Results 1 to 7 of 7

Thread: need help using metasploit

  1. #1
    Just burned his ISO
    Join Date
    Mar 2012
    Posts
    2

    Default need help using metasploit

    hey i'm new to penetration testing and new to linux..
    but this section is really interesting for me..
    i'v been using for a couple of weeks an ubuntu os as my main os learned to control it from terminal..
    now i'v got my self 2 VM's 1 running Win XP sp3 32 bit and the other runing backtrack 5 RC2

    i'v set up xampp on the windows VM and put DVWA (Damn Vulnerable Web App) and tried doing some XSS with metasploitee using the browser_autopwn..
    i config the options with my BT machine ip and port but im having no luck..

    tried with IE9 came with the Win XP machine the exploit stops at :

    Code:
    [*] sending windows/browser/msll_003_ie_css_import CSS
    then i tried using an other browser like Firefox for Windows but still no luck : <
    it stoped at :


    Code:
    [*] windows/browser/mozilla_nstreerange: Sending HTML to X.X.X.X (this is my ip )[*] windows/browser/mozilla_nstreerange: Sending XUL to X.X.X.X (again my IP...)

    any idea what im doing wrong?

  2. #2
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: need help using metasploit

    You may be missing a couple of steps in the pen-testing process. Be sure to do good recon & footprinting of your target system, what it's running, and its weaknesses. Only after you have identified the victim's soft spots should you launch an attack. This will give you the best chance at success.

    I think of browser_autopwn as the equivalent of a sledgehammer...you smash your way into the box. I like to take the scalpel approach...make a targeted & surgical attack on my target.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  3. #3
    Member
    Join Date
    Jan 2011
    Posts
    63

    Default Re: need help using metasploit

    scottm99 is right, try to avoid using the autopwn tools since these are very noisy and are not practical by any stretch of the word. Get as much information about the victim OS as you can before launching an attack, and only do so when you are all but 100% it'll work. autopwn tools just blast the system with all of the exploits that are remotely close to working on the victim machine to see what sticks.

    The reason it didn't work the first time is because the "windows/browser/msll_003_ie_css_import" exploit works on IE6,7, and 8, but not IE9. You can verify this by setting this as your only exploit to use (instead of autopwn) and using the "show targets" command.

    Same story goes for the "windows/browser/mozilla_nstreerange" exploit, the version of Java (if even installed) may not be one that has an exploit developed for it yet.

  4. #4
    Just burned his ISO
    Join Date
    Mar 2012
    Posts
    2

    Default Re: need help using metasploit

    thank you to for the quick answer and sorry for being slow to answer.

    since im just a beginner in the penetration testing world i don't know much about weaknesses or enough info gathering.

    if you can direct me to good tutorials (text or video i don't mind) i'll be more then happy !

  5. #5
    Member
    Join Date
    Jan 2011
    Posts
    63

    Default Re: need help using metasploit

    www.offensive-security.com

    This is one of the best places that you will actually be taught how to figure out the problems on your own and not a simple video that shows you how to do everything step by step without learning what's actually happening.

    Another good source for this information that is much cheaper (also not near as in depth) is the book Metasploit: The Penetration Tester's Guide. It was wrote by a couple of the developers of the Metasploit Framework and also Muts himself (the founder of OffSec and developer of Back|Track).

    I have heard a lot of people mention www.securitytube.net as well, but I have no personal experience with this yet.
    Last edited by Reamer; 03-26-2012 at 12:35 PM. Reason: added another link

  6. #6
    Member
    Join Date
    Jan 2011
    Posts
    63

    Default Re: need help using metasploit

    ... first time getting bit in the ass by the double post...
    Last edited by Reamer; 03-26-2012 at 12:34 PM. Reason: damn the double post!

  7. #7
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: need help using metasploit

    DrDark, you might also check out the metasploit unleashed tutorial on the Offensive Security website. I went through this tutorial a number of times, and found it very helpful. However, I think the book Reamer mentioned would be the most thorough resource.

    I will also second Reamer's opinion on the Offensive Security class, specifically Pentesting With BackTrack. I just started PWB this weekend, but could tell by reading the lab manual that it is very thorough.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

Similar Threads

  1. Replies: 2
    Last Post: 02-23-2012, 08:43 PM
  2. Replies: 1
    Last Post: 05-07-2011, 01:35 PM
  3. Replies: 17
    Last Post: 04-07-2011, 10:00 PM
  4. [Howto] [Metasploit] Introducao ao Metasploit - Parte 01
    By espreto in forum Tutoriais e Howtos
    Replies: 16
    Last Post: 10-13-2010, 04:21 PM
  5. metasploit o non metasploit, questo è il problema!
    By eqweo in forum Discussioni Generali
    Replies: 2
    Last Post: 01-14-2010, 12:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •