I am new to metasploit pro. I am wondering about the exploit button. When you go into a project and click exploit what exploits does it run? I keep seeing this error ( Exploit failed: A payload has not been selected.) I dont see any options to choose payloads. Also with the listeners. I create them and I specify the port. When I kick off an exploit and I specify the port range it says (A callback port has not been selected) I created 4 listeners with ports from 11500 - 11504. So I specify that range in the exploit kick off. Is there any good video tutorials for beginners? I found a couple on yourtube but they were worthless.
Posted by Scott Oliver about a year ago
Our whole nexpose solution is in scope for pcidss and we have been scanning the scanners from the local engine , we have now also started to scan for cis compliance on the scan engines as part of the evidence for the audits ..my question is in two parts .. 1) is it good practice to actualy scan the engines themselves when idle using the local console and credentials , the reason i ask is that we see no vulns on the scanners but we see open ports namely those required for normal operation 40814 and 22 id assumed this to be ok but we have just had a pen test done and it as showed up a lot of issues regarding tls and cyphers that nexpose didn't ....we are using full audit template. 2) policy scans do not seem to show any policy information for the scanners related to cis even though its confirmed correct configuration as we do policy checks for other systems and see the relevant information so I'm now wondering if indeed its good practice to scan the scanners from within nexpose itself as the information seems unreliable
Posted by dean mulley about a year ago
I try to connect Rapid7 Nexpose as a vulnability asset for my McAfeeESM, but get "A connection to the server with the supplied parameters could not be made. Please check your network settings. VAER1 HTTP ERROR: 302" error. I have no firewall between ESM and NexposeConsole. Im absolutly sure that my settings are correct for ESM,
Posted by Sectoit about a year ago
Good Morning All Currently, our security team uses Nexpose and they initiate the scans from their server which can take a very long time. Is there a client-side component that I can deploy using SCCM for example that can kick off the scan and send the results to the server? Thank you
Posted by Efren Martinez about a year ago
Maybe I'm not understanding the persistence module correctly, but I don't have a problem exploiting the server, and setting persistence. I use the option "set STARTUP SYSTEM", but the compromised server will only launch a connection back upon login and promptly shuts down after I log off. I'm trying to create persistence whether or not a user is logged in. Is there a way to do this? Thanks
Posted by Al Baker about a year ago
msf5 exploit(unix/ftp/vsftpd_234_backdoor) > show options Module options (exploit/unix/ftp/vsftpd_234_backdoor): Name Current Setting Required Description ---- --------------- -------- ----------- RHOST [REDACTED] yes The target address RPORT 21 yes The target port (TCP) Payload options (cmd/unix/interact): Name Current Setting Required Description ---- --------------- -------- ----------- Exploit target: Id Name -- ---- 0 Automatic msf5 exploit(unix/ftp/vsftpd_234_backdoor) > exploit [*] [REDACTED]:21 - Banner: 220 (vsFTPd 2.3.4) [*] [REDACTED]:21 - USER: 331 Please specify the password. [*] Exploit completed, but no session was created. Whenever I try to exploit something on my Debian VPS, it never seems to open up a session. I've tried different exploits like eternalblue, and after around 20 different exploit attempts, no session opened up. The example above is just on of the few exploits that doesn't work. I am hosting metasploit from the internet so it isn't on LAN where you would use private IP's like 192.168.0.1. I think the issue is dealing with my firewall or something of that nature since the exploit can succeed, but no session opens. Any suggestions on what to do?
Posted by Chris Rose about a year ago
Can you please tell me the best practice to scan assets according to the environment to which they correspond (testing, production, development)? About our scenario: There are dedicated network segments for specific environments, there is also a mixed network segment that today represents a problem when scanning. The final solution is to completely separate each environment but this task will take a lot of time and we need to start using the insightVM tool to report the status now. Thank you
Posted by Diego Sosa about a year ago
How can I get the PostGreSQL query below to only consider the most recent scan and to only run for a specific policy? select da.ip_address, da.host_name, dos.name as OS, dos.version as OS_Version, dp.title as Policy_Title, dpr.title as Rule_Name, dpr.description as Rule_Description, dprs.description as Complaince_Status from fact_asset_policy_rule as fpr join dim_asset as da on fpr.asset_id = da.asset_id join dim_operating_system as dos using (operating_system_id) join dim_policy as dp on fpr.policy_id = dp.policy_id join dim_policy_rule as dpr on fpr.rule_id = dpr.rule_id join dim_policy_result_status as dprs on fpr.status_id = dprs.status_id
Posted by Nelson R. Linares about a year ago
I have several servers that are reported as missing a specific update, KB3018238. I have verified the documentation from Microsoft that this update was rolled into a more recent patch of KB2992611. I attempted to install the update, KB3018238, via powershell by expanding the update and using dism to install it manually. This vulnerability still shows in the scan engine after installing the update. Anyone run into this issue before?
Posted by Evan Prohaska about a year ago
In Nexpose/InsightVM I’ve created about 20 sites, each site with its own list of many IP addresses. IT has given me a list of 800 IP addresses I should not scan. I could go into each site and manually exclude the list of IP addresses IT gave me. But is there a way for me to do this against ALL sites simultaneously to save me time? Thank you!
Posted by Kevin Cawlfield about a year ago
Hi, I am trying to setup Metasploit Framework on the Kali App for WSL. I got Kali from the Windows App Store and I'm trying to install MSF. I got it installed and now I'm trying to setup postgres. My problem is, after entering "apt-get install postgresql", I enter "su postgres" but my password doesn't work. I've always had problems with su and my password, but sudo works fine. So how do I use my password for "su postgres"? Then I can continue with my installation of my Database and User. Please reply. Thanks in advance.
Posted by Mike Held about a year ago
Customers are scanning AWS assets by uploading MS excel documents to websites developed using API. The MS excel document lists access keys and access signature keys for accessing AWS assets. When performing diagnostics through the above API, there were several issues. 1. No diagnostics are performed on the assets uploaded through the API. However, not all assets are failed with the diagnostics. - When performing a scan on a site created like this, an error message should be output stating that the scan can not be performed because no assets are registered. 2. The scan was performed normally when the IP of the asset was queried and scanned the site directly. Judging from the above, the process of importing assets from the Nexpose through the Access Key does not seem to be working as expected to bring them back. Please let me know if there is a way to solve this problem or any further information required.
Posted by yryim about a year ago
Hi Everyone! I'm looking for any assistance with this. So basically I like this report below, but I'd like it to be based on certain vulnerabilities. So for instance only Microsoft category and not including .NET and SQL patches. Any help would be really appreciated. https://kb.help.rapid7.com/docs/sql-query-export-example-asset-ip-summary SELECT da.asset_id AS "Asset ID", da.ip_address AS "IP Address", da.host_name AS "Host Name", dos.description AS "Operating System",fa.critical_vulnerabilities AS "Critical Vulnerabilities", fa.severe_vulnerabilities AS "Severe Vulnerabilities", fa.moderate_vulnerabilities AS "Moderate Vulnerabilities", fa.vulnerabilities AS "Total Vulnerabilities",fa.malware_kits AS "Malware Kits", fa.exploits AS "Exploits", to_char(round(fa.riskscore::numeric,0),'999G999G999') AS "Risk Score" FROM dim_asset da JOIN fact_asset fa USING (asset_id) JOIN dim_operating_system dos USING (operating_system_id) ORDER BY da.host_name
Posted by Louis Sanchez about a year ago