/usr/share/metasploit-framework/lib/msf/core/payload/android.rb:92:in `not_after=': bignum too big to convert into `long' (RangeError) from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:92:in `sign_jar' from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:123:in `generate_jar' from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:38:in `generate' from /usr/share/metasploit-framework/lib/msf/core/payload.rb:204:in `size' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:158:in `block (2 levels) in recalculate' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:102:in `each_pair' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:102:in `block in recalculate' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:98:in `each_pair' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:98:in `recalculate' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:251:in `block in load_modules' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:248:in `each' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:248:in `load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:119:in `block in load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `each' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `block in init_module_paths' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `each' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `init_module_paths' from /usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:196:in `initialize' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `new' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `driver' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start' from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start' from /usr/bin/msfconsole:48:in `<main>'
Posted by Shivam about 2 hours ago
Hi, I've installed Nexpose community and get the following error when I try a scan. Any clue what the problem is? (java.io.IOException: The Nmap exit value is not zero: 1 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:748) ) I am on Windows 7 64bit, using the local scan engine. Thank you
Posted by John Erickson 2 days ago
I am trying to build a basic automated report for server review self service with the following query. Borrowing from another post and adding my own SQL on top, my error states: Error:column css.credential_status_description does not exist Character:946 I only get an error when adding in the SELECT for creds_status. All documentation web and PDF states that column does indeed exist. I have returned results for that column in a straightforward query. Help. My Query is: WITH all_tags AS ( SELECT asset_id, tag_name AS all_tags FROM dim_tag JOIN dim_tag_asset dta USING (tag_id) GROUP BY asset_id, tag_name ), policy_set AS ( SELECT asset_id, description AS policy_set FROM fact_asset_policy_rule JOIN dim_policy_result_status dprs USING (status_id) GROUP BY asset_id, description ), policy_rules AS ( SELECT asset_id, title AS policy_rules FROM fact_asset_policy_rule JOIN dim_policy_rule USING (rule_id) GROUP BY asset_id, title ), creds_status AS ( SELECT asset_id, credential_status_description AS creds_status FROM dim_asset_service_credential JOIN dim_credential_status USING (credential_status_id) GROUP BY asset_id, credential_status_description ) SELECT ip_address as "IP Address", host_name as "Hostname", dos.description AS "OS", alt.all_tags as "Tags", ps.policy_set as "Policy Status", pr.policy_rules as "Policy Rule", css.credential_status_description as "Credential Status" FROM dim_asset JOIN dim_operating_system dos USING (operating_system_id) LEFT OUTER JOIN all_tags alt USING (asset_id) LEFT OUTER JOIN policy_set ps USING (asset_id) LEFT OUTER JOIN policy_rules pr USING (asset_id) LEFT OUTER JOIN creds_status css USING (asset_id) Matt
Posted by Matthew Swenk 2 days ago
We installed version 2.2.0 (we also have 1.2.2 installed) on our servicenow developer instance and when we try to run Nexpose Integration Last Scan (first run of the application, section 4), it is immediately failing with the error : "Encountered error running the integration. ReferenceError: "sn_automation" is not defined." Any assistance is appreciated. Thanks. Patrick Hames
Posted by Patrick Hames 2 days ago
Hello , I'm running kali linux and my virtual-box has metasploitable 2 I made an Nmap scan and found a lot of opened port and I want to exploit port 512/tcp open exec 513/tcp open login 514/tcp open shell When I made research i found I can access with root privileges if i type rlogin -l root <ip-of-metasploitable> When I run that I get this error root@kali:~# rlogin -l root 192.168.43.113 rlogind: Host address mismatch. any help please
Posted by Ayoub Elaich 3 days ago
System event error provided ======================================== Python could not construct the class instance Traceback (most recent call last): File "E:\jenkins\WORKSP~1\PYD4C1~1\agent\persistence\winsvc.py", line 26, in __init__ File "E:\jenkins\WORKSP~1\PYD4C1~1\agent\agent.py", line 206, in __init__ File "E:\jenkins\WORKSP~1\PYD4C1~1\agent\agent_config.py", line 640, in __init__ File "E:\jenkins\WORKSP~1\PYD4C1~1\agent\agent_config.py", line 645, in _load_config File "E:\jenkins\WORKSP~1\PYD4C1~1\agent\agent_config.py", line 482, in validate File "E:\jenkins\WORKSP~1\PYD4C1~1\agent\agent_config.py", line 600, in _check_type ValueError: client_crt is required %2: %3
Posted by Rony Chudnovsky 3 days ago
I'm trying to execute a custom query in InsightIDR to search for top abused domains. This is my query: public_suffix = xyz OR biz OR ga OR gg OR men OR cf OR ga OR tk OR work OR top OR click OR ml However I also get .com results. What am I doing wrong?
Posted by Ciber Seg 4 days ago
When I run the following: select da.ip_address, da.host_name, dos.name as OS, dos.version as OS_Version, dp.title as Policy_Title, dpr.title as Rule_Name, dpr.description as Rule_Description, dprs.description as Complaince_Status from fact_asset_policy_rule as fpr join dim_asset as da on fpr.asset_id = da.asset_id join dim_operating_system as dos using (operating_system_id) join dim_policy as dp on fpr.policy_id = dp.policy_id join dim_policy_rule as dpr on fpr.rule_id = dpr.rule_id join dim_policy_result_status as dprs on fpr.status_id = dprs.status_id I get duplicate returns based upon how many times the server was scanned, but there in no associated scan date provided. Software certificate installation files must be removed from a system. Software certificate installation files must be removed from a system. Software certificate installation files must be removed from a system. How do I get the date for each of the scans, so that I can filter out the old scans?
Posted by Stephen R. Harashack 4 days ago
I am using Nexpose Community Edition and scanning windows 10 machines. I am not able to perform successful scanning and DCE Authentication failure on port 135 occurs. However port 445 returns me with credential success output. Kindly guide
Posted by Malik Yaseen 5 days ago
I am not an administrator but a User of Nexpose so I don't believe I have all the accesses. My question is this, I see an asset group with custom asset tags. The asset tags have pretty long-winded names that only mean something internally. How do i tell what the criteria of the asset tag is? This is the part that is puzzling me. An asset group, with 2 custom asset tags, but I can't figure out what its filtering on. Is it correct that the custom asset tag actually has criteria set, but I probably don't have rights to see?
Posted by Robert Glus 5 days ago
I'm having problems getting a SQL query to work properly. I'm trying to pull high level statistics for a simple monthly metrics report but the query I've developed doesn't pass the validate step in the report creation screen. Every time I clear an error another one pops up. Any suggestions? Here's the latest version of the query. SELECT dta.tag_name AS "Asset Category", COUNT(da.asset_id) AS "Asset ID", SUM(fa.vulnerabilities) AS "Total Vulnerabilities", SUM(fa.severe_vulnerabilities) AS "Severe Vulnerabilities", SUM(fa.moderate_vulnerabilities) AS "Moderate Vulnerabilities", SUM(fa.critical_vulnerabilities) AS "Critical Vulnerabilities" FROM dim_asset da JOIN fact_asset fa USING (asset_id) JOIN dim_tag_asset dta USING (asset_id) GROUP BY dta.tag_name ORDER BY dta.tag_name
Posted by Doug Schaible 5 days ago
Hello Am having issues with creating exception is Nexpose Security Console. I do not want to create exceptions based on Vulnerability or Asset. I want to create exception based on Vulnerability Proof such that if word "xyz" is present in Vulnerability proof it will create exception till a particular date provided by me. Any help will be appreciated. Thanks
Posted by Rabail Kazi 5 days ago
What is the best approach to separate Application related vulnerabilities (like Java for example) from the OS ones when reporting? Is there a way to do that in Nexpose? I tried scoping vulnerable vs venerable version but that's not necessary accurate because you will still get vulnerable version but related to the OS. I'm trying to avoid the manual work of generating a spreadsheet to filter out application vulnerabilities on a separate report.
Posted by Maiash 5 days ago
We have been using Nexpose for a couple of years now, and our biggest hurdle, right now, is getting information about our Cisco IP phones into Nexpose. Is that a possibility that others have seen a solution to? The phone's internal web server presents a lot of information, but it doesn't look like it's discoverable any other way! Thanks!
Posted by Joshua Marquis 5 days ago
Can you advise on what registry keys Nexpose looks for in regards to the Meltdown/Spectre vulnerabilities? Our understanding is that to enable the software patches Microsoft has released for all three vulnerabilities, the following keys need to be set under HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management: FeatureSettingsOverride: 0 FeatureSettingsOverrideMask: 3 However, we have found assets in our inventory that have the following keys, which according to Microsoft is to disable all the mitigations. Nexpose is not showing these assets as being vulnerable to Meltdown or Spectre: FeatureSettingsOverride: 3 FeatureSettingsOverrideMask: 3 But Nexpose is (correctly, I believe) picking up assets that have the Spectre Variant 2 vulnerability because they have the following: FeatureSettingsOverride: 1 FeatureSettingsOverrideMask: 3 So basically the reg keys should be 3/0. But we have assets at 3/3 that are not showing vulnerable, and I'm not sure why?
Posted by John Magnetta 6 days ago