00:07:59,710 Now, I had a lot of issues 144 144 00:07:59,710 --> 00:08:01,970 when I was checking this box while installation, 145 145 00:08:01,970 --> 00:08:04,590 which basically should start Nexpose 146 146 00:08:04,590 --> 00:08:06,340 once the installation is over. 147 147 00:08:06,340 --> 00:08:07,830 But I'm not gonna check it. 148 148 00:08:07,830 --> 00:08:10,560 I'm just gonna install it and then start it later 149 149 00:08:10,560 --> 00:08:11,600 when we want to use it. 150 150 00:08:11,600 --> 00:08:14,823 So I'm not gonna check this box, make sure it's unchecked. 151 151 00:08:17,690 --> 00:08:18,523 And that's it. 152 152 00:08:18,523 --> 00:08:20,490 Now it's going to install it for me. 153 153 00:08:20,490 --> 00:08:21,490 I'm gonna pause 154 154 00:08:21,490 --> 00:08:24,063 and resume once the installation is complete. 155 155 00:08:25,240 --> 00:08:27,920 Okay, so the installation is successful. 156 156 00:08:27,920 --> 00:08:30,710 And we didn't start Nexpose yet. 157 157 00:08:30,710 --> 00:08:33,360 So if you go on this link, nothing's gonna work. 158 158 00:08:33,360 --> 00:08:35,340 You need to run this command first, 159 159 00:08:35,340 --> 00:08:36,640 and then you can access it. 160 160 00:08:36,640 --> 00:08:39,950 So we're gonna talk about that in the next lecture. 161 161 00:08:39,950 --> 00:08:41,220 For now, that's it. 162 162 00:08:41,220 --> 00:08:44,740 I'm gonna click on Finish, and we're done. 163 163 00:08:44,740 --> 00:08:45,573 Now, 164 164 00:08:49,550 --> 00:08:51,860 we're gonna go back and make sure 165 165 00:08:51,860 --> 00:08:55,500 we set our files back to the way they were. 166 166 00:08:55,500 --> 00:08:57,430 Now if you didn't need to modify them, 167 167 00:08:57,430 --> 00:08:59,100 then again, skip this step. 168 168 00:08:59,100 --> 00:09:01,440 If you did modify them, like myself, 169 169 00:09:01,440 --> 00:09:02,810 then make sure you go back 170 170 00:09:02,810 --> 00:09:04,960 and you set them back to the way they were. 171 171 00:09:07,490 --> 00:09:09,023 So I'm gonna go on my backup, 172 172 00:09:09,980 --> 00:09:11,823 and I'm gonna open these files. 173 173 00:09:13,020 --> 00:09:14,970 So we're gonna do the os-release first. 174 174 00:09:19,571 --> 00:09:21,071 I'm gonna copy it, 175 175 00:09:25,100 --> 00:09:30,100 and modify the existing one, and make sure it's the same 176 176 00:09:30,710 --> 00:09:32,100 as it used to be the, Rolling one. 177 177 00:09:32,100 --> 00:09:34,140 As you can see, it says Kali 2 here. 178 178 00:09:34,140 --> 00:09:36,983 I'm gonna set it back to 2016. 179 179 00:09:38,390 --> 00:09:40,723 And then I'll do the same for the next file. 180 180 00:09:50,550 --> 00:09:52,460 And that's it, everything is done. 181 181 00:09:52,460 --> 00:09:55,250 We restored our files the same way they were, 182 182 00:09:55,250 --> 00:09:58,963 and we installed Nexpose on Kali 2016.