whizmopa.blogg.se - How to use nessus on metasploitable 2

Successfully imported /pentest/results/nessus_report_TestSrvr.nessus Msf > db_import /pentest/results/nessus_report_Appsrvr.nessus Successfully connected to the databaseĭb_import /pentest/results/nessus_report_TestSrvr.nessus Note that sqlite is not supported due to numerous issues. cd /pentest/exploits/framework3 (change directory to your metasploit installation dir)Īt this stage you will need to create a DB, import the scanned nessus report, and then perform your hacking kungfu with the db_autopwn command.

Issue the following commands to load Metasploit: Login to your machine of choice, in my case its my BackTrack4 Linux VM. Once your scan is completed download the report and save it in a. I selected the web application policy since the target server was running and outdated web application. Now create your scan policy or used from one of the default policies. You can download your copy of nessus from HERE and don’t forget to register for a homefeed license.

Windows 2003 server with a vulnerable web appīelow are the necessary steps to get from a Nessus scan to the correct Metasploit module for exploiting your system.

If this is the first time you have heard of ExploitDB or Metasploit you should first visit the Metasploit Unleashed training site. Today’s post will focus on what to do after you have scanned that vulnerable system and found a juice vulnerability. Or if you are a pro then its off to go and write your own exploit for the newly discovered vulnerability. How many times have you fired off a Nessus scan and then after finding the goodies you have to go to either ExploitDB, or a similar site in search for a exploit.