Our appliance that hosts the Rapid7 Console is running out of space. Unfortunately the drive that has it installed is unable to allocate more space as the disk has reached its maximum. Is there anyway to do a platform backup and have it save to a different location/device? It looks like when it does this backup, it will save it to the current location. The problem with this is that there will not be enough space to do so. We have also done all of the cleanups/maintenance to free up any space.
Posted by Andrew Vaughan 9 months ago
Is it possible to use insight VM to scan an RDS instance. I have manually added the endpoint as an asset and am trying to scan using an AWS pre-authorised scanner. However I receive the following error 'Unable to submit targets for verification'.
Posted by Peter Blake 9 months ago
/opt/metasploit-framework/embedded/framework/modules/payloads/singles/bsd/vax/shell_reverse_tcp.rb:24:in `initialize': uninitialized constant Msf::Handler::ReverseTcp (NameError) from /opt/metasploit-framework/embedded/framework/lib/msf/core/payload_set.rb:198:in `new' from /opt/metasploit-framework/embedded/framework/lib/msf/core/payload_set.rb:198:in `add_module' from /opt/metasploit-framework/embedded/framework/lib/msf/core/module_manager/loading.rb:73:in `on_module_load' from /opt/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/base.rb:183:in `load_module' from /opt/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/base.rb:238:in `block in load_modules' from /opt/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/directory.rb:49:in `block (2 levels) in each_module_reference_name' from /opt/metasploit-framework/embedded/lib/ruby/gems/2.4.0/gems/rex-core-0.1.13/lib/rex/file.rb:133:in `block in find' from /opt/metasploit-framework/embedded/lib/ruby/gems/2.4.0/gems/rex-core-0.1.13/lib/rex/file.rb:132:in `catch' from /opt/metasploit-framework/embedded/lib/ruby/gems/2.4.0/gems/rex-core-0.1.13/lib/rex/file.rb:132:in `find' from /opt/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/directory.rb:40:in `block in each_module_reference_name' from /opt/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/directory.rb:30:in `foreach' from /opt/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/directory.rb:30:in `each_module_reference_name' from /opt/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/base.rb:237:in `load_modules' from /opt/metasploit-framework/embedded/framework/lib/msf/core/module_manager/loading.rb:119:in `block in load_modules' from /opt/metasploit-framework/embedded/framework/lib/msf/core/module_manager/loading.rb:117:in `each' from /opt/metasploit-framework/embedded/framework/lib/msf/core/module_manager/loading.rb:117:in `load_modules' from /opt/metasploit-framework/embedded/framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path' from /opt/metasploit-framework/embedded/framework/lib/msf/core/module_manager/module_paths.rb:40:in `each' from /opt/metasploit-framework/embedded/framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path' from /opt/metasploit-framework/embedded/framework/lib/msf/base/simple/framework/module_paths.rb:50:in `block in init_module_paths' from /opt/metasploit-framework/embedded/framework/lib/msf/base/simple/framework/module_paths.rb:49:in `each' from /opt/metasploit-framework/embedded/framework/lib/msf/base/simple/framework/module_paths.rb:49:in `init_module_paths' from /opt/metasploit-framework/embedded/framework/lib/msf/ui/console/driver.rb:199:in `initialize' from /opt/metasploit-framework/embedded/framework/lib/metasploit/framework/command/console.rb:62:in `new' from /opt/metasploit-framework/embedded/framework/lib/metasploit/framework/command/console.rb:62:in `driver' from /opt/metasploit-framework/embedded/framework/lib/metasploit/framework/command/console.rb:48:in `start' from /opt/metasploit-framework/embedded/framework/lib/metasploit/framework/command/base.rb:82:in `start' from /opt/metasploit-framework/bin/../embedded/framework/msfconsole:49:in `<main>'
Posted by vsly 9 months ago
I want to know if it is possible to make a backup of the BD and export it, since the equipment where it is has no more space, what I want to do is import the backup made to a new security console. My question is, is that possible? if so, there is some procedure to do it.
Posted by luis alberto 9 months ago
Does Nexpose capture the Users in the local Administrator group on Windows systems? I know it captures the Groups and Users, but can you see who's in the Admin group on an asset?
Posted by David P 9 months ago
hello, someone help me, when entering the security console and click on Dashboard this error marks me: HTTP ERROR 401 Problem accessing /saml/SSO. Reason: Response issue time is either too old or with date in the future, skew 300, time 2018-10-18T13:29:17.851Z.
Posted by Orlando Sánchez 9 months ago
understanding that Rapid7 doesn't really provide support on the base Ubuntu OS, and recommends you have a Linux admin on staff, is there a list of software that Ubuntu needs, what versions they need to be/should be etc. that can be provided to the Linux admin?
Posted by Matt Wyen 9 months ago
I've got about 9 systems all reporting this vulnerability, all 2012R2 with current IE Cumulative updates installed, most recently the below patch; 2018-10 Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 for x64-based systems (KB4462949) These seem to be false positives. Any help? Vulnerable software installed: Microsoft Internet Explorer 11.0.9600.19155 Vulnerable OS: Microsoft Windows Server 2012 R2 Datacenter Edition Based on the following 3 results: 1.Microsoft patch KB4089187 is not installed. 2.Microsoft patch KB4088876 is not installed. 3. ◦HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion◦UBR - value does not exist
Posted by Mark Payne 9 months ago
What are the login credentials for accessing the console from https://x.x.x.x:3780/? Install Rapid7 VM Console from Azure Marketplace. Created VM with admin a/c username/password. Can access VM via ssh using admin a/c credentials. No credentials were prompted for Rapid7 VM Console access.
Posted by Dilesh Fernando 9 months ago
We are doing a poc with rapid 7. We were using dchp for addressing scheme, we have Network analysis team change the addressing to static ips, currently console is reconfigured with new ip, but the one of the scanners the only scanner is currently not able to talk to console because it cant get the new ip. How do we fix this, do we rerun a script? Will this also affect anything ?
Posted by vanessa villalpando 9 months ago
TL;DR: Does anyone have a working example of a Windows "Default Account" check and the steps necessary to implement it? How do you properly remove old custom/community checks? How do you update custom/community checks that may have been changed? --- I'm trying to create a custom "Default Account" vulnerability check to search for the existence of previously used local administrator passwords in our environment. I've set a server to use this password, and am following the CIFS example here: https://kb.help.rapid7.com/docs/nexpose-common-vulnerability-check-examples The vulnerability is never found though. I'm seeing several issues with the custom vuln I'm trying to write. 1) The "load content" command seems to work, and I see no failures in nsc.log. The custom check appears under the community category, I can search for cmty-* in the InsightVM console, etc. I see no problems with it. However, when I view the scan log, I see no mention of cmty-anything, which seems to indicate the check was never used in the scan. I've intentionally created scan with this check, and only this check, enabled, nothing. I also know that the cift check -should- work. Using "mount.cifts" from a linux workstation, I can clearly generate "permission denied" errors for bad passwords, and see no such failure for good passwords. In other words, it isn't failing due to lack of inbound port access, bad credentials, services not running, etc. The vulnerability does actually exist and I think I could quite easily write a quick bash script to test for it. 2) Previously built checks, which didn't work, still appear in the console. These checks were removed from the "CustomScanner" directory. Each time "load content" is run, I also see "Vulnerability cmty-old-check-that-doesnt-exist found in database, but does not have a vulnerability descriptor file.". Running the database maintenance scripts doesn't seem to help. 3) Checks which I modified the XML for do not get updated. For example, I changed a category from "Default" to "Default Account". However, the categories remains the same. I'm unsure if the actual check (the ".vck" file) is actually being updated or not.
Posted by Mike 9 months ago
Hello, I install Metasploit on Ubuntu 18.04 (everything is updated) and when I trying to do msfdb init command I'm getting this error: root@xyzxyzxyz:/opt/metasploit-framework# sudo msfdb init Traceback (most recent call last): 2: from /usr/local/bin/msfdb:10:in `<main>' 1: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require' /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require': cannot load such file -- rex/text (LoadError) You've got some helpfull advices?!
Posted by Tomasz Osowski 9 months ago
When I use multi handler I am getting different result from others.When I type the following in the command line 'msf > use exploit/multi/handler' the result is 'msf exploit(multi/handler) >' while I see everyone else is getting 'msf exploit(handler) >' I dont know whether it is an error or not.And following this I cant listen to a port for incoming connections .Help needed
Posted by Tot Jr 9 months ago
Running InsightVM. It appears that for every Windows machine it hits, it enumerates some accounts on AD. This triggers an alert in Microsoft ATA for every test machine. The question is, does anyone know what test this is, and a good way to either fix it or suppress the error?
Posted by WIlliam Stuart 9 months ago
I am unable to install the Insight agent on a Windows 2012 R2 server - the agent installs but the service fails to start so the install never completes. Seems a bit basic that the agent won't even install - the only thing I can see is the following error in the log for the ir_agent: Python could not construct the class instance Traceback (most recent call last): File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\persistence\winsvc.py", line 26, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\agent.py", line 234, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\agent.py", line 95, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\windows\mixins.py", line 144, in _agent_shutdown File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\base\mixins.py", line 135, in _agent_shutdown SystemExit: 1 %2: %3 And the following in the agent.log in the Agent directory: 2018-10-31 22:55:23,540 [INFO] [agent.agent]: Registered as singleton. PID: Unavailable 2018-10-31 22:55:23,540 [INFO] [agent.platforms.windows.mixins]: Unable to obtain uuid using method FIRMWARE_API - AgentID '00000000-0000-0000-0000-000000000000' is invalid 2018-10-31 22:55:23,571 [INFO] [agent.platforms.windows.mixins]: Unable to obtain uuid using method WMI - AgentID '00000000-0000-0000-0000-000000000000' is invalid 2018-10-31 22:55:23,571 [ERROR] [agent.platforms.windows.mixins]: Unable to obtain uuid from any known methods - attempt random generation ONLY if config allows 2018-10-31 22:55:23,571 [ERROR] [agent.agent]: Exception occurred while retrieving/caching agent id: Agent config is prevents random agentid Traceback (most recent call last): File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\agent.py", line 84, in __init__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\common.py", line 333, in __get__ File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\windows\mixins.py", line 135, in plat_hostId File "E:\jenkins\WORKSP~1\PY-FOR~2\agent\platforms\base\mixins.py", line 72, in _agentid_random agent.exceptions.InvalidAgentidException: Agent config is prevents random agentid Any ideas? thanks Barry
Posted by Barry Smith 9 months ago
We are running monthly reports that includes Vulnerability/Proof/Solution information for the 10 highest risk machines per site. There are different ways to output the vulnerability info via the built-in templates or SQL query, but I have no idea how to select 10 machines with the highest risk per site automatically. The idea is to have many sites in the scope. The vulnerability solution can be a rollup. I am looking for the fields below: IP Address Hostname Risk Score Vulnerability Title Vulnerability Description CVEs (maybe in a comma delimited list) CVSS score Patch required If it won't make it too complicated, Certainty and Owners fields would be great as well.
Posted by prashanth sedhumadhavan 9 months ago