elliot-bia
commented
8 months ago It looks like the crack has failed or the update pack has been blocked. Did you do anything else?
Closed f3yc0w closed 7 months ago
elliot-bia
commented
8 months ago It looks like the crack has failed or the update pack has been blocked. Did you do anything else?
f3yc0w
commented
8 months ago So after using it all afternoon it seems like there's just like a few things going on one of which is there's a setting called telemetry which needs to go off but is also part of the problem that when you turn it off that is when something else is being triggered I believe in response to that
I mean the crack itself shouldn't fail period right I mean it not like I have the source code but from what I can tell I mean the program stands by itself and then the plugins are being added with maybe some of your wizard magic right but ultimately unless tenable is able to reach backwards through their program right through say a back door maybe or you know whatever else a poisoned upgrade per plugins etc.. They shouldnt have a good way to really patch the crack, after all.. The arguable definition of a true and fully cracked program is really just making sure it works long enough for you to air gap it and freeze it in time 😂 Plus, given the nature of the software, a poisoned plugin or backdoor is always a possibility.
While im typing this, I just tripped a flag ive tripped before. It appears that like 90% of of the env vars in the settings tab and it's 5 or 6 subtabs are boobie trapped. When i have time, ill use bash or py to initiate a more efficient one by one. But Im now 100% sure that the settings tabs are part of the issue.
On Wed, Oct 25, 2023, 8:20 PM Elliot @.***> wrote:
It looks like the crack has failed or the update pack has been blocked. Did you do anything else?
— Reply to this email directly, view it on GitHub https://github.com/elliot-bia/nessus/issues/50#issuecomment-1780352721, or unsubscribe https://github.com/notifications/unsubscribe-auth/BB4WS4CLTSEPJTFTHBFSCELYBHJGJAVCNFSM6AAAAAA6P5XPNOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOBQGM2TENZSGE . You are receiving this because you authored the thread.Message ID: @.***>
f3yc0w
commented
8 months ago Ill go check for airgap results when im done smoking lol, If I dont have the same issue with RFKILL on, then we will have our answer as far as who or where the problem is coming from
On Wed, Oct 25, 2023, 11:44 PM Feyla @.***> wrote:
So after using it all afternoon it seems like there's just like a few things going on one of which is there's a setting called telemetry which needs to go off but is also part of the problem that when you turn it off that is when something else is being triggered I believe in response to that
I mean the crack itself shouldn't fail period right I mean it not like I have the source code but from what I can tell I mean the program stands by itself and then the plugins are being added with maybe some of your wizard magic right but ultimately unless tenable is able to reach backwards through their program right through say a back door maybe or you know whatever else a poisoned upgrade per plugins etc.. They shouldnt have a good way to really patch the crack, after all.. The arguable definition of a true and fully cracked program is really just making sure it works long enough for you to air gap it and freeze it in time 😂 Plus, given the nature of the software, a poisoned plugin or backdoor is always a possibility.
HOWEVER,
While im typing this, I just tripped a flag ive tripped before. It appears that like 90% of of the env vars in the settings tab and it's 5 or 6 subtabs are boobie trapped. When i have time, ill use bash or py to initiate a more efficient one by one. But Im now 100% sure that the settings tabs are part of the issue.
On Wed, Oct 25, 2023, 8:20 PM Elliot @.***> wrote:
It looks like the crack has failed or the update pack has been blocked. Did you do anything else?
— Reply to this email directly, view it on GitHub https://github.com/elliot-bia/nessus/issues/50#issuecomment-1780352721, or unsubscribe https://github.com/notifications/unsubscribe-auth/BB4WS4CLTSEPJTFTHBFSCELYBHJGJAVCNFSM6AAAAAA6P5XPNOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOBQGM2TENZSGE . You are receiving this because you authored the thread.Message ID: @.***>
f3yc0w
commented
8 months ago Ran over 7 hours of unsafes, and full non-spec sweeps without any issue. Multiple system restarts, two seperate docker daemon sessions, export, moved image to another machine , resulting in a single, advance, fully-executed scan of 12 hostscan after import and moved the report documents around over MeshNet from 4 different devices through out the city...
So, at this point I feel confident to say that the issue is more likely coincidental decay as opposed to any kind of real action by Tenable. Only changes to the configuration, The specific way it way it actually happens when it does definitely makes me feel like my focus should be on the immediately applied reversion of "Unlimited Licenses" back to 16. Hosts are instantaneously removed until 16 or less remain, and scans are aborted. It happens before literally every single thing except perhaps the CSS execution for the warning that pops at the top during crack-fail-event so
There is also definitely something on the FS that is being brought over or changed when this happens, because the issue is persistent across containers. I can't say what the differentiation is for which settings run the risk of breaking the mirage and which ones don't. But the crack-failure that results is persistent. I'm currently having to replace the entire image each time it happens in order to reset back to square 1.
However that doubles as the perfect opportunity to That means that the problem can almost certainly be reverse engineered backwards via wireshark in the event Tenable whistled. I'm of the general opinion this is probably just something that came as a result of dependency changes or the like. If that is the case, I'd use frida-trace
I'll burp the crack-failure event when I get home and see if anyone speaks 😛 I'll keep you updated. @elliot-bia
harshdhamaniya
commented
8 months ago Facing the same issue, during the scanning process after 15 mins nessus is brought back to home login screen upon successful login nessus is converted to nessus essentials and IP limit to 16IPs
Please Provide a solution for the same @elliot-bia
B1aK2
commented
8 months ago 相同的问题,配置了nessus的代理之后破解失效:
破解失效后尝试扫描www.baidu.com主机:
elliot-bia
commented
8 months ago Copy that,I would try to slove this problem in this weekend.
elliot-bia
commented
8 months ago Sorry, I have been f**king busy, I will solve it as soon as I have free time
harshdhamaniya
commented
8 months ago @elliot-bia any updated on this?
danger-dream
commented
7 months ago Is there any update?
elliot-bia
commented
7 months ago The activate code had been banned, I'm tring to solved this situation It will be upgrade at next week, ( after I finish my java code project....
elliot-bia
commented
7 months ago Hello, everyone!
It's 7 o'clock in China, I'm glad to announce that new version has been release.
Just pull the lastest version.
And the usage is below:
docker run -itd --name=ramisec_nessus -p 8834:8834 ramisec/nessus:latest
docker exec -it ramisec_nessus /bin/bash -c "/nessus/update.sh UPDATE_URL_YOU_GOT"
The UPDATE_URL_YOU_GOT you need to apply in nessus website to get an activation-code, and generate it in this website
For example:
Any stings like aaaaaa11b2222cc33d44e5f6666a777b8cc99912 would be available, but remeber must not be the same :)
And you will get the UPDATE_URL_YOU_GOT
It's funny that this process just took me three hours, but I procrastinated for 3 weeks even more 🤣🤣 May you guys enjoy!
harshdhamaniya
commented
7 months ago Hello, everyone! It's 7 o'clock in China, I'm glad to announce that new version has been release. Just pull the lastest version. And the usage is below:
docker run -itd --name=ramisec_nessus -p 8834:8834 ramisec/nessus:latestdocker exec -it ramisec_nessus /bin/bash -c "/nessus/update.sh UPDATE_URL_YOU_GOT"The UPDATE_URL_YOU_GOT you need to apply in nessus website to get an activation-code, and generate it in this website For example:Any stings like
aaaaaa11b2222cc33d44e5f6666a777b8cc99912would be available, but remeber must not be the same :) And you will get the UPDATE_URL_YOU_GOTIt's funny that this process just took me three hours, but I procrastinated for 3 weeks even more 🤣🤣 May you guys enjoy!
Hey @elliot-bia i have tried to use the latest build, this build worked till today without any problems. But again my nessus went to compiled plugin suddenly today and again the license is seems expired.
harshdhamaniya
commented
7 months ago Did you restart the docker images?
No i didn't restarted the docker image, Also the PC was never shutdown nor docker was restarted
elliot-bia
commented
7 months ago Did you restart the container?
harshdhamaniya
commented
7 months ago Did you restart the container?
No sir, It was running contineously from the day you pushed the new update. It happened automatically. Nessus window went to compile plugin and then redirected to Login screen, After loggin in it showed the yellow error bar at the top where the crack seems to fail.
elliot-bia
commented
7 months ago ok,I'll replicate it in local Any other infomation will be helpful
harshdhamaniya
commented
7 months ago If you can implement it over Nessus Professional Key, you can fetch the key from a tool i have developed to generate Nessus Professional key without form submission. which can help in direct update rather than client have to submit form get key and submit a string with key to get the URL.
harshdhamaniya
commented
7 months ago Any sort of temporary support to refresh unlimited status is helpful..!!
elliot-bia
commented
7 months ago Well, You can try run docker exec -it ramisec_nessus /bin/bash -c "/nessus/update.sh UPDATE_URL_YOU_GOT" again
It will be crack again
elliot-bia
commented
7 months ago If you can implement it over Nessus Professional Key, you can fetch the key from a tool i have developed to generate Nessus Professional key without form submission. which can help in direct update rather than client have to submit form get key and submit a string with key to get the URL.
No, The implement process doesn't use any activation-code, and I saw your nessuscrack tools, it's great
harshdhamaniya
commented
7 months ago docker exec -it ramisec_nessus /bin/bash -c "/nessus/update.sh UPDATE_URL_YOU_GOT"
i have tried this command, it was successfull as well, but still im getting the following error with unlimited IPs scannable
harshdhamaniya
commented
7 months ago Also, The scans which are already completed when launched again, they are getting completed within a second with no results.
elliot-bia
commented
7 months ago Also, The scans which are already completed when launched again, they are getting completed within a second with no results.
First, do not click the link "view your license information" above the page, just ignore it Then, try to apply another activation-code I think that would be helpful
Unsure of the cause of this. Got about 15-20 minutes out of it before I was suddenly booted from the web-server.
All scans are stopped and a warning appears at the top letting you know that your license has either expired or something else..etc
This has been experienced twice, I'm still not sure of the common-denominator at this point. Stay tuned.