metasploit question

[DtL666]

is metasploit effective when trying to exploit through the web? ive notice it just times out and fails.........if it is not effective, what is?

[mfBaranian]

is metasploit effective when trying to exploit through the web? ive notice it just times out and fails.........if it is not effective, what is?

It would be a lot better if you search for yourself than asking questions every time you fail at something. At least give it a decent try. All of these questions have been asked and answered. Yes it can be done remotely. Your problem here is basic understanding of TCP/IP networking. Read up on it and port forwarding (on the receiving end).

[DtL666]

dude....this is my second post ever. thanks for the tips but you don't have to be inconsiderate. i started doing this recently and have had no help.

[purehate]

dude....this is my second post ever. thanks for the tips but you don't have to be inconsiderate. i started doing this recently and have had no help.

Well this is not the place to be a beginner. Call me a a$$hole but its true. We encourage you to learn some fundamentals and then come on back and be part of a great community.

[mfBaranian]

I'm not trying to be inconsiderate. That was a tip also. If you've read the forum rules you would know that there are some standards this community is built on. One of them is being determined and willing to learn for yourself (can be accomplished by properly searching the forums).

[DtL666]

thats cool....but don't make a newbie section and expect people to not ask questions. i wouldn't have asked if i knew i was going to get ripped on. great community

[Archangel-Amael]

thats cool....but don't make a newbie section and expect people to not ask questions. i wouldn't have asked if i knew i was going to get ripped on. great community

Posted at the top of this page and every single one in the Newbie Area:

Newbie Area Welcome to the BackTrack Forums! Please check this section and post to it if you are new to BackTrack, the Forums, or both.

But no where does it say anything about metasploiting the inturwebs.

And no one ripped on you, you were encouraged to take the appropriate action and to search and learn.

[kazalku]

May be it's the time to introduce a little quiz BEFORE someone can register here. I'm serious & not kidding at all. I'm sure that we can setup 5 simple questions to welcome new members to the community. Just for example:

1) Which of the following is best option if you have any question?

• A) Ask mum
  B) Ask Dad
  C) Post it to forum
  D) Google

2) Which of the following is most powerful encryption?

• A) WEP
  B) Open
  C) WPA
  D) Switching off your computer

Well...... something like these....

[junkiethumbs]

....derailment in progress....

@dtl666 you aren't on tekroscape are you?


I was tempted to suggest an easter egg hunt through Google.

But then I thought.. why not an essay based upon the Stickies

Newbie Area Welcome to the BackTrack Forums! Please check this section and post to it if you are new to BackTrack, the Forums, or both.

But no where does it say anything about metasploiting the inturwebs.

Nor does it state How to use Linux for people bred on Windows or Macs. That is something that is rather annoying as well.

"Call me an a$$hole..."

Brilliant!

....end of derailment....

JT

[lupin]

thats cool....but don't make a newbie section and expect people to not ask questions. i wouldn't have asked if i knew i was going to get ripped on. great community

We actually do expect questions, we just prefer it when the question contains some detail, is clearly written, doesn't misuse terminology and is phrased in a way that actually allows us to give a meaningful answer.

Your question was none of these things, and without follow up information it will be impossible for anyone to answer your question in a way that is of any use to you at all.

Let me demonstrate by going back to your original question....

is metasploit effective when trying to exploit through the web?

Yes....

Although this is dependent on:

• whether you are using Metasploit correctly,
• which exploit you are using,
• what your ultimate goal of exploitation is (what you want to do to the target system),
• whether you are using client or server side web exploits,
• whether vulnerable software exists on the target system,
• whether other protection methods are in place between you and the target (firewall, IPS, etc)
• and whether you actually meant "Internet" instead of "Web".

ive notice it just times out and fails

I see.

I cant even hazard a guess as to why this is happening until I know what command you used, what system you are targeting, what patches and software are installed on the target system, what error messages you got, whether a firewall is in place between the Metasploit system and the target system, etc, etc

.........if it is not effective, what is?

Many other packages could be effective. Depending on what you are trying to achieve of course.... which is what again?

So was that answer helpful?

Maybe instead of complaining about how badly you are being treated here, you should put some more effort into asking questions that can actually be answered, and into reading up about the subject you are supposedly so interested in so you can understand those answers when they get provided to you.