Because the nessus scan reported some "vulnerability" does not mean that you will be able exploit it!
Study...
Metasploit Unleashed - Mastering the Framework
Regards,
Not getting session with autopwn command in metasploit
Hi,
I am not very old in metasploit but trying to exploit in my internal network with Backtrack4 in VM player.
1st I scanned the server with nessus and there are vulnerability reported.
now I have created data base in metasploit and imported nessus .nbe file.
with command msf > db_autopwn -x -t I can see there are 2 below exploit
msf > db_autopwn -x -t[*] Analysis completed in 13 seconds (0 vulns / 0 refs)[*][*] ================================================== ==============================[*] Matching Exploit Modules[*] ================================================== ==============================[*] x.x.x.x exploit/windows/smb/psexec (CVE-1999-0504, OSVDB-3106)[*] x.x.x.x exploit/windows/mssql/mssql_payload (CVE-2000-1209, BID-4797, OSVDB-15757)[*] ================================================== ==============================
but if i run command msf > db_autopwn -x -e I am not getting any session..
msf > db_autopwn -x -e[*] (1/2 [0 sessions]): Launching exploit/windows/smb/psexec against x.x.x.x...[*] (2/2 [0 sessions]): Launching exploit/windows/mssql/mssql_payload against x.x.x.x...[*] (2/2 [0 sessions]): Waiting on 2 launched modules to finish execution...[*] (2/2 [0 sessions]): Waiting on 2 launched modules to finish execution...[*] (2/2 [0 sessions]): Waiting on 2 launched modules to finish execution...[*] (2/2 [0 sessions]): Waiting on 0 launched modules to finish execution...
I m not understanding whats going wrong.. I have disabled my firewall as well.
Please help me.
Re: Not getting session with autopwn command in metasploit
Because the nessus scan reported some "vulnerability" does not mean that you will be able exploit it!
Study...
Metasploit Unleashed - Mastering the Framework
Regards,
(gdb) disass m(y_br)ain
®
Re: Not getting session with autopwn command in metasploit
Thanks for the reply ..
But my understanding was 'db_autopwn -x -t' shows only the vulnerability which can be exploited as this command show matching exploits.
In this case,there are couple of vulnerability reported in nessus scan report.
but with command 'db_autopwn -x -t' in metasploit ,only 2 exploit matched (as u can see in the above post).
Though metasploit showing matching exploit then also not getting any session.
Hope this clarifies my question.
Re: Not getting session with autopwn command in metasploit
it appears you are new to using metasploit. As such I would again recommend the link posted by espreto and I would discourage the use of autopwn.
Just use metasploit.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Posting Permissions