1. I startup metaspolit in Kali terminal window . and open firefox , type in ''https://localhost:3790 '' but it says ''Unable to connect'' 2. I only see the operation with UI in the official DOC , so where I can learn the metaploit command ??
Posted by YuzhenChen about a year ago
I am trying to figure out a SQL query to pull how many vulnerabilities we had on a specific date. I am looking for something similar to the "Vulnerability Count Comparison" and the Nexpose "Vulnerability Trends report" where it will show the total amount of vulnerabilities on January 1st. After reviewing the Nexpose data base schema (https://help.rapid7.com/nexpose/en-us/warehouse/warehouse-schema.html) it looks like "fact_all_date" should be where I want to go but running a query selecting anything from this fact fails stating that it can not be found. I can pull from almost all other facts so I don't know if this is out of date. Has anyone else had any success with a query or found an up to date db scheme?
Posted by Robert DeBellis about a year ago
We need to use Rapid7 VM tool and integrate it with the CA Service Desk manager. Is it possible to do this? Also, I've read about Lieberman's RED software, is it possible to integrate Rapid7 with the help desk via this software?
Posted by Divya Ambwani about a year ago
Hi, we've installed an InsightVM scan engine on a Ubuntu 16.04 64-bit VM. When prompted, we chose to install a scan engine rather than a security console. We also chose for the communications to go from the console to the scan engine, so the scan engine should be listening for incoming communications on port 40814/tcp as I understand it. The installation appeared to be successful. Just to be safe, we rebooted the VM. We were never asked to enter our license key, which seemed odd. We also were never asked to input a shared secret from the security console. After installation, we do "netstat -an | grep LISTEN", and do not see port tcp/40814 as being in a listening state. I tried manually running: sudo systemctl start nexposeengine and sudo systemctl start nexposeengine.service Each time, "echo $?" shows the return code was 0, indicating it was successful, but we still don't see port tcp/40814 as listening. When I attempt to create a new scan engine from the security console, I input the scan engine IP but when the console tries to connect we see "java.net.ConnectException: Connection refused". Any idea what we're doing wrong? Thank you, -Kevin Cawlfield
Posted by Kevin Cawlfield about a year ago
Hi, we are trying to install Metasploit Pro on remote Ubuntu 16.04 LTS server in cloud and we followed recommended commands for linux headless server from official webpage: ``` wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run chmod +x ./metasploit-latest-linux-x64-installer.run sudo ./metasploit-latest-linux-x64-installer.run ``` However, this always starts an GUI installer and we need to automate installation using ANSIBLE/BASH so we cannot use GUI but just CLI installer. Could please give us an advise on how to proceed? We have already purchased license so we need to start using it as soon as possible. Thanks a lot best regards, Ivan Ulicky Security Engineer
Posted by Ivan Ulicky about a year ago
Hi, I'm trying to follow the report customization referenced within the support documentation for InsightVM (https://insightvm.help.rapid7.com/docs/report-templates-and-sections), however for some of the reports (e.g. Top Remediations with Details) I do not have option to copy the report. Is there a way to copy this report to use as a template for custom reports as described in the documentation?
Posted by Eric A about a year ago
I am trying to active a new install of the virtual appliance. I keep getting 'activation failed cannot activate at this time'. I ran rebooted, and ran the diagnostics: Category Description Status Result Database Diagnostics Deleted Sites Consistency Success There are no partially deleted sites. Database Diagnostics Node Synopsis Consistency Success All nodes have synopsis data. Database Diagnostics Scan Synopsis Consistency Success All scans have synopsis data. Database Diagnostics Asset Synopsis Consistency Success All assets have synopsis data. Database Diagnostics Site Synopsis Consistency Success All site synopsis tables appear consistent. Database Diagnostics Asset Group Synopsis Consistency Success All asset groups have synopsis data. Database Diagnostics Scan Status Consistency Success All scan statuses appear consistent. Database Diagnostics Policy Synopsis Consistency Success The policy synopsis table appears to be consistent. Database Diagnostics Asset Policy Rule Synopsis Consistency Success All asset and policy rules have synopsis data. Database Diagnostics Asset Policy Synopsis Consistency Success All asset and policies have synopsis data. OS Diagnostics Supported OS Success System is running on a supported OS: Ubuntu Linux 16.04 OS Diagnostics Memory requirements Success Total OS memory: 7983MB JVM maximum memory: 5971MB. Used Memory: 2946MB OS Diagnostics Disk space requirements Success System meets minimum disk space requirements: 74928MB free. General Diagnostics VM Version Success VMSC Name: CN=Rapid7 Security Console, O=Rapid7 Last update: 117483016 (2018-03-14) VM version: OpenJDK 64-Bit Server VM 25.102-b14 (Linux amd64) OS version: Ubuntu Linux 16.04 General Diagnostics VM Scan Engine Version Success Local scan engine Status: Active OS version: Ubuntu Linux 16.04 Last Update: 117483016 (2018-03-14) Rapid7 Hosted Scan Engine Status: Unknown Network Diagnostics Host-based firewalls disabled Success Network Diagnostics Gateway Ping Success Gateway ping via ICMP ECHO () : ALIVE Gateway ping via TCP on port 21, 23 and 80 () : ALIVE Network Diagnostics DNS Name Resolution Success Successfully resolved 'www.rapid7.com' to 188.8.131.52
Posted by Michael Marohn about a year ago
Hello: Any custom metasploit module I create isn't getting loaded. I tried both of these demos: https://www.offensive-security.com/metasploit-unleashed/building-module/ and https://github.com/rapid7/metasploit-framework/wiki/Loading-External-Modules and got the same result that the modules were NOT found. Before posting here, I checked these out: https://forums.kali.org/showthread.php?28940-Metasploit-modules-not-loading! and https://www.offensive-security.com/metasploit-unleashed/modules-and-locations/ Just working with the later URL, on the Kali host, I do indeed have the file in the right location (according to the demo) root@kali:~/.msf4/modules/exploits/test# ls -al total 12 drwxr-xr-x 2 root root 4096 Mar 19 13:59 . drwxr-xr-x 3 root root 4096 Mar 19 13:58 .. -rw-r--r-- 1 root root 9 Mar 19 13:59 test_module.rb I then ran reload_all and when using this command: use exploit/test/test_module it returns with Failed to load module. I also tried to manually load that path and it failed too: msf > loadpath ~/.msf4/modules/ Loaded 0 modules: Any assistance you can provide in solving why metasploit isn't picking up any custom modules is greatly appreciated!
Posted by Chris about a year ago
I'm working on developing custom reports, similar to some of the .Jar files I've found here in the docs (like https://kb.help.rapid7.com/docs/trend-and-top-remediations-report-template). I'm new to Nexpose and just wanted to modify a couple of the rules around the template, and load it back into the Nexpose Report console using the upload a file option to create a new template. However when I repackage the .jar and upload it, I receive a message saying the file is not trusted. What is the proper channel/process to create a custom jar template like that? I appreciate your help!
Posted by Joshie Nygaard about a year ago
Hello, Based on documentation I should find "Amazon Web Services Asset Sync" in "Administration" -> "Connections" -> "Create/Manage". But from dropdown I can only see "Amazon Web Services (Legacy)" and other 5 none AWS related options. And it also redirects back to creation of connection without errors if I try to setup "AWS (Legacy)" option. So how to setup connection to AWS? Thanks Dainius
Posted by Dainius about a year ago
Hi We have a couple of servers scanned by insightvm (agent and ssh/key) which are reporting vulnerabilities from stored files (bundled JREs). These are part of installers stored on the machines with JRE bundled by vendor. Is there any way to exclude some paths from scanning (rather than exclude the hundreds of vulnerabilities reported)? Is there a better way to do this? Thanks,
Posted by h about a year ago
Hi All, On the report "top 25 remediations by risk", we'll have a remediation such as "update to the latest version of Adobe Air". Is there any way to see (either in a report, or the web console) the actual devices under this remediation? Ideally, I'd like to see this in the web console, so I can run filters etc.
Posted by Jonathon Zachariah about a year ago
We have a DC in a firewalled network. We are seeing failed communication (via ASA logs) between the collector and the DC on TCP 49154. I see no mention of that port anywhere in the documentation. We are unable to query the DC via WMI and this is the only port we are seeing denies on since creating the log source. Thoughts? Just allow 49154 and call it good? TIA
Posted by Scot Lymer about a year ago
Hello, I am a student in cuber security and i have one problem. In the lab we hacked the Windows XP with the command "msfpayload windows/adduser" Now they want to hack again the Windows XP but with the "windows/exec" to run any command in the windows XP. Can you tell me how to do it? I am searching all the time in google and i can't find the way. Please guys Thank you
Posted by Nefeli Anthi about a year ago
I have a machine running Windows 10 with the latest Fall Creator's update and Rapid7 is showing this: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion CurrentBuild - contains unexpected value 16299 However, that is the build number of the Fall Creator's Update aka Redstone3 is 16299. https://en.wikipedia.org/wiki/Windows_10_version_history Think there may be an error the database of vulnerabilities? Also, this machine does have the March set of patches installed. It also keyed off of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\currentversion\Policies\System\CredSSP\Parameters - key does not exist UBR - contains unexpected value 309
Posted by Chris Bachmann about a year ago
Hello, We are running a POC of InsightIDR and we are getting the following message (in bootstrap.log) when we try and activate a collector. Mar 16, 2018 9:10:55 AM com.rapid7.razor.collector.bootstrap.impl.JavaLogHelper$Logger info INFO: RegistrationManager attempting to connect to the server: https://eu.data.insight.rapid7.com/api/1/collector/register Mar 16, 2018 9:10:55 AM com.rapid7.razor.collector.bootstrap.impl.JavaLogHelper$Logger info INFO: **** Agent key for this Collector is: 311aa03d-7c6f-446b-a015-c85a113b4ff8 Mar 16, 2018 9:10:55 AM com.rapid7.razor.collector.bootstrap.impl.JavaLogHelper$Logger error SEVERE: Registration process failed with exception javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker.process_record(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) at java.net.URL.openStream(Unknown Source) at com.rapid7.razor.collector.bootstrap.impl.RegistrationManager.registerWithServer(RegistrationManager.java:203) at com.rapid7.razor.collector.bootstrap.impl.RegistrationManager.doRegister(RegistrationManager.java:108) at com.rapid7.razor.collector.bootstrap.impl.RegistrationManager.checkRegistration(RegistrationManager.java:72) at com.rapid7.razor.collector.bootstrap.impl.BootstrapProcess.call(BootstrapProcess.java:46) at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Wireshark gives me a 59 30.875484 my collector ip my proxy ip TLSv1.2 61 Alert (Level: Fatal, Description: Certificate Unknown) We have allowed SSL pass through and the server can get to the site. Any ideas?
Posted by Martin Austin about a year ago