Huh. I rebooted and immediately ran nsc.sh again, and now it seems to be updating.
A search on rapid7's community suggests they found similar thing for their own Backtrack testing.
Maybe this will help someone else.
msfconsole & nexpose
Hi all
Bit confused here, would appreciate if someone can clarify!
I have a installation of BT5R2 x64 on my laptop. I am trying to run nexpose from within msfconsole.
So I fire up msfconsole and type "load nexpose" which loads the plugin successfully.
Then I type nexpose_connect ... but I dont know what the default username and password is.
So I then assume that this is not nexpose, and only a plugin, and that I have to download nexpose myself.
I downloaded the .bin file, installed, and when I run it:
I have also done apt-get update/upgradeCode:root@bt:/opt/rapid7/nexpose/nsc# ./nsc.sh Checking for available jvms Validating jre in directory _jvm1.6.0_25 Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future 2012-05-03T18:25:28 [INFO] 2012-05-03T18:25:28 [INFO] OS Information 2012-05-03T18:25:28 [INFO] ------------------------------------------------------------ 2012-05-03T18:25:28 [INFO] Current directory: /opt/rapid7/nexpose/nsc 2012-05-03T18:25:28 [INFO] User name: root 2012-05-03T18:25:28 [INFO] Computer name: bt 2012-05-03T18:25:28 [INFO] Operating system: Ubuntu Linux 10.04 2012-05-03T18:25:28 [INFO] Total memory: 4048736 KBytes 2012-05-03T18:25:28 [INFO] Available memory: 2751728 KBytes 2012-05-03T18:25:28 [INFO] CPU speed: 2401MHz 2012-05-03T18:25:28 [INFO] Number of CPUs: 2 2012-05-03T18:25:28 [INFO] Super user: true 2012-05-03T18:25:28 [INFO] JVM started: Thu May 03 18:25:26 BST 2012 2012-05-03T18:25:28 [INFO] JVM uptime: 1 second Checking graphics environment... OK PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/etc/alternatives/gem-bin:/etc/alternatives/gem-bin The Java virtual machine is exiting with code 0 Using jre at _jvm1.6.0_25 PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/etc/alternatives/gem-bin:/etc/alternatives/gem-bin Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future Logging to file /opt/rapid7/nexpose/update.log Checking for available jvms Validating jre in directory _jvm1.6.0_25 Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future 2012-05-03T18:25:30 [INFO] 2012-05-03T18:25:30 [INFO] OS Information 2012-05-03T18:25:30 [INFO] ------------------------------------------------------------ 2012-05-03T18:25:30 [INFO] Current directory: /opt/rapid7/nexpose/nsc 2012-05-03T18:25:30 [INFO] User name: root 2012-05-03T18:25:30 [INFO] Computer name: bt 2012-05-03T18:25:30 [INFO] Operating system: Ubuntu Linux 10.04 2012-05-03T18:25:30 [INFO] Total memory: 4048736 KBytes 2012-05-03T18:25:30 [INFO] Available memory: 2727972 KBytes 2012-05-03T18:25:30 [INFO] CPU speed: 1200MHz 2012-05-03T18:25:30 [INFO] Number of CPUs: 2 2012-05-03T18:25:30 [INFO] Super user: true 2012-05-03T18:25:30 [INFO] JVM started: Thu May 03 18:25:29 BST 2012 2012-05-03T18:25:30 [INFO] JVM uptime: 0 seconds Checking graphics environment... OK PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/etc/alternatives/gem-bin:/etc/alternatives/gem-bin The Java virtual machine is exiting with code 0 Using jre at _jvm1.6.0_25 PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/etc/alternatives/gem-bin:/etc/alternatives/gem-bin Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future 2012-05-03T18:25:31 [INFO] Logging initialized. [Name = default] [Level = INFO] [Timezone = Europe/Isle_of_Man (Greenwich Mean Time, GMT01:00)] 2012-05-03T18:25:31 [INFO] Current directory: /opt/rapid7/nexpose/nsc 2012-05-03T18:25:31 [INFO] User name: root 2012-05-03T18:25:31 [INFO] Super user: Yes 2012-05-03T18:25:31 [INFO] Computer name: bt 2012-05-03T18:25:31 [INFO] Host Address: 127.0.1.1 2012-05-03T18:25:31 [INFO] Host FQDN: bt.foo.org 2012-05-03T18:25:31 [INFO] Operating system: Ubuntu Linux 10.04 2012-05-03T18:25:31 [INFO] CPU speed: 1600MHz 2012-05-03T18:25:31 [INFO] Number of CPUs: 2 2012-05-03T18:25:31 [INFO] Total memory: 3.9 GB 2012-05-03T18:25:31 [INFO] Available memory: 2.6 GB 2012-05-03T18:25:31 [INFO] Total disk space: 39.3 GB 2012-05-03T18:25:31 [INFO] Available disk space:25.5 GB 2012-05-03T18:25:31 [INFO] JVM name: Java HotSpot(TM) 64-Bit Server VM 2012-05-03T18:25:31 [INFO] JVM vendor: Sun Microsystems Inc. 2012-05-03T18:25:31 [INFO] JVM version: 20.0-b11 2012-05-03T18:25:31 [INFO] JVM started: 2012-05-03 17:25 GMT 2012-05-03T18:25:31 [INFO] Running interactively under super-user: root. 2012-05-03T18:25:31 [INFO] Initializing JDBC drivers. 2012-05-03T18:25:31 [INFO] Running first-time configuration. 2012-05-03T18:25:31 [INFO] Configuring PostgreSQL installation in /opt/rapid7/nexpose/nsc/nxpgsql. 2012-05-03T18:25:31 [INFO] Verifying permissions on /opt/rapid7/nexpose/nsc/nxpgsql 2012-05-03T18:25:31 [INFO] Verifying disk space on /opt/rapid7/nexpose/nsc/nxpgsql 2012-05-03T18:25:31 [WARN] Could not determine nxpgsql daemon status. Continuing installation... 2012-05-03T18:25:31 [INFO] Adding service user nxpgsql <snip> 2012-05-03T18:25:31 [INFO] Successfully set file permissions 2012-05-03T18:25:31 [INFO] Changing permissions of directory '/opt/rapid7/nexpose/nsc/db' to go+x 2012-05-03T18:25:32 [INFO] Postgres data directory already exists. Cleaning up. /opt/rapid7/nexpose/nsc/nxpgsql/nxpdata 2012-05-03T18:25:32 [INFO] Creating data directory in /opt/rapid7/nexpose/nsc/nxpgsql/nxpdata 2012-05-03T18:25:32 [INFO] Setting permissions on data directory /opt/rapid7/nexpose/nsc/nxpgsql/nxpdata 2012-05-03T18:25:32 [INFO] Initializing PostgreSQL database 2012-05-03T18:25:32 [ERROR] A critical error occured during initialization java.lang.RuntimeException: initdb exited with error code 1 at com.rapid7.nexpose.util.PostgresInstaller.initDatabase(Unknown Source) ~[nxshared.jar:na] at com.rapid7.nexpose.util.LinuxPostgresInstaller.initDatabase(Unknown Source) ~[nxshared.jar:na] at com.rapid7.nexpose.util.PostgresInstaller.run(Unknown Source) ~[nxshared.jar:na] at com.rapid7.nexpose.nsc.FirstTimeConfigurator.installDB(Unknown Source) ~[nsc.jar:na] at com.rapid7.nexpose.nsc.FirstTimeConfigurator.configure(Unknown Source) ~[nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.initFirstTimeConfig(Unknown Source) [nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.initCriticalSubsystems(Unknown Source) [nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.initSubsystems(Unknown Source) [nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.run(Unknown Source) [nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.main(Unknown Source) [nsc.jar:na] 2012-05-03T18:25:32 [ERROR] Error during server initialization. java.lang.NullPointerException: null at com.rapid7.nexpose.nsc.NSC.initSubsystems(Unknown Source) [nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.run(Unknown Source) [nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.main(Unknown Source) [nsc.jar:na] 2012-05-03T18:25:32 [INFO] Shutting down immediately 2012-05-03T18:25:32 [INFO] Shutting down asset group service executor... 2012-05-03T18:25:32 [INFO] removing scheduled risk and history updater jobs 2012-05-03T18:25:32 [INFO] Shutting down data warehouse service 2012-05-03T18:25:32 [INFO] Shutting down config manager 2012-05-03T18:25:32 [WARN] Error shutting down database. java.sql.SQLException: No suitable driver at java.sql.DriverManager.getDriver(Unknown Source) ~[na:1.6.0_25] at com.rapid7.nexpose.datastore.DBManager.shutdownPools(Unknown Source) ~[nxshared.jar:na] at com.rapid7.nexpose.datastore.DBManager.shutdownDB(Unknown Source) ~[nxshared.jar:na] at com.rapid7.nexpose.datastore.DBManager.shutdownDBSystem(Unknown Source) ~[nxshared.jar:na] at com.rapid7.nexpose.nsc.NSC.shutdownDB(Unknown Source) [nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.shutdownSubsystems(Unknown Source) [nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.shutdown(Unknown Source) [nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.shutdown(Unknown Source) [nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.run(Unknown Source) [nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.main(Unknown Source) [nsc.jar:na] 2012-05-03T18:25:32 [INFO] Shutting down command console NeXpose security console exited with code 0
Please assist!
Re: msfconsole & nexpose
Huh. I rebooted and immediately ran nsc.sh again, and now it seems to be updating.
A search on rapid7's community suggests they found similar thing for their own Backtrack testing.
Maybe this will help someone else.
Re: msfconsole & nexpose
hey..could you please tell me why nexpose needs 500GB.. I understand that it is to keep the analysis data..I am currently running backtrack in 32Gb space and with 8gb ram. Can you please tell me how much space nexpose takes when install from bin file?
Regards
Re: msfconsole & nexpose
I am running my BT installation on a 40GB partition and I've used 15GB, inc nexpose install. It took about 1GB tops from memory!
Re: msfconsole & nexpose
Just to add to this, it seems MSF has changed from recently?
I am following the guide here http://www.offensive-security.com/me...g_With_NeXpose
But none of the commands listed work.
More specifically:
db_create doesnt work.
db_import works
db_services and db_vulns are now just services and vulns
db_autopwn doesnt work.
From the help output I cant see any replacement commands etc?
Re: msfconsole & nexpose
Perhaps I can help with some history. The MSF underwent a pretty drastic change...I think it was version 4.0 Anyway, db_autopwn was removed due to it's instability. It is possible to add db_autopwn back, although I haven't done it myself; there are threads on how to re-add it on the forums here.
If you do a db_status at the msf prompt right after starting metasploit, you'll see that you startup with a postgresql database connected. So, there's no need for a db_create command any longer. You can use the workspace command to switch between database workspaces.
In my opinion, the ultimate resource for the framework is the metasploit mailing list. You can find great info there, as well as useful tips from metasploit pros, the metasploit dev team, and metasploit's creator HD Moore.
If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...
Re: msfconsole & nexpose
Thanks again scott.
So it seems msfconsole automatically starts the db and connects when you launch it.
So say I move to another site, start another scan, how would I then use another database to store the results?
I would also like to know the "normal" processes the pro's use.
Let's say you have hacked in and gained network access. You fire up msfconsole and then...what is the logical attack process?
I'm thinking something like:
1. create a new database/instance/workspace? to store results
2. nmap / nexpose scan for vunerabilities
At this point you could launch a noisy auto-exploit script (autopwn or similar) or identify a machine with vunerabilities you think you can exploit, using commands:
SEARCH xxx - to search the database for modules which can scan/exploit xxx (say HTTP)
USE xxx - to use the module
INFO - for more information on what it does
SHOW OPTIONS - to set parameters
Exploit/Run - Run the module
Are there any others which can be useful?
Re: msfconsole & nexpose
The metasploit framework is a broad & deep thing. I've been working with it for awhile, and still feel like I've only scratched the surfaceI'm certainly not a pro, but I think of pentration testing as a cycle: gather info, scan, enumerate ports/services, attack, compromise, gain foothold, and repeat. I prefer to store my tool outputs in text files, and import them into KeepNote to gather everything together.
That being said, try help at the msf prompt when you first start msfconsole. Lots of useful commands there.
If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...
Re: msfconsole & nexpose
Hey thanks.. I will go ahead with the installation then.Originally Posted by hongman
Posting Permissions