I am trying to attack a WinXP SP3 VM with a Kali Linux (also a VM on a Win10 x64). I can ping both machines and they are both set to bridged adapter. I cannot for the life of me get ANY exploit to work on the WinXP machine. I am trying to load a meterpreter stager. The latest exploit that I could find was: windows/smb/08_067_netapi, with the windows/meterpreter/reverse_tcp payload. Every setting has been set up. Please help this is driving me to insanity. Thanks.
Posted by Christian Giuffre about a year ago
We are trying to deploy the Rapid 7 Insight Extension via Azure Marketplace. It appears that the PSScript being used is looking for the JSON config file directly in c:\windows\temp, instead of the zip file that is uploaded as part of extension. Should the zip be unzipped automatically via extension?
Posted by JR Foster about a year ago
I'm noob in hacking. I just created an apk with android/meterpreter/reverse_tcp payload and exploited my android phone in local connection. How i connect the phone through internet, bacause public ip always changes?
Posted by Jishnu about a year ago
New to Nexpose API. I am trying to download a report via API. When I send API call ReportListingRequest, I can see the report URL: <ReportListingResponse success="1"><ReportConfigSummary template-id="audit-report" cfg-id="xxxxx" status="Generated" name="xxxxxx" generated-on="20180803T121220237" report-URI="/reports/0000xxxx/0000xxxx/Document.txt"/></ReportListingResponse> But I see nothing in API pdf to allow actually download. I tried appending URI to HTTPS:\\<nexpose server>:3780/api/1.1 but it appears missing the session key. Anyone have any thoughts suggestions? Thanks
Posted by Michael Sexton about a year ago
We've setup LDAP authentication which works successfully for a limited period of time. After some amount of time logins begin to fail with: 2018-08-06T16:28:41 [INFO] [Thread: http-nio-3780-exec-7=/data/user/login] [Principal: Username] [Cause: Credentials are not valid.] Authentication attempt failed. I know LDAP auth is working with the same setup on another application, so this issue seems to be isolated to NeXpose. I also see successful username lookups on the Domain Controller. Has anyone else seen this?
Posted by Ian Wolff about a year ago
So every time I try and do something in metasploit, when I type in 'exploit' or 'run', the msfconsole runs for a litte bit, and then it will spit 'Rex::TimeoutError Operation timed out' right back at me. I am a beginner so I know it must be something that I have done wrong. The target system is a WinXP and the attacker is a Kali Linux, both of which are running in VM on Win10. They both have their network settings to 'Bridged Adapter' and on allowed. I have also noticed that every time that I try and scan the target with nmap, that I dont actually get a list of ports back, it just tells me that all 1000 ports are filtered. I dont know if that is a related issue or not. If anyone asks, I can actually ping the system from outside, but that is the only actual terminal interaction I have had with the device. Please help, this is driving me insane. Thanks.
Posted by Christian Giuffre about a year ago
I have an asset which has been tagged but the "x - remove this tag" option isn't available. Looking at the full tag listing, the association for this particular asset is "Search Criteria", and the checkbox to remove the tag is unavailable. I'm not clear what Search Criteria indicates, or how to modify it to remove the tag.
Posted by Tim Lovegrove about a year ago
We are scanning devices constantly, but recently have put SNMPv3 on the printers that support it. However, nexpose doesn't appear to handle the context that some printers have by default and appears to be uneditable. Is there a roadmap to have that added?
Posted by Joshua Marquis about a year ago
I'm trying to run a phishing campaign on port 80 and getting "Web Port is unavailable" error when I launch. Netstat does not show TCP 80 open except on ipv6, and I'm using ipv4. Ubuntu 16 LTS. What does this "Web Port is unavailable" error mean and how do I fix it?
Posted by Daniel Jensen about a year ago
Our site uses Avaya IP Phones and we have a model that allows us to add another connection (like a mini hub/switch) and thats used for a PC for rooms that dont have enough ports to plug more than 1 network device in (poor construction what can I say!) Its setup like this (hopefully it's more clear the issue) There is ONE connection from the switch goes into the phone, the port on the switch has Vlan ID1 and Vlan ID2 (to keep it simple, ID1 is for voice and ID2 is for data) As computers are always vulnrable we've created a site and ran scans on them and we added the Vlan ID2 IP range so that it would identify those PC's and then scan. The problem I am seeing is, the scan completes and all of the IP's that are on that "data vlan ID2" have VERY LITTLE vulnerabilities and I know thats not the case. Can someone provide some "insight" on why when doing a scan to a computer thats behind an IP why it is seemingly resulting in hardly any vulnerabilities? I really hope that makes sense! Thanks! Patrick
Posted by Patrick Vida about a year ago
Hey all...I was curious to see if anyone has come up with a successful SQL query that will pull CVE and their corresponding KBs? I read through SQL Query Export Example: Vulnerability Coverage. It states, "Wait, actually these are Microsoft advisories, so where are the KBs? I want the KBs!! Try expanding the example above for CVEs to pull out Microsoft KB references yourself. If you have trouble, just ask us for help for check out the other posts in the support forum for guidance." I have done a little bit of research and i'm not having any luck. I'm not the best at writing these, so I thought maybe this forum would be a great place to start. Thanks in advance!
Posted by David Nolen about a year ago
Hi, Looking to run an exploit to take control of the AD , I have the following exploit but obviously need to connect to it first , using this http://www.hackingarticles.in/penetration-testing-windows-server-active-directory-using-metasploit-part-1/ https://www.rapid7.com/db/modules/post/windows/gather/enum_ad_users I assume I need Domain admin to get this. What do I need to start this exploit ? Thanks
Posted by paul smith about a year ago
Attempting to run a query. Select report on selected assets. Attempt to make a selection of IP Addresses. Regardless of the criterion used, the query returned all the IP Addresses - apparently ignoring the report on selected assets criterion. The objective was to report on IP Addresses xxx.yyy.zzz.??? When using a WHERE clause in the query "WHERE ip_address like 'xxx.yyy.zzz%', no records were returned.
Posted by Ronald J. Dillon about a year ago
1)I have created a custom tag which would include 20000 assets,is there a way to add all the assets in a go as I can see Nexpose allows only 500 at a time to add to a tag. 2)After creating a tag and then when we tie to the scan,will those assets added to the tag automatically get scanned?
Posted by MJ about a year ago