Hi, i am new to Metasploit, I am using kali 2017.2. I was able to install kali in Vbox and win xp sp1 (64) and xp sp3. my problem is once I want to attack the victim machine, it shows everything, except the open session. 1. I double checked that kali and win xp can communicate each other (using nmap and ping) 2. check open ports in rhost (xp in my case) 3. I am using virtualBox for both kali and xp, putting them in internal network and configure the ips manually, but double check they can communicate as explained in 1. 4. I tried multiple exploits ms067, ms03... also (reverse_tcp, bind_tcp, shell), but no luck I am not really sure what is the problem, tutorials seem so simple, but when I am trying to do so it is kind of impossible to do. Any help!
Posted by Abdu Om 2 years ago
During the initialization using nsc.sh console goes in maintenance mode and when i try logging into the web page (localhost:3780) only this message appears: Critical error during initialization: PreparedStatementCallback; bad SQL grammar [SELECT licmod_id, licmod_name FROM nxadmin.lic_modules]; nested exception is org.postgresql.util.PSQLException: ERROR: relation "nxadmin.lic_modules" does not exist Position: 45 I'm currently running nexpose on Kali linux 64 bit (i've installed it on port 54321 not to create conflicts with PostgreSQL)
Posted by Lorenzo De Luca 2 years ago
When I attempt to scan over a wireless network, the nexpose scan fails with the error at bottom. Things to note: Pings throughout the network are successful, so even tuned the scan template to discover only using ICMP. Nexpose over the wired network flawless (so don't say Nmap isn't installed correctly) Browsers tried: Chrome, Mozilla and IE Observation: It's almost like it just doesn't want to use WiFi. There should almost be a setting in Nexpose where you can define what interface will be used to scan. Error: Failed (jave.io.IOException: The Nmap exit value is not zero: 255 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run (Unknown Source) at com.rapid7.nexpose.scan.Scan.start (Unknown Source) at com.rapid7.nexpose.snca.Scan.run (Unknown Source) at java.lang.Thread.run(Thread.java:745))
Posted by Matthew Crabbe 2 years ago
I can't seem to get Nexpose to uninstall. I've tried via the Control Panel, and by running uninstall.exe -c from the command line. Both result in: The installer detected an incomplete installation of Nexpose at C:\Program Files\rapid7\nexpose. Either a previous installation attempt is still running, or it terminated unexpectedly without being cancelled. See the installation guide for instructions on manually removing installation files, or run the installer again. Finishing uninstallation... I tried ending the nexserv.exe and nexlaunch.exe processes first,and rebooting multiple times and nothing seems to work. Are there any instructions I could use for manually uninstalling it? We need to get the latest version installed and it won't run until the existing version is 'fully' uninstalled!
Posted by Charles Kunkel 2 years ago
I see that RSA is used for encryption in Nexpose, as detailed in this page: https://nexpose.help.rapid7.com/docs/administration-maintenance#section-what-types-of-encryption-does-the-application-use- From that page: To ensure the security of the application, Nexpose uses the following types of encryption algorithm keys in these areas: Identification/authentication: RSA Credential password storage: RSA Connection to the Web interface: RSA and HTTP over SSL Credential encryption: 3DES encrypted with RSA Security Console to Scan Engine communication: TLSv1.2, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for backwards compatibility, and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384. So is my installation of Nexpose vulnerable? I would be most concerned about the communication between console and engine.
Posted by Alan Rivaldo 2 years ago
We are running Nexpose Rapid 7 with end point agents deployed on all assets. All of the assets in my environment are listed as having this vulnerability in the security console. I have checked the version of the endpoint agent on several machines and all are Version: 1.4.69. There are 3 logs within the Rapid7 folder: upgrade, upgrade_error, upgrade_manifest, all dated 10/11/2017. Can someone help me troubleshoot why the assets are showing up with this vulnerability when all seem to have the correct agent version installed. Thank you.
Posted by Kristi Brady 2 years ago
I have already get a Meterpreter session, and run command 'sysinfo' on my target, it looks like this : meterpreter > sysinfo Computer : WIN-AL678DJCQIH OS : Windows 2012 R2 (Build 9600). Architecture : x64 System Language : zh_CN Domain : ***** Logged On Users : 16 Meterpreter : x86/windows >>> but when i run other commands , nothing echo back I wonder maybe the payload will run successful in 32 , but it can't run x64 Architecture . Am i right ?
Posted by Johnson Smith 2 years ago
I am attempting to automate installation of Nexpose consoles. For engines, I can run the installer like so: ``` ./Rapid7Setup-Linux64.bin \ -q \ '-VconsoleAddress=SOMEADDRESS' \ '-VcommunicationDirectionChoice$Integer=1' \ '-Vfirstname=MY' \ '-Vlastname=NAME' \ '-Vcompany=MYCOMPANY' \ '-Vsys.component.typical$Boolean=false' \ '-Vsys.component.engine$Boolean=true' \ '-VinitService$Boolean=true' \ '-Dinstall4j.suppressUnattendedReboot=true' ``` I would think I can do something similar for the console, replacing component.typical with true, and leaving out the engine line, but I consistently get: ```` Unpacking JRE ... Starting Installer ... GLib-GIO-Message: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications. The installation directory has been set to /opt/rapid7/nexpose. Rolling back changes... ```` I am sure I am missing some flags, but I have not been able to find documentation on what they would be.
Posted by Noah Birnel 2 years ago
Hi, Does anyone experience a similar problem after migrating to the new AWS Asset Sync discovery connection: The connection is in state Connected, instances are imported into a site, however when choosing to scan a scan the following message is returned: "Scan action failed: The requested scan cannot run at this time. Targets are currently being verified for scanning. Scanning will start if the targets can get verified." I am confused because there is no mentioning of target verification in Nexpose user documentation. Any ideas on how to proceed are appreciated.
Posted by elenako 2 years ago
Is the nexpose(insightVM) possible to scan for CVE-2017-13077,CVE-2017-13078,CVE-2017-13079,CVE-2017-13080,CVE-2017-13081,CVE-2017-13082,CVE-2017-13084,CVE-2017-13086,CVE-2017-13087,CVE-2017-13088? https://www.krackattacks.com/
Posted by Yu Iwama 2 years ago