When attempting to deploy the Honeypot OVF in vSphere 6.5, I'm getting the following error; "The provided manifest file is invalid: Invalid OVF manifest entry" as I'm attempting to select a host/cluster and move forward with the install... Any thoughts?
Posted by Ken Kurz about a year ago
Do I have the ability to manually add trusted IP addresses to our instance of Rapid 7 to reduce the number of false alerts that we receive? We have employees working on client sites and once we have established a set of IP addresses are trusted we'd like to add them so that no more are flagged. Currently it seems to flag them for each member of staff that visits the same site. One of the reasons they are flagged is because the IP Address in the UK is a US IP address - ISP is routing traffic through US and therefore 'Multiple Countries' is being flagged
Posted by Colin Morris about a year ago
I'm trying to run what I thought would be a fairly simple report. I just need basic top 10 highest risk info, but I also need to add a couple of columns with constant string values. The query validates as correct, but failed to preview or run. Is this type of thing not supported by Nexpose reporting, or am I missing something? This is my first experience with Postgresql, but I feel like I've thoroughly googled and read the Nexpose docs and found nothing. Any ideas? Thanks Here's the query. PARENT_ID and TYPE are the columns in question: select da.host_name as SUMMARY, 'IP - ' || da.ip_address || ' MAC - ' || dam.mac_address || ' Risk Score - ' || CAST(fa.riskscore as text) as DESCRIPTION, 'DGP-161' as PARENT_ID, 'Sub-task' as TYPE from fact_asset fa JOIN dim_asset da USING (asset_id) JOIN dim_asset_mac_address dam USING (asset_id) order by fa.riskscore desc limit 10
Posted by Mike Conroy about a year ago
In order for Rapid7 to the data from Salesforce it needs to function, what minimum permissions and privileges are required (i.e. read on which objects, fields, etc.)? Due to security compliance concerns, I'm hesitant to provide "View All" privileges if it's not required.
Posted by Nick Dempsey about a year ago
Hi I have to reinstall my Vitual Machine. When I try to use my key to activate it, I received an error "Activation failed: Cannot activate at this time" I chech my Internet connection and browser and everithing is fine. I do not if the key is tied to virtual machine before. I apprecite your help Sandra
Posted by Sandra Suarez about a year ago
Hello I have a situation where I have exploited a buffer overflow and have gained a meterpreter connection to the victim. Now I am trying to escalate privileges, I am using the bypass uac exploit but it gets caught by the antivirus, my question is can I encode the bypass uac exploit to send through the meterpreter session?
Posted by Jon Pel about a year ago
Nexpose tells me that many servers have PHP vulnerabilities related to an out-of-date version of PHP. According to our sysadmins, PHP is being updated by RedHat packages and not individually. Is there a way to tell Nexpose to check the OS version instead of PHP version alone? Thanks! Joe
Posted by Joe Toug about a year ago
I've been using the Community edition for two years now, and Just starting last week, all of the scans against regular workstations show risk = 0, servers still show Risk values greater than 3-400 hundred like before, and the total number of Vulnerabilities has dropped to 10. As much as I'd love to believe a Windows Update or similar has suddenly eliminated all my vulnerabilities, I highly doubt it. What happened? This problem does coincide with a reinstall per support instructions because of a Java error. Is this related too?
Posted by Dan Guzman about a year ago
We are seeing an increase in false positives due to backporting of patches on Redhat when conducting a DMZ scan. How is nexpose handling these potenital false positives and backporting? The scanner log shows it is detecting Red Hat "[http_header.server] Matching against banner: Apache/2.4.6 (Red Hat Enterprise Linux)" but has no mention of the possible backport of patches. The fingerprint of the OS comes out like this: Linux General Linux HTTPS 0.75 Linux General Linux HTTP 0.75 Linux Linux General Linux 2.6.32 IP stack analysis 0.64 Linux Linux General Linux 3.12 IP stack analysis 0.63 Linux Linux General Linux 2.6.39 IP stack analysis 0.62 Linux Linux General Linux 2.6.9 IP stack analysis 0.6 Linux Linux General Linux 2.6.35 IP stack analysis 0.6 Linux Linux General Linux 2.6.18 IP stack analysis 0.6 Does anyone have experience with this? I can confirm through a third party audit from a different vendor the same host was detected as a possible backport of patches and therfore, potinal false positives were excluded with a more correct fingerprint of "Linux Kernel 3.10 on Red Hat Enterprise Linux 7"
Posted by Bob about a year ago
I am new to metasploit pro. I am wondering about the exploit button. When you go into a project and click exploit what exploits does it run? I keep seeing this error ( Exploit failed: A payload has not been selected.) I dont see any options to choose payloads. Also with the listeners. I create them and I specify the port. When I kick off an exploit and I specify the port range it says (A callback port has not been selected) I created 4 listeners with ports from 11500 - 11504. So I specify that range in the exploit kick off. Is there any good video tutorials for beginners? I found a couple on yourtube but they were worthless.
Posted by Scott Oliver about a year ago
Our whole nexpose solution is in scope for pcidss and we have been scanning the scanners from the local engine , we have now also started to scan for cis compliance on the scan engines as part of the evidence for the audits ..my question is in two parts .. 1) is it good practice to actualy scan the engines themselves when idle using the local console and credentials , the reason i ask is that we see no vulns on the scanners but we see open ports namely those required for normal operation 40814 and 22 id assumed this to be ok but we have just had a pen test done and it as showed up a lot of issues regarding tls and cyphers that nexpose didn't ....we are using full audit template. 2) policy scans do not seem to show any policy information for the scanners related to cis even though its confirmed correct configuration as we do policy checks for other systems and see the relevant information so I'm now wondering if indeed its good practice to scan the scanners from within nexpose itself as the information seems unreliable
Posted by dean mulley about a year ago
I try to connect Rapid7 Nexpose as a vulnability asset for my McAfeeESM, but get "A connection to the server with the supplied parameters could not be made. Please check your network settings. VAER1 HTTP ERROR: 302" error. I have no firewall between ESM and NexposeConsole. Im absolutly sure that my settings are correct for ESM,
Posted by Sectoit about a year ago
Good Morning All Currently, our security team uses Nexpose and they initiate the scans from their server which can take a very long time. Is there a client-side component that I can deploy using SCCM for example that can kick off the scan and send the results to the server? Thank you
Posted by Efren Martinez about a year ago
Maybe I'm not understanding the persistence module correctly, but I don't have a problem exploiting the server, and setting persistence. I use the option "set STARTUP SYSTEM", but the compromised server will only launch a connection back upon login and promptly shuts down after I log off. I'm trying to create persistence whether or not a user is logged in. Is there a way to do this? Thanks
Posted by Al Baker about a year ago
msf5 exploit(unix/ftp/vsftpd_234_backdoor) > show options Module options (exploit/unix/ftp/vsftpd_234_backdoor): Name Current Setting Required Description ---- --------------- -------- ----------- RHOST [REDACTED] yes The target address RPORT 21 yes The target port (TCP) Payload options (cmd/unix/interact): Name Current Setting Required Description ---- --------------- -------- ----------- Exploit target: Id Name -- ---- 0 Automatic msf5 exploit(unix/ftp/vsftpd_234_backdoor) > exploit [*] [REDACTED]:21 - Banner: 220 (vsFTPd 2.3.4) [*] [REDACTED]:21 - USER: 331 Please specify the password. [*] Exploit completed, but no session was created. Whenever I try to exploit something on my Debian VPS, it never seems to open up a session. I've tried different exploits like eternalblue, and after around 20 different exploit attempts, no session opened up. The example above is just on of the few exploits that doesn't work. I am hosting metasploit from the internet so it isn't on LAN where you would use private IP's like 192.168.0.1. I think the issue is dealing with my firewall or something of that nature since the exploit can succeed, but no session opens. Any suggestions on what to do?
Posted by Chris Rose about a year ago