Results 1 to 9 of 9

Thread: msfconsole & nexpose

Hybrid View

  1. #1
    Member
    Join Date
    Jan 2006
    Posts
    90

    Default msfconsole & nexpose

    Hi all

    Bit confused here, would appreciate if someone can clarify!

    I have a installation of BT5R2 x64 on my laptop. I am trying to run nexpose from within msfconsole.

    So I fire up msfconsole and type "load nexpose" which loads the plugin successfully.

    Then I type nexpose_connect ... but I dont know what the default username and password is.

    So I then assume that this is not nexpose, and only a plugin, and that I have to download nexpose myself.

    I downloaded the .bin file, installed, and when I run it:

    Code:
    root@bt:/opt/rapid7/nexpose/nsc# ./nsc.sh
    Checking for available jvms
    Validating jre in directory  _jvm1.6.0_25
    Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future
    2012-05-03T18:25:28 [INFO] 
    2012-05-03T18:25:28 [INFO] OS Information
    2012-05-03T18:25:28 [INFO] ------------------------------------------------------------
    2012-05-03T18:25:28 [INFO] Current directory: /opt/rapid7/nexpose/nsc
    2012-05-03T18:25:28 [INFO] User name:         root
    2012-05-03T18:25:28 [INFO] Computer name:     bt
    2012-05-03T18:25:28 [INFO] Operating system:  Ubuntu Linux 10.04
    2012-05-03T18:25:28 [INFO] Total memory:      4048736 KBytes
    2012-05-03T18:25:28 [INFO] Available memory:  2751728 KBytes
    2012-05-03T18:25:28 [INFO] CPU speed:         2401MHz
    2012-05-03T18:25:28 [INFO] Number of CPUs:    2
    2012-05-03T18:25:28 [INFO] Super user:        true
    2012-05-03T18:25:28 [INFO] JVM started:       Thu May 03 18:25:26 BST 2012
    2012-05-03T18:25:28 [INFO] JVM uptime:        1 second
    Checking graphics environment...
    OK                                                                                                                                                                                  
    PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/etc/alternatives/gem-bin:/etc/alternatives/gem-bin                                                   
    The Java virtual machine is exiting with code 0                                                                                                                                     
    Using jre at  _jvm1.6.0_25                                                                                                                                                          
    PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/etc/alternatives/gem-bin:/etc/alternatives/gem-bin                                                   
    Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future                                                                                             
    Logging to file /opt/rapid7/nexpose/update.log
    Checking for available jvms
    Validating jre in directory  _jvm1.6.0_25
    Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future
    2012-05-03T18:25:30 [INFO] 
    2012-05-03T18:25:30 [INFO] OS Information
    2012-05-03T18:25:30 [INFO] ------------------------------------------------------------
    2012-05-03T18:25:30 [INFO] Current directory: /opt/rapid7/nexpose/nsc
    2012-05-03T18:25:30 [INFO] User name:         root
    2012-05-03T18:25:30 [INFO] Computer name:     bt
    2012-05-03T18:25:30 [INFO] Operating system:  Ubuntu Linux 10.04
    2012-05-03T18:25:30 [INFO] Total memory:      4048736 KBytes
    2012-05-03T18:25:30 [INFO] Available memory:  2727972 KBytes
    2012-05-03T18:25:30 [INFO] CPU speed:         1200MHz
    2012-05-03T18:25:30 [INFO] Number of CPUs:    2
    2012-05-03T18:25:30 [INFO] Super user:        true
    2012-05-03T18:25:30 [INFO] JVM started:       Thu May 03 18:25:29 BST 2012
    2012-05-03T18:25:30 [INFO] JVM uptime:        0 seconds
    Checking graphics environment...
    OK
    PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/etc/alternatives/gem-bin:/etc/alternatives/gem-bin
    The Java virtual machine is exiting with code 0
    Using jre at  _jvm1.6.0_25
    PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/etc/alternatives/gem-bin:/etc/alternatives/gem-bin
    Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future
    2012-05-03T18:25:31 [INFO] Logging initialized. [Name = default] [Level = INFO] [Timezone = Europe/Isle_of_Man (Greenwich Mean Time, GMT01:00)]
    2012-05-03T18:25:31 [INFO] Current directory:  /opt/rapid7/nexpose/nsc
    2012-05-03T18:25:31 [INFO] User name:          root
    2012-05-03T18:25:31 [INFO] Super user:         Yes
    2012-05-03T18:25:31 [INFO] Computer name:      bt
    2012-05-03T18:25:31 [INFO] Host Address:       127.0.1.1
    2012-05-03T18:25:31 [INFO] Host FQDN:          bt.foo.org
    2012-05-03T18:25:31 [INFO] Operating system:   Ubuntu Linux 10.04
    2012-05-03T18:25:31 [INFO] CPU speed:          1600MHz
    2012-05-03T18:25:31 [INFO] Number of CPUs:     2
    2012-05-03T18:25:31 [INFO] Total memory:       3.9 GB
    2012-05-03T18:25:31 [INFO] Available memory:   2.6 GB
    2012-05-03T18:25:31 [INFO] Total disk space:   39.3 GB
    2012-05-03T18:25:31 [INFO] Available disk space:25.5 GB
    2012-05-03T18:25:31 [INFO] JVM name:           Java HotSpot(TM) 64-Bit Server VM
    2012-05-03T18:25:31 [INFO] JVM vendor:         Sun Microsystems Inc.
    2012-05-03T18:25:31 [INFO] JVM version:        20.0-b11
    2012-05-03T18:25:31 [INFO] JVM started:        2012-05-03 17:25 GMT
    2012-05-03T18:25:31 [INFO] Running interactively under super-user: root.
    2012-05-03T18:25:31 [INFO] Initializing JDBC drivers.
    2012-05-03T18:25:31 [INFO] Running first-time configuration.
    2012-05-03T18:25:31 [INFO] Configuring PostgreSQL installation in /opt/rapid7/nexpose/nsc/nxpgsql.
    2012-05-03T18:25:31 [INFO] Verifying permissions on /opt/rapid7/nexpose/nsc/nxpgsql
    2012-05-03T18:25:31 [INFO] Verifying disk space on /opt/rapid7/nexpose/nsc/nxpgsql
    2012-05-03T18:25:31 [WARN] Could not determine nxpgsql daemon status. Continuing installation...
    2012-05-03T18:25:31 [INFO] Adding service user nxpgsql
    <snip>
    2012-05-03T18:25:31 [INFO] Successfully set file permissions
    2012-05-03T18:25:31 [INFO] Changing permissions of directory '/opt/rapid7/nexpose/nsc/db' to go+x
    2012-05-03T18:25:32 [INFO] Postgres data directory already exists. Cleaning up. /opt/rapid7/nexpose/nsc/nxpgsql/nxpdata
    2012-05-03T18:25:32 [INFO] Creating data directory in /opt/rapid7/nexpose/nsc/nxpgsql/nxpdata
    2012-05-03T18:25:32 [INFO] Setting permissions on data directory /opt/rapid7/nexpose/nsc/nxpgsql/nxpdata
    2012-05-03T18:25:32 [INFO] Initializing PostgreSQL database
    2012-05-03T18:25:32 [ERROR] A critical error occured during initialization
    java.lang.RuntimeException: initdb exited with error code 1
            at com.rapid7.nexpose.util.PostgresInstaller.initDatabase(Unknown Source) ~[nxshared.jar:na]
            at com.rapid7.nexpose.util.LinuxPostgresInstaller.initDatabase(Unknown Source) ~[nxshared.jar:na]
            at com.rapid7.nexpose.util.PostgresInstaller.run(Unknown Source) ~[nxshared.jar:na]
            at com.rapid7.nexpose.nsc.FirstTimeConfigurator.installDB(Unknown Source) ~[nsc.jar:na]
            at com.rapid7.nexpose.nsc.FirstTimeConfigurator.configure(Unknown Source) ~[nsc.jar:na]
            at com.rapid7.nexpose.nsc.NSC.initFirstTimeConfig(Unknown Source) [nsc.jar:na]
            at com.rapid7.nexpose.nsc.NSC.initCriticalSubsystems(Unknown Source) [nsc.jar:na]
            at com.rapid7.nexpose.nsc.NSC.initSubsystems(Unknown Source) [nsc.jar:na]
            at com.rapid7.nexpose.nsc.NSC.run(Unknown Source) [nsc.jar:na]
            at com.rapid7.nexpose.nsc.NSC.main(Unknown Source) [nsc.jar:na]
    2012-05-03T18:25:32 [ERROR] Error during server initialization.
    java.lang.NullPointerException: null
            at com.rapid7.nexpose.nsc.NSC.initSubsystems(Unknown Source) [nsc.jar:na]
            at com.rapid7.nexpose.nsc.NSC.run(Unknown Source) [nsc.jar:na]
            at com.rapid7.nexpose.nsc.NSC.main(Unknown Source) [nsc.jar:na]
    2012-05-03T18:25:32 [INFO] Shutting down immediately
    2012-05-03T18:25:32 [INFO] Shutting down asset group service executor...
    2012-05-03T18:25:32 [INFO] removing scheduled risk and history updater jobs
    2012-05-03T18:25:32 [INFO] Shutting down data warehouse service
    2012-05-03T18:25:32 [INFO] Shutting down config manager
    2012-05-03T18:25:32 [WARN] Error shutting down database.
    java.sql.SQLException: No suitable driver
            at java.sql.DriverManager.getDriver(Unknown Source) ~[na:1.6.0_25]
            at com.rapid7.nexpose.datastore.DBManager.shutdownPools(Unknown Source) ~[nxshared.jar:na]
            at com.rapid7.nexpose.datastore.DBManager.shutdownDB(Unknown Source) ~[nxshared.jar:na]
            at com.rapid7.nexpose.datastore.DBManager.shutdownDBSystem(Unknown Source) ~[nxshared.jar:na]
            at com.rapid7.nexpose.nsc.NSC.shutdownDB(Unknown Source) [nsc.jar:na]
            at com.rapid7.nexpose.nsc.NSC.shutdownSubsystems(Unknown Source) [nsc.jar:na]
            at com.rapid7.nexpose.nsc.NSC.shutdown(Unknown Source) [nsc.jar:na]
            at com.rapid7.nexpose.nsc.NSC.shutdown(Unknown Source) [nsc.jar:na]
            at com.rapid7.nexpose.nsc.NSC.run(Unknown Source) [nsc.jar:na]
            at com.rapid7.nexpose.nsc.NSC.main(Unknown Source) [nsc.jar:na]
    2012-05-03T18:25:32 [INFO] Shutting down command console
    NeXpose security console exited with code 0
    I have also done apt-get update/upgrade

    Please assist!

  2. #2
    Member
    Join Date
    Jan 2006
    Posts
    90

    Default Re: msfconsole & nexpose

    Huh. I rebooted and immediately ran nsc.sh again, and now it seems to be updating.

    A search on rapid7's community suggests they found similar thing for their own Backtrack testing.

    Maybe this will help someone else.

  3. #3
    Senior Member
    Join Date
    Feb 2012
    Location
    Cyberspace
    Posts
    174

    Default Re: msfconsole & nexpose

    hey..could you please tell me why nexpose needs 500GB.. I understand that it is to keep the analysis data..I am currently running backtrack in 32Gb space and with 8gb ram. Can you please tell me how much space nexpose takes when install from bin file?

    Regards

  4. #4
    Member
    Join Date
    Jan 2006
    Posts
    90

    Default Re: msfconsole & nexpose

    I am running my BT installation on a 40GB partition and I've used 15GB, inc nexpose install. It took about 1GB tops from memory!

  5. #5
    Senior Member
    Join Date
    Feb 2012
    Location
    Cyberspace
    Posts
    174

    Default Re: msfconsole & nexpose

    Quote Originally Posted by hongman View Post
    I am running my BT installation on a 40GB partition and I've used 15GB, inc nexpose install. It took about 1GB tops from memory!
    Hey thanks.. I will go ahead with the installation then.

  6. #6
    Member
    Join Date
    Jan 2006
    Posts
    90

    Default Re: msfconsole & nexpose

    Just to add to this, it seems MSF has changed from recently?

    I am following the guide here http://www.offensive-security.com/me...g_With_NeXpose

    But none of the commands listed work.

    More specifically:

    db_create doesnt work.
    db_import works
    db_services and db_vulns are now just services and vulns
    db_autopwn doesnt work.

    From the help output I cant see any replacement commands etc?

  7. #7
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: msfconsole & nexpose

    Perhaps I can help with some history. The MSF underwent a pretty drastic change...I think it was version 4.0 Anyway, db_autopwn was removed due to it's instability. It is possible to add db_autopwn back, although I haven't done it myself; there are threads on how to re-add it on the forums here.

    If you do a db_status at the msf prompt right after starting metasploit, you'll see that you startup with a postgresql database connected. So, there's no need for a db_create command any longer. You can use the workspace command to switch between database workspaces.

    In my opinion, the ultimate resource for the framework is the metasploit mailing list. You can find great info there, as well as useful tips from metasploit pros, the metasploit dev team, and metasploit's creator HD Moore.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  8. #8
    Member
    Join Date
    Jan 2006
    Posts
    90

    Default Re: msfconsole & nexpose

    Thanks again scott.

    So it seems msfconsole automatically starts the db and connects when you launch it.

    So say I move to another site, start another scan, how would I then use another database to store the results?

    I would also like to know the "normal" processes the pro's use.

    Let's say you have hacked in and gained network access. You fire up msfconsole and then...what is the logical attack process?

    I'm thinking something like:

    1. create a new database/instance/workspace? to store results
    2. nmap / nexpose scan for vunerabilities

    At this point you could launch a noisy auto-exploit script (autopwn or similar) or identify a machine with vunerabilities you think you can exploit, using commands:

    SEARCH xxx - to search the database for modules which can scan/exploit xxx (say HTTP)
    USE xxx - to use the module
    INFO - for more information on what it does
    SHOW OPTIONS - to set parameters
    Exploit/Run - Run the module

    Are there any others which can be useful?

  9. #9
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: msfconsole & nexpose

    The metasploit framework is a broad & deep thing. I've been working with it for awhile, and still feel like I've only scratched the surface I'm certainly not a pro, but I think of pentration testing as a cycle: gather info, scan, enumerate ports/services, attack, compromise, gain foothold, and repeat. I prefer to store my tool outputs in text files, and import them into KeepNote to gather everything together.

    That being said, try help at the msf prompt when you first start msfconsole. Lots of useful commands there.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

Similar Threads

  1. No Drivers available in msfconsole
    By kartoffelbreiei in forum BackTrack 5 Bugs
    Replies: 6
    Last Post: 05-16-2011, 09:07 AM
  2. Nexpose error
    By ugothakd in forum Beginners Forum
    Replies: 1
    Last Post: 01-31-2011, 06:14 AM
  3. msfconsole issue
    By mackbet in forum Beginners Forum
    Replies: 1
    Last Post: 10-06-2010, 04:54 AM
  4. Metasploit 3.3 - MsfConsole
    By regedit in forum OLD Newbie Area
    Replies: 0
    Last Post: 01-22-2010, 11:06 AM
  5. Metasploit 3.3 - MsfConsole
    By regedit in forum Angolo dei Newbie
    Replies: 0
    Last Post: 01-21-2010, 07:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •