Advice for metasploit

**trisogono** · 06-11-2011, 05:01 PM

hello guys,

the commissioning of exploits through msfconsole with autopwn (importing nmap or nessus), is really working?
I never created any session.
Assuming I did everything correctly.
Could someone give me some advice?

**2901119** · 06-11-2011, 05:50 PM

What is your target machine? The system you're attacking has to be vulnerable.

**zimmaro** · 06-11-2011, 07:28 PM

ciao
http://www.youtube.com/watch?v=nwMh07VI8lc
This tutorial is also made in Italy (thanks to brigante!!!)

**savioboyz** · 06-11-2011, 09:05 PM

Perhaps this offensive security made course will help you with a better understanding of how to use the framework for pentesting:

http://www.offensive-security.com/me...urity_Training

**trisogono** · 06-11-2011, 11:55 PM

someone of you succeeded in creating a session with metasploit and autopwn (importing xml from nmap, or the vulnerabilities from nessus)???
Maybe I'll make a video ...

thanks for the replies!

**2901119** · 06-12-2011, 04:21 AM

try the attack against something that you know is vulnerable like metasploitable

**trisogono** · 06-12-2011, 08:29 AM

for example???

I find the vulnerabilities like metasploitable with nessus...??

**2901119** · 06-12-2011, 04:12 PM

for example: download metasploitable and run db_autopwn against it

**trisogono** · 06-12-2011, 04:37 PM

Before I did not understand what is metasploitable...
thanks!

I'll try!!

**M00kaw** · 06-12-2011, 06:11 PM

Metasploit is a framework, meaning: something to make exploits and payloads easier.
It contains different functions, where autopwn is one of many.
an analogy for autopwn could be, shooting with a shotgun; simply blasting everything at once.
In order for this to work, the target need to have some vulnerable software running.
If the target isn't vulnerable, all the exploit launched by autopwn will be useless.

autopwn is great for proof of concept, but isn't that effective in real situations..
How ever, there's a customized "linux-distro" called metasploitable. It's made with one purpose only: To train the use of metasploit framework.
That means, that it has been customized with software vulnerable for "standard attacks" with metasploit.

There's a lot of exploitable systems, with the purpose of pratice, and the great G0tmi1k actually made quite a nice list:
http://g0tmi1k.blogspot.com/2011/05/...gn-part-2.html

I hope this cleared the understanding of metasploit and vulnerable systems a little..

//M00kaw

BackTrack Linux - Penetration Testing Distribution

Thread: Advice for metasploit

Thread Tools

Search Thread

Display

Advice for metasploit

Re: Advice for metasploit

Re: Advice for metasploit

Re: Advice for metasploit

Re: Advice for metasploit

Re: Advice for metasploit

Re: Advice for metasploit

Re: Advice for metasploit

Riferimento: Advice for metasploit

Re: Advice for metasploit

Similar Threads

Advice: Getting data out of Metasploit DB

A Little Help-Advice Please

need some advice

I need an advice

Advice please.....

Tags for this Thread

Posting Permissions