hey guys i have been using metaspoilt or trying to, now i have watched and downloaded many tutorials how to use this.
I run nmap or nessus first and check vuln or what exploits to use sometimes there is and sometimes there isnt and then i import them into metasploit but everytime i have done this, there is never a active shell or any vulns, I have updated so i have all current exploits, now i have tried this on many computers also tried autopwn and client side attack and i never get a active shell.
Are all the computers to well patched or am i doing something wrong ?
thanks for your reply Lincoln
well it depends on different senarios, well mainly nmap says windows xp or vista or should i be targetting router ?
it also tells me difficulty of the attack, is the higher number the harder to get in?? on the tutorials it is shown thats its easy and straight forward i guess it isnt. Maybe i need to do a bit more reading
Aha I know what's going on here. You have much to learn before you can start exploiting systems.
What nmap is showing you is the difficulty for IP prediction attacks, an almost useless and lost art nowdays.
Some suggested reading (googledork keywords, not links):
Linux Command Line Basics
packet filtering basics
smashing the stack for fun and profit
the art of exploitation
eric steven raymond - how to be a hacker
That should be enough to get you started. A more refined answer is to search the forums for something along the lines of "fun with ms08_067"
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
thanks for your reply Gitsnik
i thought proberly to easy , thanks for the extra eductional reads, go back to the drawing board.
Oh sorry, my fault
I had the mitnick book in mind... Never read that one, but sounds cool