metasploit question

**imported_apprentice** · 08-31-2009, 12:45 AM

hey guys i have been using metaspoilt or trying to, now i have watched and downloaded many tutorials how to use this.
I run nmap or nessus first and check vuln or what exploits to use sometimes there is and sometimes there isnt and then i import them into metasploit but everytime i have done this, there is never a active shell or any vulns, I have updated so i have all current exploits, now i have tried this on many computers also tried autopwn and client side attack and i never get a active shell.

Are all the computers to well patched or am i doing something wrong ?

**Lincoln** · 08-31-2009, 12:49 AM

Originally Posted by apprentice

Are all the computers to well patched or am i doing something wrong ?

You might of answered your own question, which computers are you trying to use the exploits on?

**imported_apprentice** · 08-31-2009, 04:21 AM

thanks for your reply Lincoln
well it depends on different senarios, well mainly nmap says windows xp or vista or should i be targetting router ?
it also tells me difficulty of the attack, is the higher number the harder to get in?? on the tutorials it is shown thats its easy and straight forward i guess it isnt. Maybe i need to do a bit more reading

**Gitsnik** · 08-31-2009, 04:28 AM

Aha I know what's going on here. You have much to learn before you can start exploiting systems.

What nmap is showing you is the difficulty for IP prediction attacks, an almost useless and lost art nowdays.

Some suggested reading (googledork keywords, not links):

Linux Command Line Basics
TCP/IP Illustrated
packet filtering basics
smashing the stack for fun and profit
the art of exploitation
eric steven raymond - how to be a hacker

That should be enough to get you started. A more refined answer is to search the forums for something along the lines of "fun with ms08_067"

**imported_apprentice** · 08-31-2009, 04:41 AM

thanks for your reply Gitsnik
i thought proberly to easy , thanks for the extra eductional reads, go back to the drawing board.

**floyd** · 08-31-2009, 08:12 AM

Originally Posted by Gitsnik

the art of exploitation

Please do me a favour and never recommend that one again. It's horrible. Don't read it.

**lupin** · 08-31-2009, 08:51 AM

Originally Posted by floyd

Please do me a favour and never recommend that one again. It's horrible. Don't read it.

As in "Hacking: The Art of Exploitation"? Actually, I quite liked it. The reviews on Amazon for the second edition of the book (the one I have) are also quite positive.

Amazon.com: Hacking: The Art of Exploitation, 2nd Edition (9781593271442): Jon Erickson: Books

**Gitsnik** · 08-31-2009, 10:02 AM

Originally Posted by lupin

As in "Hacking: The Art of Exploitation"? Actually, I quite liked it. The reviews on Amazon for the second edition of the book (the one I have) are also quite positive.

Amazon.com: Hacking: The Art of Exploitation, 2nd Edition (9781593271442): Jon Erickson: Books

I've found it to be a bit like Pulp Fiction... you either love it or hate it.

**floyd** · 08-31-2009, 10:16 AM

Oh sorry, my fault

I had the mitnick book in mind... Never read that one, but sounds cool

**purehate** · 08-31-2009, 12:49 PM

Originally Posted by Gitsnik

I've found it to be a bit like Pulp Fiction... you either love it or hate it.

I thought it was a great book.

BackTrack Linux - Penetration Testing Distribution

Thread: metasploit question

Thread Tools

Search Thread

Display

metasploit question

Posting Permissions