Results 1 to 7 of 7

Thread: Nessus + Metasploit varying results

  1. #1
    Junior Member
    Join Date
    Jun 2010
    Posts
    28

    Default Nessus + Metasploit varying results

    Hi

    I don't think this question will have a definitive answer but wanted to see what the experts thought

    I have Win Server 2003 R2 SP2 installed in a VM I ran vulnerability scan on it with Nessus and imported the results into Metasploit and ran a db_autopwn and got 3 meterpreter sessions, I think from memory all 3 were from the ms08_067_netapi exploit, now this was few days ago

    I ran the same scan with the same profile with nessus yesterday and imported and ran autopwn again and got no sessions.

    The only change to Server 2003 in the VM was I changed the IP address nothing else at all also no updates to Metasploit or nessus

    now I am guessing nessus got differing results from the scan for whatever reason and due to that MS couldn't exploit

    Any thoughts out there

    Thanks
    Mark
    There's no place like ~/

  2. #2
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: Nessus + Metasploit varying results

    Well, I'm no expert, but here's my thoughts. Start up msfconsole, run db_hosts, and see what your victim IP address is. It's probably showing the old IP address.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  3. #3
    Junior Member
    Join Date
    Jun 2010
    Posts
    28

    Default Re: Nessus + Metasploit varying results

    I emptied the database before importing the 2nd nessus scan results, but thanks for the reply

    I am going to try it again a bit later and see what happens
    There's no place like ~/

  4. #4
    Junior Member
    Join Date
    Jun 2010
    Posts
    28

    Default Re: Nessus + Metasploit varying results

    OK bit of an update ran a new nessus scan, imported and ran autopwn twice and got 2 sessions and then 3, re imported the scan from last night and ran autopwn and got 2 sessions and then 3

    So guess the msf can be 'flaky' at times and the moral of the story is if at first you get no sessions run again and you probably will
    There's no place like ~/

  5. #5
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: Nessus + Metasploit varying results

    I've found the framework pretty stable, but I haven't really pushed it either. Do you reboot your victim machine in between exploit attempts? Many of the things the MSF does can leave a box in an unstable condition. Combine that with running the framework and/or victim in a virtual machine, and I'm not surprised you get different results on each try.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  6. #6
    Junior Member
    Join Date
    Jun 2010
    Posts
    28

    Default Re: Nessus + Metasploit varying results

    Quote Originally Posted by scottm99 View Post
    I've found the framework pretty stable, but I haven't really pushed it either. Do you reboot your victim machine in between exploit attempts? Many of the things the MSF does can leave a box in an unstable condition. Combine that with running the framework and/or victim in a virtual machine, and I'm not surprised you get different results on each try.
    Me too to be honest, no I don't reboot between attempts, if msf leaves a machine in need of a reboot is not a good tool for pen testing, to be honest I don't think it is msf more likely the vm or to be precise the software ethernet connection, I am using virtualbox maybe I should try vmware

    Anyway thanks for the input scott, peace
    There's no place like ~/

  7. #7
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: Nessus + Metasploit varying results

    You're welcome I haven't used virtualbox, but always had good luck with vmware products when it comes to virtual machines. Personally, I think any exploit attempt (successful or not, regardless of tool used) has a chance at fouling up a box; because you're doing weird things with memory, ports, packets, etc. So I don't think it's a problem with MSF, just the nature of hacking.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

Similar Threads

  1. metasploit and nessus scans
    By dinvisible1 in forum BackTrack 5 Beginners Section
    Replies: 0
    Last Post: 06-06-2011, 10:08 AM
  2. Nessus+ Metasploit help
    By CcedSan in forum BackTrack 5 Beginners Section
    Replies: 0
    Last Post: 05-28-2011, 12:32 PM
  3. Nessus bridge for Metasploit
    By sickness in forum BackTrack Videos
    Replies: 19
    Last Post: 03-13-2011, 04:40 PM
  4. [Nessus + Metasploit]
    By bwen51 in forum Beginners Forum
    Replies: 3
    Last Post: 04-27-2010, 07:46 AM
  5. Nessus 4.2.2 and Metasploit v3.3.4
    By hanc2006 in forum Beginners Forum
    Replies: 2
    Last Post: 04-21-2010, 05:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •