Hi, I have Nexpose installed on a Windows Server 2012 R2. But i wonder is i can move the sites and scans performed in Windows Server 2012 to another system such as Windows Server 2016 which has another Nexpose system installed on there. I want to be able to copy it all there and see it all the same way the sites and scans show up in the Server 2012 system.
Posted by Black Xps about a year ago
When I click "ACTIVATE LICENSE" button to register pro License demo, I faced below error message "Activation Failed: SSL_connect returned=1 errno=0 state=error: certificate verify failed " I have screenshot but i don't know how to attached It seems Certificate errors and My company use proxy server So .. How should I solve this issue?? Thanks.
Posted by 김경수 about a year ago
Today I had a meeting with the Operations Team. They asked a question that was a little bit difficult for me to answer. Here is the vulnerability: SSH server supports SSH protocol v1 clients The SSH server support SSH version 1 clients. Version 1 of the SSH protocol contains fundamental weaknesses which make sessions vulnerable to man-in-the-middle attacks. Since all modern SSH clients have supported SSH v2 for at least 5 years, there is no reason to support SSHv1 They asked the question: How will this vulnerability be exploited? Will the attacker need a physical access to our network/computer before being able to exploit this? Can anyone help me answer this question? Thanks in advance
Posted by Charles Sawadogo about a year ago
pair-nexpose-engine: Cannot process user data. Wrong format. I have this in my userdata NEXPOSE_CONSOLE_HOST=10.10.10.10 NEXPOSE_CONSOLE_PORT=40815 NEXPOSE_CONSOLE_SECRET=my-super-secret-key I have this as plain text in user data. What am I missing?
Posted by Nate Holtrop about a year ago
Is it possible to setup a Virtual scan engine appliance so that it will communicate to the console (instead of the default Console to Engine communication direction)? Is it possible to set that up during installation (not change it after install)? Thanks
Posted by Simon Eyre about a year ago
I am trying to re-mediate msft-adv4053440 on our machines, but on many of them the "Proof" is not lining up with what I see directly on those machines. Example: I see proofs on my own laptop of: "Vulnerable software installed: Microsoft Excel 2016 16.0.4705.1000 HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security - key exists HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security WorkbookLinkWarnings - contains unexpected value 0 . . . but nowhere in my entire registry in any user hive do I see a value of "0" for that branch/dword. What am I missing or not understanding? Thanks, Craíg
Posted by Craig Wassel about a year ago
Is it possible to use a regex to search for assets from the Filtered Asset Search window? Help documents state that it is, but it's not working. I have been through the existing Rapid7 regex help documentation. https://nexpose.help.rapid7.com/docs/performing-filtered-asset-searches#section-filtering-by-asset-name https://nexpose.help.rapid7.com/docs/using-regular-expressions Thanks!
Posted by Michael about a year ago
I was using a GET /assets to get data on all assets but realized I should be using POST /assets/search so that I'm only downloading data on the site I need. However I now get a 500 Internal Server Error when POSTing the following body (with content-type "application/json"): ``` { filters = [ { field = "site-id", operator = "in", value = ["22"] } ], match = "any" } ``` Any ideas on why this is happening? I know my authentication works.
Posted by Logan Pulley about a year ago
Hi , When using some exploit (exploit/multi/fileformat/office_word_macro) for example, I dont have all the payloads available when setting payload (windows/x64... not available for that exploit) and some payloads i am trying to use are not working... How can i know which payloads are available for the exploits is there any exploit documentation on that ? thanks, Eddie.
Posted by Eddie Harari about a year ago
The "Partition Mounting Weakness" check often detects that certain Linux partitions have been mounted without the "nodev" option, however the check provides no references. What standard/best-practice/guideline is used as a basis for this recommendation. For example, CIS Benchmarks for Distribution Independent Linux (2017), Debian 8 (2016), and Ubuntu 16.04 (2017), all recommend setting the "nodev" mount option for /tmp, /var/tmp, and /home, but make no mention of /run despite the /run partition being rolled out to most Linux distros back in 2011 -- amble time for CIS to have added the recommendation if the group deemed it important. I understand the security rationale for the recommendation (good related explanations can be found on Stack Exchange (https://unix.stackexchange.com/questions/188601/why-is-nodev-in-etc-fstab-so-important-how-can-character-devices-be-used-for) and SuperUser (https://superuser.com/questions/538550/understanding-mount-option-nodev-and-its-use-with-usb-flash-drives)), and believe the recommendation is a good idea. I appreciate Rapid7 making its own recommendations on security settings rather than simply relying on so-called "best-practice" documents made by others, but the lack of any references which might indicate a industry-wide acceptance for such setting, combined with the necessary accompanying usability testing that would make such a recommendation feel "safe" for an admin to test on their own, creates a feeling of distrust toward insightVM.
Posted by Hugh Jarse about a year ago
Why is my new Nexpose Scan engine attempting to make outbound SSH connections? Please note this is happening with fresh clean copy of the OVA downloaded from Rapid7's own website. It started immediately after setup of the network settings and the appliance was rebooted. No settings other than network configuration had been set. what is happening is the SSHD service on the Ubuntu OVA is causing 15 to 30 percent CPU utilization. The SSHD service is not doing it by itself mind you, but it is causing the journal and logging processes to contribute to this. I have three other scan engines that were setup that are not doing this. Does anyone have an idea of how to make this stop without setting up the VM again? Sample Log Lines: Jun 3 05:44:57 nexpose sshd[44483]: fatal: Unable to negotiate with XXX.XXX.251.47 port 54417: no matching cipher found. Their offer: aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,rijndael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc [preauth] Jun 3 05:44:57 nexpose sshd[44485]: fatal: Unable to negotiate with XXX.XXX.250.82 port 65479: no matching cipher found. Their offer: aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,rijndael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc [preauth] Jun 3 05:44:57 nexpose sshd[44487]: fatal: Unable to negotiate with XXX.XXX.251.50 port 51997: no matching cipher found. Their offer: aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,rijndael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc [preauth] Jun 3 05:44:57 nexpose sshd[44489]: fatal: Unable to negotiate with XXX.XXX.251.52 port 62033: no matching cipher found. Their offer: aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,rijndael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc [preauth] Jun 3 05:44:57 nexpose sshd[44490]: fatal: Unable to negotiate with XXX.XXX.248.138 port 65069: no matching cipher found. Their offer: aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,rijndael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc [preauth]
Posted by Noel Torres about a year ago
When scanning Windows 10 build 17134, I'm getting correctly flagged for cve-2018-0886, however the vuln appears 5 times for each version (1511, 1607, 1709, 1507, 1703) but not for installed 1803. The check returns: "CurrentBuild - Contains unexpected value: 17134". This is the correct value for 1803. Is this Windows version currently unsupported?
Posted by Trevor Capps about a year ago
^ SOL functions okay but $ doesnt act as EOL when tying to group all IP's ending in .2 for a dynamic group called DedicatedWidgetMachines. Error message: No new data can be retrieved. The session may have expired. Please log on again.
Posted by Donovan Sanchez about a year ago