So I installed Metasploit and went activating it and got this error message: Activation Failed: The connection was refused by the remote host (127.0.0.1:50505). How do I fix this?
Posted by Andrew de Jong about a year ago
Hi How can I find the port number where a vulnerability exists? Specifically if two instances of tomcat are running on different ports how that be reported to me? How can I identify vulnerability belongs to which? thanks.
Posted by NJ about a year ago
ok, so i have a car that has android installed on the screen. you know, you can download apps and stuff on it. normal android just designed like tablet. so i thought to myself:" i know how to hack android (kali linux APK trojan), what will happend if i hacked the car?" by "what will happend" i mean what can i do? remotely drive it or just regular things like sysinfo. thanks for help!
Posted by ori shamir about a year ago
Host: Ubuntu 16.04 Virtualbox 5.2.2 Having installed the VM on virtualbox it seems fine. The next time though upon starting up, the "Starting up... Loading, please wait..." Shows up for about 3 minutes. After that, this shows "Check root= bootarg cat /proc/cmdline or missing modules, devices: cat /proc/modules ls /dev Reading all physical volumes. This map take a while... ALERT! /dev/mapper/metasploitable-root does not exist. Dropping to a shell!" Its seems weird because it works fine the first time it is installed, but after that, the metasploitable-root file is missing and I have no idea why or how to fix it.
Posted by Martin Isaksson about a year ago
We have an external webpage on AWS for a landing page that also contains a training module. If I copied the source code of the external landing to the Metasploit landing page would that work? There is a link on the landing page to a training module that is also hosted on AWS. Thanks, Mike
Posted by Mike Sotace about a year ago
I am evaluating the trial version of your product and I would like to know how the risk score is being calculated in Rapid7. I read about the temporal and weighted model of risk score calculation but I was unable to understand the weighted model. On what basis is the weighted risk score calculated?
Posted by Priyanka Sunil Nair about a year ago
I am receiving inaccurate results from Nexpose. According to IBM BigFix this patch is for ms16-144 which also covers MS16-146, MS16-147, MS16-149, MS16-151 and MS16-153. This patch has 11 different kb numbers. KB3203621, KB3205383, KB3205386, KB3205394, KB3205400, KB3205401, KB3205408, KB3205409, KB3206632, KB3207752 and KB3208481. So with any of those kb numbers installed this would cover MS16-146, MS16-147, MS16-149, MS16-151 and MS16-153. I need to know why your program is not checking for all the kb numbers?
Posted by Steven O'Shea about a year ago
I have a Debian system that I just did an 'apt upgrade' for where a subsequent scan shows several patch-related vulnerabilities still outstanding. One in particular is "Debian: CVE-2017-3735: openssl -- security update" where Nexpose says "Vulnerable software installed: Debian openssl 1.0.1t-1+deb8u6". According to dpkg on the server, openssl is at version 1.1.0f-3+deb9u1, which according to Debian (https://security-tracker.debian.org/tracker/DSA-4018-1) is the corrected version for Stretch. I noticed that in the list of installed applications for the server, it shows "openssl 1.0.1t-1+deb8u6 cpe:/a:openssl:openssl:1.0.1". Why is Nexpose still detecting this older version that doesn't appear to be installed anymore?
Posted by Mike Danicich about a year ago
Palo alto pushed an event saying that there is an attempt to exploit a vulnerability "5241 - CVE-2004-0197 - MS04-014 - Microsoft - Windows - Code Execution Issue" based on the traffic pattern. However when I check in nexpose, there is no match found with the CVE but I have found other 2 vulnerabilities with same description(here below). CVE-2004-0197 - MS04-014 is applicable to legacy windows servers and my machine is windows 2008 r2 windows server. 1.Microsoft CVE-2017-8718: Microsoft JET Database Engine Remote Code Execution Vulnerability 2.Microsoft CVE-2017-8717: Microsoft JET Database Engine Remote Code Execution Vulnerability What should I do? Does both 2004 and 2017 CVE mean the same?
Posted by Raghu about a year ago