Hello, I install Metasploit on Ubuntu 18.04 (everything is updated) and when I trying to do msfdb init command I'm getting this error: root@xyzxyzxyz:/opt/metasploit-framework# sudo msfdb init Traceback (most recent call last): 2: from /usr/local/bin/msfdb:10:in `<main>' 1: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require' /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require': cannot load such file -- rex/text (LoadError) You've got some helpfull advices?!
Posted by Tomasz Osowski 5 months ago
When I use multi handler I am getting different result from others.When I type the following in the command line 'msf > use exploit/multi/handler' the result is 'msf exploit(multi/handler) >' while I see everyone else is getting 'msf exploit(handler) >' I dont know whether it is an error or not.And following this I cant listen to a port for incoming connections .Help needed
Posted by Tot Jr 5 months ago
Running InsightVM. It appears that for every Windows machine it hits, it enumerates some accounts on AD. This triggers an alert in Microsoft ATA for every test machine. The question is, does anyone know what test this is, and a good way to either fix it or suppress the error?
Posted by WIlliam Stuart 5 months ago
I am unable to install the Insight agent on a Windows 2012 R2 server - the agent installs but the service fails to start so the install never completes. Seems a bit basic that the agent won't even install - the only thing I can see is the following error in the log for the ir_agent: Python could not construct the class instance Traceback (most recent call last): File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\persistence\winsvc.py", line 26, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\agent.py", line 234, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\agent.py", line 95, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\windows\mixins.py", line 144, in _agent_shutdown File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\base\mixins.py", line 135, in _agent_shutdown SystemExit: 1 %2: %3 And the following in the agent.log in the Agent directory: 2018-10-31 22:55:23,540 [INFO] [agent.agent]: Registered as singleton. PID: Unavailable 2018-10-31 22:55:23,540 [INFO] [agent.platforms.windows.mixins]: Unable to obtain uuid using method FIRMWARE_API - AgentID '00000000-0000-0000-0000-000000000000' is invalid 2018-10-31 22:55:23,571 [INFO] [agent.platforms.windows.mixins]: Unable to obtain uuid using method WMI - AgentID '00000000-0000-0000-0000-000000000000' is invalid 2018-10-31 22:55:23,571 [ERROR] [agent.platforms.windows.mixins]: Unable to obtain uuid from any known methods - attempt random generation ONLY if config allows 2018-10-31 22:55:23,571 [ERROR] [agent.agent]: Exception occurred while retrieving/caching agent id: Agent config is prevents random agentid Traceback (most recent call last): File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\agent.py", line 84, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\common.py", line 333, in __get__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\windows\mixins.py", line 135, in plat_hostId File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\base\mixins.py", line 72, in _agentid_random agent.exceptions.InvalidAgentidException: Agent config is prevents random agentid Any ideas? thanks Barry
Posted by Barry Smith 5 months ago
We are running monthly reports that includes Vulnerability/Proof/Solution information for the 10 highest risk machines per site. There are different ways to output the vulnerability info via the built-in templates or SQL query, but I have no idea how to select 10 machines with the highest risk per site automatically. The idea is to have many sites in the scope. The vulnerability solution can be a rollup. I am looking for the fields below: IP Address Hostname Risk Score Vulnerability Title Vulnerability Description CVEs (maybe in a comma delimited list) CVSS score Patch required If it won't make it too complicated, Certainty and Owners fields would be great as well.
Posted by prashanth sedhumadhavan 5 months ago
Hi, I just installed Metasploit Framework on Windows 10. It installed correctly, but I have a problem. I am trying to connect to the database in msfconsole. After running db_status, it says there's a database but it's not connected. I tried "msfdb init" and "msfdb.bat init" but it gives the error: Starting database at C:/Users/MikeH/.msf4/db...failed C:/metasploit-framework/bin/../embedded/framework/msfdb:68:in `readlines': No such file or directory @ rb_sysopen - C:/Users/MikeH/.msf4/db/log (Errno::ENOENT) from C:/metasploit-framework/bin/../embedded/framework/msfdb:68:in `tail' from C:/metasploit-framework/bin/../embedded/framework/msfdb:119:in `start_db' from C:/metasploit-framework/bin/../embedded/framework/msfdb:195:in `init_db' from C:/metasploit-framework/bin/../embedded/framework/msfdb:316:in `<main>' Also, "systemctl start PostgreSQL" doesn't work either. So how do I fix this so I can start using framework? On Windows. Please reply. Thanks
Posted by Mike Held 5 months ago
I used to be able to pull status of engines via the Ruby API bindings Connection.list_engines. With API v3, I see no way to pull engine status from the API. The best I can get is lastRefreshDate. Am I missing something, or is this truly gone? Forcing a refresh and checking for error would be an OK work-around - but I don't see that either.
Posted by Noah Birnel 6 months ago
Hi all, I am using Nexpose and having a difficulty with managing vulnerabilities which actually share the same solution. For example, 15 PHP CVE-xxx vulnerabilities exist and all of them needs to be resolved by updating the PHP version. This situation leads to a massive increase in vulnerability numbers in reports, and assigned people have difficult times since they need to go on the same type of vulnerability several times. Actually I am looking for an option like the one in Nessus which is "Hide results from plugins initiated as a dependency". Does anyone have any recommendation for us to make things easier about this situation? Top remediation report helps this a little bit, however, the console still lists all vulnerabilities. Regards
Posted by Onur A 6 months ago
Can I review criticality value of vulnerability? For example, I have vulnerability in python, It's cvss score is 9 - high. I've made an analysis and made a conclusion, that the risk of vulnerability exploitation is low for us and want to reset criticality of this vulnerability to low. How can I do it in Nexpose?
Posted by Maxim Korovenkov 6 months ago
Hello I know there are a few policy checks to test whether accounts like the local admin/guest accounts are disabled but is there a way to check if any other accounts are listed disabled within Nexpose? It looks like a list of accounts and groups are enumerated once an asset is scanned but I don't see any way to check their status.
Posted by Robert DeBellis 6 months ago
Looking through Nexpose for libssh server banners I haven't seen the banners being fingerprinted. I've done initial triage with SQL reports Via SSH banners but I was curious if anyone else has already written a solid libssh fingerprint that I can borrow to write a basic vulnerability check? https://www.libssh.org/security/advisories/CVE-2018-10933.txt https://arstechnica.com/information-technology/2018/10/bug-in-libssh-makes-it-amazingly-easy-for-hackers-to-gain-root-access/ My Initial libssh banner report: ``` WITH asset_ips AS ( SELECT asset_id, ip_address, type FROM dim_asset_ip_address dips ), asset_addresses AS ( SELECT da.asset_id, (SELECT array_to_string(array_agg(ip_address), ',') FROM asset_ips WHERE asset_id = da.asset_id AND type = 'IPv4') AS ipv4s, (SELECT array_to_string(array_agg(ip_address), ',') FROM asset_ips WHERE asset_id = da.asset_id AND type = 'IPv6') AS ipv6s, (SELECT array_to_string(array_agg(mac_address), ',') FROM dim_asset_mac_address WHERE asset_id = da.asset_id) AS macs FROM dim_asset da JOIN asset_ips USING (asset_id) ), asset_names AS ( SELECT asset_id, array_to_string(array_agg(host_name), ',') AS names FROM dim_asset_host_name GROUP BY asset_id ), banners AS ( SELECT da.asset_id AS asset_id, dasc.port AS port, ds.name AS ds_name, ' [' || dasc.name::text || ': ' || array_to_string(array_agg(dasc.value),', ')::text || ']' AS banner_info FROM dim_asset da JOIN dim_asset_service_configuration dasc USING (asset_id) JOIN dim_service ds USING (service_id) GROUP BY da.asset_id, da.ip_address, dasc.port, ds.name, dasc.name ) SELECT da.ip_address AS "Asset IP Address", an.names AS "Asset Names", csv(ds.name) AS "Sites", banners.port, banners.ds_name, csv(banners.banner_info) AS "Banner Info" FROM dim_asset da LEFT OUTER JOIN asset_addresses aa USING (asset_id) LEFT OUTER JOIN asset_names an USING (asset_id) JOIN banners using (asset_id) JOIN dim_site_asset using (asset_id) JOIN dim_site ds USING (site_id) WHERE banners.banner_info ilike '%libssh%' GROUP BY da.ip_address, da.ip_address, ds.name, banners.port, banners.ds_name, an.names, ds.name ORDER BY da.ip_address, banners.port ```
Posted by BrianWGray 6 months ago
I'm seeing some vulnerabilities show up and I am unable to determine where the conclusion is coming from . The proof simply states that the software is installed but I do not see it. Where can I see the details of the check InsightVM is for, for example, flash_player-cve-2018-15967-adobe-flash-apsb18-31-windows-30-0-0-154. There must be a file or registry key it is seeing to think this is an issue.
Posted by Charles Burch 6 months ago
Currently have a ticket open with support, but I am curious if anyone else that is utilizing the agents, are getting the issue with the agent not sending the beacon? This is not an issue on all of our assets, but a full reinstall of the agent did not fix the issue. The correct addresses are whitelisted and are able to telnet using port 443 to verify they can establish a connection. The agents were working for a good period of time, then we have around 10% of our assets that have agents have stopped scanning. 2018-09-21 13:46:20,478 [WARNING] [agent.agent_beacon]: Failed to send beacon: No server available 2018-09-21 13:46:20,478 [WARNING] [agent.agent_beacon]: Beacon did not run successfully! I tried searching the KB and noticed another user had a similar issue but did not see any replies. I was curious if anyone else was experiencing this at all?
Posted by Andrew Vaughan 6 months ago
Posted by asad tanwir 6 months ago