good day all,
the situation - using metasploit + nessus to give justification to expand the IT budget:
what i have done - set up a laptop with BT 5 (updated metasploit) install nessus (updated as well) got postgres to work with metasploit.
what i have - a nmap scan (all 3 file formats) of our work subnet, from which i got a list of all ip address that i am interested in, broke that up into groups of 15 ip address and fed that into nessus; from which i got an xml file to put into msf
so to sum it up complete venerability scan of our network...
did a db_vulns and single out some of the ip that i wanted to check...ran msf>use <exploit> with the necessary option for the one i am interested in.
the problem - all of them said that the exploit finished successful but no sessions was started...now my question is how can i go further without a session? i am looking to either do a dir dump or copy a file or write a file to anyone off the pc, in order to show that it can be breach...the aim of all of this is to justify buying either qualys, netexpose to use within the company...
if i missed out some of the steps involved or if there is anything else that i can do pleas let me know..thanks