paylish Posted February 21, 2012 Share Posted February 21, 2012 Hi All, Unfortunately, I cannot get very many of the commands that are printed in the book metasploit the penetration tester's guide to work properly. I am wondering if anyone else has tried to go through this book and use the examples through out. I am using BackTrack 5R1, but I think maybe the authors used version 4 or something. Does anyone know if commands change that dramatically from one version to the next? Are there any other resources to go to that I can help with using the MSFconsole in backtrack v5r1? Also, I can't find version 4 anywhere on the net, I was able to find V3 in a box in the basement, but that version of MSFconsole was not as robust and none of the commands work from the book on that version. Anyone know where I can get a V4? Thanks for Reading! Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 21, 2012 Share Posted February 21, 2012 No on nostarch's page for the book, at the bottom has updates that may be why you are having an issue. Quote Link to comment Share on other sites More sharing options...
int0x80 Posted February 21, 2012 Share Posted February 21, 2012 paylish: The examples worked well for me when I did them at the release of the book. You are correct though that Metasploit is frequently updated; but most of those examples should still work. Can you post the error messages you are encountering? Quote Link to comment Share on other sites More sharing options...
digip Posted February 21, 2012 Share Posted February 21, 2012 BT5R1 uses v4 community edition I believe or prerelease, but for the most part, context of metasploit commands are the same, set an lhost, rhost, attack and payload. If all else fails, try Armitage. Not so much for the GUI making it easy, but because when you run en exploit, it shows you the commands typed in the console, and you can learn/follow from there what the syntax is for that version of Metasploit. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 21, 2012 Share Posted February 21, 2012 Here are the updates in the book. Updates(hide updates) Please note that some of the following errors have been corrected in newer printings of the book. Universal Changes Throughout the book, all instances of text in the first column should be substituted for the text in the second column: db_services services db_hosts hosts db_vulns vulns db_creds creds db_notes notes Page 4 In the Types of Penetration Tests section, "An overt pen test, or 'white hat' test" should read "'white box' test." (Similarly, a "covert pen test" can also be called a "black box test.") Page 21 In the Importing Nmap Results into Metasploit section, "nmap -Pn -sS -A -oX Subnet1 192.168.1.0/24" should read "nmap -Pn -sS -A -oX Subnet1.xml 192.168.1.0/24" Page 25 In sentence two of the Port Scanning With Metasploit section, "his process called" should read, "this process called." Page 52 In the code block, the following line: RHOSTS => 192.168.1.170-192.168.1.175 Should read: RHOSTS => 192.168.1.150-192.168.1.155 Page 80 In the first sentence of paragraph two, "we used the mssql_ping module" should read "we used the mssql_login module." Page 205 Due to a production error, Figure 14-4 is incorrect. A replacement is below: http://nostarch.com/images/metasploit14_04.png Page 216 The term ESP refers to the execution stack pointer. Quote Link to comment Share on other sites More sharing options...
paylish Posted February 29, 2012 Author Share Posted February 29, 2012 Thanks for the replies... since my post I have tried a version of BT4 and BT5 first edition that had older versions of the console, but to no avail.. I am guessing it is user error now. The authors updates helped on some stuff, but I am stuck on the db part of the framework. I can intelligence gather (chapter 3) and do some vulnerability scan (chapter 4), but I have having a hard time with the database connecting and such, which looks necessary to do some exploiting in chapter 5. When I type db_status it tells me that I am in postgresql msf3, but when I want to: db_connect postgres:toor@127.0.0.1/msfbook (or "msf3" if I disconnected myself) on page 20 it give me an error that states the following: Error while running command db_connect: Failed to connect to the database: Could not connect to server: Connection refused Is the server running on host 127.0.0.1 and accepting TCP/IP connections on port 5432? I tried using the IP address of the machine running BT5 and try the root:toor combination but those don't work either. Whats up? I am hoping to avoid Armitage or MSF windows download, but I may have to go that route if I cannot figure this out. Thanks, Paylish Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 29, 2012 Share Posted February 29, 2012 I take it you /etc/init.d/postgresql-8.3 start or whatever postgresql version is installed? You should see this per page 21 if you are connected msf > db_status [*] postgresql connected to msfbook Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted February 29, 2012 Share Posted February 29, 2012 If I remember correctly in Postgres you have to manually set a password. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.