We've setup LDAP authentication which works successfully for a limited period of time. After some amount of time logins begin to fail with: 2018-08-06T16:28:41 [INFO] [Thread: http-nio-3780-exec-7=/data/user/login] [Principal: Username] [Cause: Credentials are not valid.] Authentication attempt failed. I know LDAP auth is working with the same setup on another application, so this issue seems to be isolated to NeXpose. I also see successful username lookups on the Domain Controller. Has anyone else seen this?
Posted by Ian Wolff 4 months ago
So every time I try and do something in metasploit, when I type in 'exploit' or 'run', the msfconsole runs for a litte bit, and then it will spit 'Rex::TimeoutError Operation timed out' right back at me. I am a beginner so I know it must be something that I have done wrong. The target system is a WinXP and the attacker is a Kali Linux, both of which are running in VM on Win10. They both have their network settings to 'Bridged Adapter' and on allowed. I have also noticed that every time that I try and scan the target with nmap, that I dont actually get a list of ports back, it just tells me that all 1000 ports are filtered. I dont know if that is a related issue or not. If anyone asks, I can actually ping the system from outside, but that is the only actual terminal interaction I have had with the device. Please help, this is driving me insane. Thanks.
Posted by Christian Giuffre 4 months ago
I have an asset which has been tagged but the "x - remove this tag" option isn't available. Looking at the full tag listing, the association for this particular asset is "Search Criteria", and the checkbox to remove the tag is unavailable. I'm not clear what Search Criteria indicates, or how to modify it to remove the tag.
Posted by Tim Lovegrove 4 months ago
We are scanning devices constantly, but recently have put SNMPv3 on the printers that support it. However, nexpose doesn't appear to handle the context that some printers have by default and appears to be uneditable. Is there a roadmap to have that added?
Posted by Joshua Marquis 4 months ago
I'm trying to run a phishing campaign on port 80 and getting "Web Port is unavailable" error when I launch. Netstat does not show TCP 80 open except on ipv6, and I'm using ipv4. Ubuntu 16 LTS. What does this "Web Port is unavailable" error mean and how do I fix it?
Posted by Daniel Jensen 4 months ago
Our site uses Avaya IP Phones and we have a model that allows us to add another connection (like a mini hub/switch) and thats used for a PC for rooms that dont have enough ports to plug more than 1 network device in (poor construction what can I say!) Its setup like this (hopefully it's more clear the issue) There is ONE connection from the switch goes into the phone, the port on the switch has Vlan ID1 and Vlan ID2 (to keep it simple, ID1 is for voice and ID2 is for data) As computers are always vulnrable we've created a site and ran scans on them and we added the Vlan ID2 IP range so that it would identify those PC's and then scan. The problem I am seeing is, the scan completes and all of the IP's that are on that "data vlan ID2" have VERY LITTLE vulnerabilities and I know thats not the case. Can someone provide some "insight" on why when doing a scan to a computer thats behind an IP why it is seemingly resulting in hardly any vulnerabilities? I really hope that makes sense! Thanks! Patrick
Posted by Patrick Vida 4 months ago
Hey all...I was curious to see if anyone has come up with a successful SQL query that will pull CVE and their corresponding KBs? I read through SQL Query Export Example: Vulnerability Coverage. It states, "Wait, actually these are Microsoft advisories, so where are the KBs? I want the KBs!! Try expanding the example above for CVEs to pull out Microsoft KB references yourself. If you have trouble, just ask us for help for check out the other posts in the support forum for guidance." I have done a little bit of research and i'm not having any luck. I'm not the best at writing these, so I thought maybe this forum would be a great place to start. Thanks in advance!
Posted by David Nolen 4 months ago
Hi, Looking to run an exploit to take control of the AD , I have the following exploit but obviously need to connect to it first , using this http://www.hackingarticles.in/penetration-testing-windows-server-active-directory-using-metasploit-part-1/ https://www.rapid7.com/db/modules/post/windows/gather/enum_ad_users I assume I need Domain admin to get this. What do I need to start this exploit ? Thanks
Posted by paul smith 4 months ago
Attempting to run a query. Select report on selected assets. Attempt to make a selection of IP Addresses. Regardless of the criterion used, the query returned all the IP Addresses - apparently ignoring the report on selected assets criterion. The objective was to report on IP Addresses xxx.yyy.zzz.??? When using a WHERE clause in the query "WHERE ip_address like 'xxx.yyy.zzz%', no records were returned.
Posted by Ronald J. Dillon 4 months ago
1)I have created a custom tag which would include 20000 assets,is there a way to add all the assets in a go as I can see Nexpose allows only 500 at a time to add to a tag. 2)After creating a tag and then when we tie to the scan,will those assets added to the tag automatically get scanned?
Posted by MJ 4 months ago
Since the old community used to actually provide useful assistance and information and this new site is pretty much useless. Can anyone tell me where I can find information, examples, etc on Nexpose SQL Queries? Most of the searches for SQL Queries on this site say we don't provide any assistance with that (the old community used to). The Help KB has very few examples and no way to ask for assistance. Someone has to know where to get assistance or at the very least a cache of sql queries that I might be able to tweak to suit my needs.
Posted by Kevin Schramm 4 months ago
I am deploying a scan engine on Azure. I have followed the instructions here: https://kb.help.rapid7.com/docs/deploying-a-nexpose-scan-engine-in-microsoft-azure After the infrastructure is setup, following step 9, there is the instruction to: "Log in to the Nexpose console via the web browser" As a windows server person new to Linux, how exactly does one know what port to use? If I open an inbound rule to 80 and try to connect, it just refuses the connection like nothing is there. TIA!
Posted by James 4 months ago