I see that RSA is used for encryption in Nexpose, as detailed in this page: https://nexpose.help.rapid7.com/docs/administration-maintenance#section-what-types-of-encryption-does-the-application-use- From that page: To ensure the security of the application, Nexpose uses the following types of encryption algorithm keys in these areas: Identification/authentication: RSA Credential password storage: RSA Connection to the Web interface: RSA and HTTP over SSL Credential encryption: 3DES encrypted with RSA Security Console to Scan Engine communication: TLSv1.2, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for backwards compatibility, and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384. So is my installation of Nexpose vulnerable? I would be most concerned about the communication between console and engine.
Posted by Alan Rivaldo about a year ago
We are running Nexpose Rapid 7 with end point agents deployed on all assets. All of the assets in my environment are listed as having this vulnerability in the security console. I have checked the version of the endpoint agent on several machines and all are Version: 1.4.69. There are 3 logs within the Rapid7 folder: upgrade, upgrade_error, upgrade_manifest, all dated 10/11/2017. Can someone help me troubleshoot why the assets are showing up with this vulnerability when all seem to have the correct agent version installed. Thank you.
Posted by Kristi Brady about a year ago
I have already get a Meterpreter session, and run command 'sysinfo' on my target, it looks like this : meterpreter > sysinfo Computer : WIN-AL678DJCQIH OS : Windows 2012 R2 (Build 9600). Architecture : x64 System Language : zh_CN Domain : ***** Logged On Users : 16 Meterpreter : x86/windows >>> but when i run other commands , nothing echo back I wonder maybe the payload will run successful in 32 , but it can't run x64 Architecture . Am i right ?
Posted by Johnson Smith about a year ago
I am attempting to automate installation of Nexpose consoles. For engines, I can run the installer like so: ``` ./Rapid7Setup-Linux64.bin \ -q \ '-VconsoleAddress=SOMEADDRESS' \ '-VcommunicationDirectionChoice$Integer=1' \ '-Vfirstname=MY' \ '-Vlastname=NAME' \ '-Vcompany=MYCOMPANY' \ '-Vsys.component.typical$Boolean=false' \ '-Vsys.component.engine$Boolean=true' \ '-VinitService$Boolean=true' \ '-Dinstall4j.suppressUnattendedReboot=true' ``` I would think I can do something similar for the console, replacing component.typical with true, and leaving out the engine line, but I consistently get: ```` Unpacking JRE ... Starting Installer ... GLib-GIO-Message: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications. The installation directory has been set to /opt/rapid7/nexpose. Rolling back changes... ```` I am sure I am missing some flags, but I have not been able to find documentation on what they would be.
Posted by Noah Birnel about a year ago
Hi, Does anyone experience a similar problem after migrating to the new AWS Asset Sync discovery connection: The connection is in state Connected, instances are imported into a site, however when choosing to scan a scan the following message is returned: "Scan action failed: The requested scan cannot run at this time. Targets are currently being verified for scanning. Scanning will start if the targets can get verified." I am confused because there is no mentioning of target verification in Nexpose user documentation. Any ideas on how to proceed are appreciated.
Posted by elenako about a year ago
Is the nexpose(insightVM) possible to scan for CVE-2017-13077,CVE-2017-13078,CVE-2017-13079,CVE-2017-13080,CVE-2017-13081,CVE-2017-13082,CVE-2017-13084,CVE-2017-13086,CVE-2017-13087,CVE-2017-13088? https://www.krackattacks.com/
Posted by Yu Iwama about a year ago
Hi. Last week I downloaded and installed Metasploit Pro trial version. I have performed a scan on our PCIDSS network (192.168.25.0/24). When I look at the reports I do not see all of the possible Hosts being checked. Is this a limitation of the trial version ? I also cannot find pricing for it.
Posted by Glenn Chadwick about a year ago
I want to be able to examine how an exploit makes it way through from the Metaspoit system all the way to compromised system but I need to be able to visualize the attack graphically. Once the exploit hits the compromised system can what the exploit does be captured graphically step by step as the exploit reaches the NIC from the wire and then onward.
Posted by Victor M 2 years ago