so basically i'm trying to do this the hard way, without using db_autopwn since there's none in backtrack 5 R3!
I have scanned my target and got the vulns list by running the vulns command, so i get something similar to this (3NEXPOSE-udp-ipid-zero
vulns):[*] Time: 2012-11-13 09:08:23 UTC Vuln: host= name=ICMP timestamp response refs=CVE-1999-0524,OSVDB-95,XF-306,XF-322,NEXPOSE-generic-icmp-timestamp[*] Time: 2012-11-13 09:08:23 UTC Vuln: host=xxx.xxx.xxx.xxx name=TCP timestamp response refs=URL-http://uptime.netcraft.com,URL-http://www.forensicswiki.org/wiki/TCP_timestamps,URL-http://www.ietf.org/rfc/rfc1323.txt,NEXPOSE-generic-tcp-timestamp[*] Time: 2012-11-13 09:00:50 UTC Vuln: host=xxx.xxx.xxx.xxx name=UDP IP ID Zero refs=NEXPOSE-udp-ipid-zero
what can i do from this point to start exploiting the vulnerabilities ? I've tried reading the metasploit book but there's no mention about what to do without db_autopwn (older version of metasploit). It only assumes that we somehow know that the target has a specific vulnerability and continues from there, it doesn't mention how we can exploit the vulnerabilities found from a nexpose scan.
in other words:
I was wondering how on earth does this relate to selecting an exploit from the list of exploits and trying to run a payload ... how does autopwn find the exploit to work with from the above results? There's a reference (e.g. NEXPOSE-udp-ipid-zero) can i find the module to use from the reference somehow ?