Hi, I am trying to connect Sendgrid to Metasploit Pro. For Social Engineering. It won't connect (timeout.) I'm using the username "apikey" and password "my long key." That's the info Sendgrid gave me. Should I try my email and password? Does anyone know how I can connect and not timeout? Here's info below... Server sendgrid.net smtp.sendgrid.net Ports 25, 587 (for unencrypted/TLS connections) 465 (for SSL connections) Username apikey Password SG.kSBwDLGITxxx etc...
Posted by Mike Held 12 days ago
Hi everyone, I am dealing with a website on Microsoft-IIS/8.5 (OS: Windows Server 2012). I was sent a module that can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script via a WebDAV PUT request. I loaded it within the Metasploit console: https://i.imgur.com/8xtxVqg.png So I set up 'RHOSTS' with the IP address of the server, and I don't know if there is something else that I must change. When I run the exploit only with the described change, I got an error message saying 'Upload failed on /metasploitblablabla.txt [303 See other]'. I suggest that this is normal because I have not used any payloads. I tried some of them, and the messages were the same. As you may see, I haven't got any experience with this framework, and any help would be appreciated. What am I doing wrong?
Posted by Elizabeth R Casale 15 days ago
Hi, When I create a custom campaign on metasploit pro, Adding a USB Key with the default name clickme.exe, when I launch the campaign and double click on clickme.exe, nothing happens and findings doesn't show if I ran that file like how a phishing campaign works. What am I missing here?
Posted by Mike Nia about a month ago
I installed metasploit community now when i run my msfconsole command in my terminal . The msfconsole not working. It is giving the following results . My operating system is Ubuntu 18.__ <pre><font color="#000000"><b>Traceback</b></font> (most recent call last): 34: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/bin/msfconsole:23:in `<main>' 33: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/bin/msfconsole:23:in `load' 32: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/metasploit-framework-4.17.61/msfconsole:49:in `<top (required)>' 31: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/metasploit-framework-4.17.61/lib/metasploit/framework/command/base.rb:81:in `start' 30: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/metasploit-framework-4.17.61/lib/metasploit/framework/command/base.rb:63:in `require_environment!' 29: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-188.8.131.52/lib/rails/application.rb:328:in `require_environment!' 28: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/polyglot-0.3.5/lib/polyglot.rb:65:in `require' 27: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/backports-3.15.0/lib/backports/std_lib.rb:9:in `require_with_backports' 26: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/backports-3.15.0/lib/backports/std_lib.rb:9:in `require' 25: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/metasploit-framework-4.17.61/config/environment.rb:5:in `<top (required)>' 24: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-184.108.40.206/lib/rails/railtie.rb:194:in `method_missing' 23: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-220.127.116.11/lib/rails/railtie.rb:194:in `public_send' 22: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-18.104.22.168/lib/rails/application.rb:352:in `initialize!' 21: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-22.214.171.124/lib/rails/initializable.rb:54:in `run_initializers' 20: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:205:in `tsort_each' 19: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:226:in `tsort_each' 18: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:347:in `each_strongly_connected_component' 17: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:347:in `call' 16: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:347:in `each' 15: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:349:in `block in each_strongly_connected_component' 14: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:431:in `each_strongly_connected_component_from' 13: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:350:in `block (2 levels) in each_strongly_connected_component' 12: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:228:in `block in tsort_each' 11: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-126.96.36.199/lib/rails/initializable.rb:55:in `block in run_initializers' 10: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-188.8.131.52/lib/rails/initializable.rb:30:in `run' 9: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-184.108.40.206/lib/rails/initializable.rb:30:in `instance_exec' 8: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-220.127.116.11/lib/rails/application/finisher.rb:56:in `block in <module:Finisher>' 7: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-18.104.22.168/lib/rails/application/finisher.rb:56:in `each' 6: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-22.214.171.124/lib/rails/engine.rb:346:in `eager_load!' 5: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-126.96.36.199/lib/rails/engine.rb:469:in `eager_load!' 4: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-188.8.131.52/lib/rails/engine.rb:469:in `each' 3: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-184.108.40.206/lib/rails/engine.rb:471:in `block in eager_load!' 2: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-220.127.116.11/lib/rails/engine.rb:471:in `each' 1: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-18.104.22.168/lib/rails/engine.rb:472:in `block (2 levels) in eager_load!' /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/wicked-0.5.0/app/controllers/wicked/wizard_controller.rb:5:in `<top (required)>': <font color="#000000"><b>uninitialized constant ApplicationController (</b></font><font color="#000000"><u style="text-decoration-style:single"><b>NameError</b></u></font><font color="#000000"><b>)</b></font></pre>
Posted by himanshu 2 months ago
hello, (I have to say that I am French, and that I translate since google translation then pardon in advance) I have a problem when I run metasploit windows (10) it seems to me that: [-] *** [-] * WARNING: No database support: No database YAML file [-] *** and when i do db_status he tells me: [*] postgresql selected, no connection my version of metasploit: Framework: 5.0.30-dev-b67b48fd50fad6d9c2834571b540f101c80a4029 Console: 5.0.30-dev-b67b48fd50fad6d9c2834571b540f101c80a4029 it seems to me that this is the last still sorry for the translation
Posted by ralph 2 months ago
Hi Rapid7 team I am Khoa. Current, I install metasploit for a bank in windows server 2012 . I installed and ran but when I update new version of metasploit, it errored service “metasploit Pro Service”. Current. This service not start and not writed log error to file therefore I did’t searched error. I don’t fix this error and i installed old version. How to fix this error when I update new version ?
Posted by Khoa Duy 2 months ago
Hello, I am trying to send test emails from Metasploit Pro Social Engineering campaign. I'm using SendGrid. What are the settings for SendGrid? smtp.sendgrid.net? For host and domain (both smtp.sendgrid.net)? When I try that I get a "connection timeout error." I'm using my SendGrid username and password from their website. Like my normal login. So what should I enter for SendGird connected to Metasploit Pro? Please reply. Thanks
Posted by Mike Held 2 months ago
Hi, After getting a meterpreter session I type IRB, but instead of getting: "The 'client' variable hold the Meterpreter client", I get: "you are in the "client" (session) object. Thus, I can't interact with the user! Would love to get any help from you guys.. thanks! :)
Posted by Uri Binah 2 months ago
Hello, I'm running Metasploit on windows server 2008, when i try to open the web UI it gets stuck I've checked the services and noticed "metasploitPostgreSQL" isn't running when i try to start it, it stops automatically. could this be why my metasploit isn't working? Kindly assist. Thanks
Posted by Wale Jose 3 months ago
Dear Experts Hi, We are evaluating penetration testing tool and have a few questions related to Metasploit by Rapid7 and would really appreciate if you kindly provide your kind comments/feedback. • Does Metasploit supports penetration testing of surveillance cameras/IP Cameras? • Does Metasploit supports penetration testing of wireless network? We have done a bit of our homework as well and would like your feedback/review/comments on the said. Surveillance Cameras/CCTV/IP Cameras Below URLs confirms that Metasploit framework support the said. • https://www.exploit-db.com/exploits/45231 • https://www.rapid7.com/db/modules/auxiliary/scanner/http/bavision_cam_login • https://blog.rapid7.com/2012/05/15/attacking-cctv-video-surveillance-systems-with-metasploit/ • https://www.youtube.com/watch?v=gk8hOrh3MrQ • https://ro.ecu.edu.au/cgi/viewcontent.cgi?referer=https://www.google.com/&httpsredir=1&article=1202&context=ism Network Penetration Testing, including Wireless networks Below URLs confirms that Metasploit framework support the said. • https://blog.rapid7.com/2009/12/14/meterpreter-pivoting-web-scanning-wireless-and-more/ • https://www.manitonetworks.com/security/2016/8/11/finding-wireless-keys-with-metasploit • https://digi.ninja/metasploit/dns_dhcp.php - MITM using Metasploit • http://www.packetstan.com/2011/03/nbns-spoofing-on-your-way-to-world.html • https://www.irongeek.com/i.php?page=videos/deploying-metasploits-meterpreter-with-mitm-and-an-ettercap-filter - MITM using Metasploit • https://www.rapid7.com/db/search?utf8=%E2%9C%93&q=wifi&t=a • https://www.rapid7.com/db/search?utf8=%E2%9C%93&q=wep&t=a • https://www.rapid7.com/db/search?utf8=%E2%9C%93&q=wpa&t=a • https://www.rapid7.com/db/search?utf8=%E2%9C%93&q=ssid&t=a Would really appreciate your kind guidance and support. Regards Qasim +923172929700
Posted by Muhammad Qasim 3 months ago
Does anyone know where to change the default From email address for Metasploit Pro reports? It is currently set to send from email@example.com, which is causing issues. Is there a way to change this either from the GUI or terminal?
Posted by Max 4 months ago
Help, how so i solve this? Installed metasploit on kali linux with apt-get metasploit-framework. [-] Auxiliary failed: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed Full error: f5 auxiliary(gather/shodan_search) > run [-] Auxiliary failed: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed [-] Call stack: [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/protocol.rb:44:in `connect_nonblock' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/protocol.rb:44:in `ssl_socket_connect' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:948:in `connect' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:887:in `do_start' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:876:in `start' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:1407:in `request' [-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/shodan_search.rb:59:in `shodan_query' [-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/shodan_search.rb:109:in `run' [*] Auxiliary module execution completed
Posted by jepunband 5 months ago
Is there a legal reason why the Metasploit documentation (Phishing Tip #2 in Best Practices for Social Engineering: https://metasploit.help.rapid7.com/docs/best-practices-for-social-engineering) says that we need to register and own a domain for use on the Metasploit web server? If we plan to only use internal DNS to point end users back to our server, which is also on our internal network, couldn't I use any domain I wanted and make sure there is a pointer record in our Internal DNS for that domain? Why would I want to buy a domain just for this? It seems I would be limiting myself as to the craftiness of my campaigns as I would be tied to this one domain. I certainly don't want to buy multiple.
Posted by Dean Turturici about a year ago
Hi everybody, i'm on a PC with Kali Linux OS. I've got metasploitable 2 installed on a VM (vmware). Everything works fine, but now I have to connect to the MS2 web application DVWA trough a local proxy (because i've to intercept traffic with Burpsuite). When i had Firefox ESR i had no problem even with proxy, but now i have Firefox Quantum (61.0.1 64 bits). When i change my network option to proxy 127.0.0.1:8080, i can't open my MS2 while i can easily reach MS2 without proxy. Is there a problem with Firefox quantum ? Can i solve this problem ? Thanks for your Help (I hope you've understood everything, because english is not my mother tongue) Francesco
Posted by francesco fortis about a year ago
I am very new to hacking and am downloading software to help me along. I downloaded Metasploit but didn't bother changing the Host Server from localhost because I didn't know it would matter. Once again, very new to this. Now I can't open the program because it claims the connection is insecure. Is there a way to change the host server or should I delete and re-download the program? Also, are there any must-have programs I should get? Thanks
Posted by Daisy Rachel Elliott about a year ago
In the installation instructions for Metasploit, it is mentioned that the AV and Firewalls must be disabled since the AV software will detect Metasploit as malicious and prevent it from running. Disabling AV and Firewall on the Server where Metasploit is running will create a risk and leave my server unprotected. So my questions here are? 1. Will Metasploit work with an AV software such as Cylance which provides a file less, signature less method of detection? 2. What are the compensatory controls that need to be in place to ensure that my server and network are not at risk due to the AV being blocked? 3. If the AV is blocked, does the Metasploit software not get downloaded either?
Posted by Debrup Bhattacharjee about a year ago