Results 1 to 7 of 7

Thread: BT5 + nesses pentest help

  1. #1
    Just burned his ISO
    Join Date
    May 2011
    Posts
    13

    Default BT5 + nesses pentest help

    good day all,

    the situation - using metasploit + nessus to give justification to expand the IT budget:

    what i have done - set up a laptop with BT 5 (updated metasploit) install nessus (updated as well) got postgres to work with metasploit.

    what i have - a nmap scan (all 3 file formats) of our work subnet, from which i got a list of all ip address that i am interested in, broke that up into groups of 15 ip address and fed that into nessus; from which i got an xml file to put into msf

    so to sum it up complete venerability scan of our network...

    did a db_vulns and single out some of the ip that i wanted to check...ran msf>use <exploit> with the necessary option for the one i am interested in.

    the problem - all of them said that the exploit finished successful but no sessions was started...now my question is how can i go further without a session? i am looking to either do a dir dump or copy a file or write a file to anyone off the pc, in order to show that it can be breach...the aim of all of this is to justify buying either qualys, netexpose to use within the company...

    if i missed out some of the steps involved or if there is anything else that i can do pleas let me know..thanks

  2. #2
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: BT5 + nesses pentest help

    The exploits aren't going to work if the machines aren't vulnerable. Are all of the machines patched? Which exploits in particular are you trying?
    Last edited by Dudeman02379; 06-15-2011 at 02:17 PM.

  3. #3
    Just burned his ISO
    Join Date
    May 2011
    Posts
    5

    Default Re: BT5 + nesses pentest help

    I would refrain from using Nessus at work unless you have purchased a "ProfessionalFeed" license... (http://www.tenable.com/products/nessus-professionalfeed)

    That being said if you want to show your boss how vulnerable your system(s) is/are check out SET. Shoot your boss an email with a link to a cloned site or a .pdf with an embedded java applet to open a reverse meterpreter shell.

    After all you can patch your systems and spend millions of dollars on gadgets but all it takes is one user clicking something they shouldn't and it's all over.

  4. #4
    Just burned his ISO
    Join Date
    May 2011
    Posts
    13

    Default Re: BT5 + nesses pentest help

    firstly, thanks for the reply, from what the nessus scan returned i got some exploits, for some of the hosts, i didnt want to use the autopawn so seeing that they were a handfull i didnt them manually one by one..see the list below

    exploit/windows/mssql/ms09_004_sp_replwritetovarbin
    exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli
    exploit/windows/smb/ms08_067_netapi
    exploit/windows/smb/psexec
    exploit/multi/samba/nttrans
    exploit/windows/http/apache_chunked
    exploit/windows/http/apache_mod_rewrite_ldap
    exploit/linux/ftp/proftp_sreplace
    exploit/freebsd/ftp/proftp_telnet_iac
    exploit/linux/ftp/proftp_telnet_iac
    exploit/windows/mssql/ms02_039_slammer
    exploit/windows/brightstor/ca_arcserve_342
    all I am getting is "exploit completed but no sessions started...not to sure what to do from there, also i am interested in "/windows/smb/psexec" but i need to pass credentials for that to work if I understand that any way that i can capture those (w/out using the ones that I have offically)

  5. #5
    Just burned his ISO
    Join Date
    May 2011
    Posts
    13

    Default Re: BT5 + nesses pentest help

    Quote Originally Posted by pLinc View Post
    I would refrain from using Nessus at work unless you have purchased a "ProfessionalFeed" license... (http://www.tenable.com/products/nessus-professionalfeed)

    That being said if you want to show your boss how vulnerable your system(s) is/are check out SET. Shoot your boss an email with a link to a cloned site or a .pdf with an embedded java applet to open a reverse meterpreter shell.

    After all you can patch your systems and spend millions of dollars on gadgets but all it takes is one user clicking something they shouldn't and it's all over.
    while that is an option, and a very good point, at the time we have other looking into that, basically my task(s) test the internal network, but i will let them know about it

  6. #6
    Just burned his ISO
    Join Date
    Mar 2010
    Location
    127.0.0.1
    Posts
    2

    Default Re: BT5 + nesses pentest help

    Seems like you're stuck in the middle. I'm on the network security side and we don't have time to deal with OS vulnerabilities. That is up to the sys admins. If I had to worry about every box's footprint AND layers 3 and 4, I would quit. Tomorrow. Good luck!

  7. #7
    Just burned his ISO
    Join Date
    May 2011
    Posts
    13

    Default Re: BT5 + nesses pentest help

    Quote Originally Posted by VYCanisMajoris View Post
    Seems like you're stuck in the middle. I'm on the network security side and we don't have time to deal with OS vulnerabilities. That is up to the sys admins. If I had to worry about every box's footprint AND layers 3 and 4, I would quit. Tomorrow. Good luck!
    we got a good report out of it, we are looking to do it from and outside perspective, no i agree its up to the sys admins but I am on the security team, so its good to know, it took about a week to get all the data that we needed and plan out some exploits, thankfully we are management is giving us some money to get a lab where we can do these test now,

    when you say your on the network security side can you explain a bit more about that? do you only deal with routers and layer 3 devices?

Similar Threads

  1. Iniciante em Pentest
    By rabeloo in forum Iniciantes
    Replies: 3
    Last Post: 02-07-2011, 05:00 AM
  2. root@pentest on BT4
    By kraxein in forum Beginners Forum
    Replies: 4
    Last Post: 07-16-2010, 02:54 PM
  3. can't pentest SSH plz help
    By jenbo in forum OLD Newbie Area
    Replies: 1
    Last Post: 01-17-2010, 11:08 AM
  4. Bluetooth Pentest
    By DeadWolf in forum OLD Pentesting
    Replies: 19
    Last Post: 06-13-2008, 11:16 PM
  5. Pentest framework
    By Jac01 in forum OLD General IT Discussion
    Replies: 11
    Last Post: 04-16-2008, 02:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •