Pwning using OpenVAS and Metasploit Db_Autopwn

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.

In this exellent demo, ogre25 demonstrates how to use a combination of Openvas and Metasploit to Pwn a victim host. He uses a Backtrack 4 distro and begins by updating Openvas with the latest modules and vulnerabilities. Then he runs a scan on the victim and saves the results of the scan in Nessus nbe format. He then proceeds to load these saved results into Metasploit and fires the Db_Autopwn module to compromise the victim host. Game Over!

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net