Hi, I have a Metasploit Pro trial on Windows 10. I'm trying to Exploit a host. I'm using Metasploitable 2 on VMware. While exploiting I notice the red error "no bind payload selected" and "no Reverse payloads selected." How do I create and select a Payload? I know this is an easy question. I see the Payload Generator but I don't know how to select that payload for using with "Exploit." I CAN create a payload. So how should I solve this so I can run Exploit? (On Pro GUI.) Please reply. Thanks
Posted by Mike Held 11 days ago
Hello all. A little help if possible please. I am running Kali 2018 v1 with metasploit v4.17.9-dev. I don't want to update to version 5 because this is not fully compatible with Armitage and I really need this tool due to some courses I teach at my local community. I have noticed that version 4.17 keeps on updating with version 4.17.84 released few days ago (https://github.com/rapid7/metasploit-framework/releases/tag/4.17.84). My question is how do I update my current version of msf without upgrading to v5? apt install metasploit-framework upgrades the entire msf to v5 but I want to keep staying on v4 and receive the updates released. Thank you for your time.
Posted by Alme 14 days ago
Hello all. Thanks a lot in advance for your consideration. I would like to be able to generate a python/meterpreter/reverse_https payload, with the appreciated option StagerVerifySSLCert. After a lot of hours of syntax verifications, i can't get this wonderfull output before getting meterpreter session : "Meterpreter will verify SSL Certificate with SHA1 hash" I don't understand where is my mistake, and after having analyzed meterpreter_paranoid_mode.sh i can't reproduce this kind of option for python payload. Here is the basic command i'm using with no success: msfvenom -p python/meterpreter/reverse_https StagerVerifySSLCert=true HandlerSSLCert=/root/Desktop/google.pem LHOST=192.168.1.1 LPORT=443 -o /root/Desktop/test.py Any help would be appreciated. Have a nice day and thanks for reading me.
Posted by Eric 16 days ago
I have a VPS running my meterpreter listeners, and every time I have session, I basically also need keep the ssh session alive, which means that I would also need to have my personal rig on 24/7. Is it possible to not have a session die when I exit the SSH session? Thanks for any advice.
Posted by zek guni 28 days ago
Hi, I have Metasploit Pro and Insight VM trials (Windows 10.) I'm getting started with Metasploitable 2 (VMware.) I found the Applicable Module "Adobe ColdFusion 9 Administrative Login Bypass". I'm trying exploit/multi/http/coldfusion_rds. After setting the options and increasing HTTPDELAY, I run the exploit. I get the error: "Exploit aborted due to failure: unknown: 98.192.xxx.xxx:80 - RDS component was unreachable". This is probably an easy question but how do I fix this so I can try my exploit? I'm using the Metasploit Pro Console on Windows 10. Please reply. Thanks!
Posted by Mike Held about a month ago
Ladies and gents.. I am tryin to make reverse_tcp payload from another vm machine (Parrot) to another ubuntu (basic_pentesting 1) from https://www.vulnhub.com/entry/basic-pentesting-1,216/ . I tried everything , diffrent vm ,scenarios ,diffrent networks settings , platforms ,killing process , changeing ports and i cant get around this step. https://postimg.cc/R6yVGmG3 Any advise? thanks in advance best regards
Posted by nitro about a month ago
Hi, I am trying to connect Sendgrid to Metasploit Pro. For Social Engineering. It won't connect (timeout.) I'm using the username "apikey" and password "my long key." That's the info Sendgrid gave me. Should I try my email and password? Does anyone know how I can connect and not timeout? Here's info below... Server sendgrid.net smtp.sendgrid.net Ports 25, 587 (for unencrypted/TLS connections) 465 (for SSL connections) Username apikey Password SG.kSBwDLGITxxx etc...
Posted by Mike Held 2 months ago
Hi everyone, I am dealing with a website on Microsoft-IIS/8.5 (OS: Windows Server 2012). I was sent a module that can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script via a WebDAV PUT request. I loaded it within the Metasploit console: https://i.imgur.com/8xtxVqg.png So I set up 'RHOSTS' with the IP address of the server, and I don't know if there is something else that I must change. When I run the exploit only with the described change, I got an error message saying 'Upload failed on /metasploitblablabla.txt [303 See other]'. I suggest that this is normal because I have not used any payloads. I tried some of them, and the messages were the same. As you may see, I haven't got any experience with this framework, and any help would be appreciated. What am I doing wrong?
Posted by Elizabeth R Casale 2 months ago
Hi, When I create a custom campaign on metasploit pro, Adding a USB Key with the default name clickme.exe, when I launch the campaign and double click on clickme.exe, nothing happens and findings doesn't show if I ran that file like how a phishing campaign works. What am I missing here?
Posted by Mike Nia 2 months ago
I installed metasploit community now when i run my msfconsole command in my terminal . The msfconsole not working. It is giving the following results . My operating system is Ubuntu 18.__ <pre><font color="#000000"><b>Traceback</b></font> (most recent call last): 34: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/bin/msfconsole:23:in `<main>' 33: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/bin/msfconsole:23:in `load' 32: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/metasploit-framework-4.17.61/msfconsole:49:in `<top (required)>' 31: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/metasploit-framework-4.17.61/lib/metasploit/framework/command/base.rb:81:in `start' 30: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/metasploit-framework-4.17.61/lib/metasploit/framework/command/base.rb:63:in `require_environment!' 29: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-18.104.22.168/lib/rails/application.rb:328:in `require_environment!' 28: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/polyglot-0.3.5/lib/polyglot.rb:65:in `require' 27: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/backports-3.15.0/lib/backports/std_lib.rb:9:in `require_with_backports' 26: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/backports-3.15.0/lib/backports/std_lib.rb:9:in `require' 25: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/metasploit-framework-4.17.61/config/environment.rb:5:in `<top (required)>' 24: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-22.214.171.124/lib/rails/railtie.rb:194:in `method_missing' 23: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-126.96.36.199/lib/rails/railtie.rb:194:in `public_send' 22: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-188.8.131.52/lib/rails/application.rb:352:in `initialize!' 21: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-184.108.40.206/lib/rails/initializable.rb:54:in `run_initializers' 20: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:205:in `tsort_each' 19: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:226:in `tsort_each' 18: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:347:in `each_strongly_connected_component' 17: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:347:in `call' 16: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:347:in `each' 15: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:349:in `block in each_strongly_connected_component' 14: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:431:in `each_strongly_connected_component_from' 13: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:350:in `block (2 levels) in each_strongly_connected_component' 12: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:228:in `block in tsort_each' 11: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-220.127.116.11/lib/rails/initializable.rb:55:in `block in run_initializers' 10: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-18.104.22.168/lib/rails/initializable.rb:30:in `run' 9: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-22.214.171.124/lib/rails/initializable.rb:30:in `instance_exec' 8: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-126.96.36.199/lib/rails/application/finisher.rb:56:in `block in <module:Finisher>' 7: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-188.8.131.52/lib/rails/application/finisher.rb:56:in `each' 6: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-184.108.40.206/lib/rails/engine.rb:346:in `eager_load!' 5: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-220.127.116.11/lib/rails/engine.rb:469:in `eager_load!' 4: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-18.104.22.168/lib/rails/engine.rb:469:in `each' 3: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-22.214.171.124/lib/rails/engine.rb:471:in `block in eager_load!' 2: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-126.96.36.199/lib/rails/engine.rb:471:in `each' 1: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-188.8.131.52/lib/rails/engine.rb:472:in `block (2 levels) in eager_load!' /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/wicked-0.5.0/app/controllers/wicked/wizard_controller.rb:5:in `<top (required)>': <font color="#000000"><b>uninitialized constant ApplicationController (</b></font><font color="#000000"><u style="text-decoration-style:single"><b>NameError</b></u></font><font color="#000000"><b>)</b></font></pre>
Posted by himanshu 4 months ago
hello, (I have to say that I am French, and that I translate since google translation then pardon in advance) I have a problem when I run metasploit windows (10) it seems to me that: [-] *** [-] * WARNING: No database support: No database YAML file [-] *** and when i do db_status he tells me: [*] postgresql selected, no connection my version of metasploit: Framework: 5.0.30-dev-b67b48fd50fad6d9c2834571b540f101c80a4029 Console: 5.0.30-dev-b67b48fd50fad6d9c2834571b540f101c80a4029 it seems to me that this is the last still sorry for the translation
Posted by ralph 4 months ago
Hi Rapid7 team I am Khoa. Current, I install metasploit for a bank in windows server 2012 . I installed and ran but when I update new version of metasploit, it errored service “metasploit Pro Service”. Current. This service not start and not writed log error to file therefore I did’t searched error. I don’t fix this error and i installed old version. How to fix this error when I update new version ?
Posted by Khoa Duy 4 months ago
Hello, I am trying to send test emails from Metasploit Pro Social Engineering campaign. I'm using SendGrid. What are the settings for SendGrid? smtp.sendgrid.net? For host and domain (both smtp.sendgrid.net)? When I try that I get a "connection timeout error." I'm using my SendGrid username and password from their website. Like my normal login. So what should I enter for SendGird connected to Metasploit Pro? Please reply. Thanks
Posted by Mike Held 4 months ago
Hi, After getting a meterpreter session I type IRB, but instead of getting: "The 'client' variable hold the Meterpreter client", I get: "you are in the "client" (session) object. Thus, I can't interact with the user! Would love to get any help from you guys.. thanks! :)
Posted by Uri Binah 4 months ago
Hello, I'm running Metasploit on windows server 2008, when i try to open the web UI it gets stuck I've checked the services and noticed "metasploitPostgreSQL" isn't running when i try to start it, it stops automatically. could this be why my metasploit isn't working? Kindly assist. Thanks
Posted by Wale Jose 4 months ago
Dear Experts Hi, We are evaluating penetration testing tool and have a few questions related to Metasploit by Rapid7 and would really appreciate if you kindly provide your kind comments/feedback. • Does Metasploit supports penetration testing of surveillance cameras/IP Cameras? • Does Metasploit supports penetration testing of wireless network? We have done a bit of our homework as well and would like your feedback/review/comments on the said. Surveillance Cameras/CCTV/IP Cameras Below URLs confirms that Metasploit framework support the said. • https://www.exploit-db.com/exploits/45231 • https://www.rapid7.com/db/modules/auxiliary/scanner/http/bavision_cam_login • https://blog.rapid7.com/2012/05/15/attacking-cctv-video-surveillance-systems-with-metasploit/ • https://www.youtube.com/watch?v=gk8hOrh3MrQ • https://ro.ecu.edu.au/cgi/viewcontent.cgi?referer=https://www.google.com/&httpsredir=1&article=1202&context=ism Network Penetration Testing, including Wireless networks Below URLs confirms that Metasploit framework support the said. • https://blog.rapid7.com/2009/12/14/meterpreter-pivoting-web-scanning-wireless-and-more/ • https://www.manitonetworks.com/security/2016/8/11/finding-wireless-keys-with-metasploit • https://digi.ninja/metasploit/dns_dhcp.php - MITM using Metasploit • http://www.packetstan.com/2011/03/nbns-spoofing-on-your-way-to-world.html • https://www.irongeek.com/i.php?page=videos/deploying-metasploits-meterpreter-with-mitm-and-an-ettercap-filter - MITM using Metasploit • https://www.rapid7.com/db/search?utf8=%E2%9C%93&q=wifi&t=a • https://www.rapid7.com/db/search?utf8=%E2%9C%93&q=wep&t=a • https://www.rapid7.com/db/search?utf8=%E2%9C%93&q=wpa&t=a • https://www.rapid7.com/db/search?utf8=%E2%9C%93&q=ssid&t=a Would really appreciate your kind guidance and support. Regards Qasim +923172929700
Posted by Muhammad Qasim 5 months ago
Does anyone know where to change the default From email address for Metasploit Pro reports? It is currently set to send from email@example.com, which is causing issues. Is there a way to change this either from the GUI or terminal?
Posted by Max 5 months ago
Help, how so i solve this? Installed metasploit on kali linux with apt-get metasploit-framework. [-] Auxiliary failed: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed Full error: f5 auxiliary(gather/shodan_search) > run [-] Auxiliary failed: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed [-] Call stack: [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/protocol.rb:44:in `connect_nonblock' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/protocol.rb:44:in `ssl_socket_connect' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:948:in `connect' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:887:in `do_start' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:876:in `start' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:1407:in `request' [-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/shodan_search.rb:59:in `shodan_query' [-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/shodan_search.rb:109:in `run' [*] Auxiliary module execution completed
Posted by jepunband 7 months ago