

You will see a welcome screen like the one shown in Figure 1 which, as you can see, asks for a user name and password so you need to create a Nessus account first. Thus, I visited in my browser, to start using it. Nessus uses 8834 as the default port number.

You can read the Metasploit documentation to explore more features.Īfter installing Nessus, you need to start the nessusd server (for *NIX and Mac OS X), by running sudo /etc/init.d/nessusd start.

There are various ways to use Metasploit from a browser to localhost, via GUIs, or at the console - which is what we are going to do. To manually install Metasploit, get your preferred download from here. I’m using Nessus 4.4.0, which is compatible with Ubuntu 9.10 and 10.04. If you want to install it manually, get it here. You can install Nessus directly from the repository by typing sudo apt-get install nessus in your terminal. Metasploit recommends PostgreSQL as the default database, so I assume that you have PostgreSQL installed on your system, with an appropriate account and a database. I plan to find the vulnerabilities of the guest, and then hack into it using the Metasploit framework. The firewall is turned off in the guest OS for faster processing. All the testing will be done on my virtual LAN. I am using the Ubuntu 10.04 32-bit desktop edition on my host machine, and VirtualBox for running a virtual machine, with Windows XP SP2 as the guest OS in the VM.
