Metasploit help

59 views
Skip to first unread message

aditya

unread,
Jun 1, 2012, 6:49:53 AM6/1/12
to null-...@googlegroups.com
Hello Hackers,

Could you please suggest some good ways for learning pen testing through Metasploit. Presently I am using the documents given on offensive security but they do not give in depth knowledge of the processes involved. So all the doubts do not get clear as to what a particular function does.

Will appreciate your help in this respect..

--
Regards
Aditya

Abhijeet Jayaraj

unread,
Jun 1, 2012, 7:00:18 AM6/1/12
to null-...@googlegroups.com
Well only practice makes the man perfect so set-up your virtual environment and start spot on and for beginning with metasploit i suggest you to check out Security Tubes's Metasploit megaprimer series(17 video series) by Vivek Ramachandran. Its just awesome.

Download metasploitable iso and set it up and exploit it.
You can also use a virtual Windows environment too for working.
So start with setting up your own pentest Laboratory 

Stop waiting and start firing up. ;)


--
Regards
Aditya

--
Get ready for the Dilli Shakedown!
nullcon security conference Delhi Sept 26-29th 2012
http://nullcon.net
 
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/

satish reddy

unread,
Jun 1, 2012, 7:08:12 AM6/1/12
to null-...@googlegroups.com

Abhijeet hanks frm side too..
This group roxXx

chaitany kamble

unread,
Jun 1, 2012, 7:12:45 AM6/1/12
to null-...@googlegroups.com
Also go through

Metasploit - A Penetration Tester's Guide by David Kennedy and Mati Aharoni.


Regards,
Chaitany S. Kamble
ControlCase 

bharadwaja maringanti

unread,
Jun 1, 2012, 11:55:45 PM6/1/12
to null-...@googlegroups.com
security tube videos are best...and next read metasploit unleahed....it acts like a dictionary....
With Thanks & Regards

M.B.Chakrawarthi

aditya

unread,
Jun 3, 2012, 1:55:45 AM6/3/12
to null-...@googlegroups.com
Thanks Chaitanya Sir, Bharadwaja Sir
Regards
Aditya

Yash Rohilla

unread,
Jun 4, 2012, 3:34:19 AM6/4/12
to null
Hello Aditya,

I suggest the best way to go about pen testing through Metasploit is
to use Back|Track. I used VMware to set up a virtual copy of Windows
XP and Back|Track simultaneously.
A website which helped me a lot was http://www.backtrack-linux.org
which offered in-depth tutorials and How-To's on pen testing. It also
has quite an extensive community where both experts and beginners ask
for and give help on small bugs and doubts which arise throughout the
usage of the operating system.
And like Abhijeet Jayaraj said, stop waiting and start firing up ;)

Hope this helped,
Yash

On 3 June, 10:55, aditya <nauty.m...@gmail.com> wrote:
> Thanks Chaitanya Sir, Bharadwaja Sir
>
> On Sat, Jun 2, 2012 at 9:25 AM, bharadwaja maringanti
> <chakri....@gmail.com>wrote:
>
>
>
>
>
>
>
>
>
> > security tube videos are best...and next read metasploit unleahed....it
> > acts like a dictionary....
>
> > On Fri, Jun 1, 2012 at 4:42 PM, chaitany kamble <chaitany.kam...@gmail.com
> > > wrote:
>
> >> Also go through
>
> >> Metasploit - A Penetration Tester's Guide by David Kennedy and Mati
> >> Aharoni.
>
> >> Regards,
> >> Chaitany S. Kamble
> >> ControlCase
>
> >> On Fri, Jun 1, 2012 at 4:30 PM, Abhijeet Jayaraj <abhijeet9...@gmail.com>wrote:
>
> >>> Well only practice makes the man perfect so set-up your virtual
> >>> environment and start spot on and for beginning with metasploit i suggest
> >>> you to check out Security Tubes's Metasploit megaprimer series(17 video
> >>> series) by Vivek Ramachandran. Its just awesome.
> >>> Here is the link
> >>>http://www.securitytube.net/groups?operation=view&groupId=8
>
> >>> Download metasploitable iso and set it up and exploit it.
> >>> You can also use a virtual Windows environment too for working.
> >>> So start with setting up your own pentest Laboratory
>
> >>> Stop waiting and start firing up. ;)
>

Syed Anwaarullah

unread,
Jun 4, 2012, 8:26:48 AM6/4/12
to null-...@googlegroups.com
Digit magazine (June issue) has included the  entire SecurityTube Metasploit framework course in their DVD that ships along with the magazine. 

You can get more info about the DVD contents on this link:

(Check out DVD 1, Nix and FOSS)

Thanks,
Syed Anwaarullah

lesiah ng'ang'a

unread,
Jun 4, 2012, 4:14:28 PM6/4/12
to null-...@googlegroups.com

aditya

unread,
Jun 6, 2012, 8:14:56 AM6/6/12
to null-...@googlegroups.com
Hello hackers,

I am not able to figure out this error through Googling


meterpreter > shell
Process 2564 created.
Channel 1 created.
[-] Error running command shell: ActiveRecord::StatementInvalid PGError: ERROR:  invalid input syntax for type bytea
LINE 1: ...l_path", "created_at") VALUES(5, E'output', NULL, E'Microsof...
                                                             ^
: INSERT INTO "session_events" ("session_id", "etype", "command", "output", "remote_path", "local_path", "created_at") VALUES(5, E'output', NULL, E'Microsoft Windows XP [Version 5.1.2600]\015\012(C) Copyright 1985-2001 Microsoft Corp.\015\012\015\012C:\\WINDOWS\\system32>', NULL, NULL, '2012-06-06 17:29:44.423933') RETURNING "id"


This happens when I import a nessus scan file to a Postgresql Db and try to exploit the vulnerability using metasploit. The getsystem command works fine and gets the system but still it is not able to get the shell when it exploits the vulnerability 'ms08_067_netapi' and creates a session.

It works perfectly fine when I directly exploit the host but doesnt when I try to import the nessus file.

Please help, thanks!
--
Regards
Aditya

aditya

unread,
Jun 8, 2012, 10:41:38 AM6/8/12
to null-...@googlegroups.com
Hello hackers,

Just wanted a small help with metasploit. I wanted to know when we run an exploit does the system use all the 'payloads' by default and when we choose a specific payload suppose 'set payload windows/shell/reverse_tcp'  so is that exploit made only under this specific payload?

Thanks

--
Regards
Aditya Balapure

Abhijeet Jayaraj

unread,
Jun 8, 2012, 7:19:52 PM6/8/12
to null-...@googlegroups.com
No. There are different payloads available for every exploit. When and after you type "set payload" press "tab" twice or thrice to see the entire list of payloads supported by that particular exploit. Then you can choose the payload you might want to use.


--
Regards
Aditya Balapure

abhinav singh

unread,
Jun 9, 2012, 12:55:42 AM6/9/12
to null-...@googlegroups.com

You can choose paylolads based on your OS..linux has different payloads compared to windows..metasploit picks up a default payload based on your exploit(in case u hv not specified the payload)

aditya

unread,
Jun 9, 2012, 2:28:13 AM6/9/12
to null-...@googlegroups.com
So do we actually need to specify a payload when metasploit does it on its own?
--
Regards
Aditya

abhinav singh

unread,
Jun 9, 2012, 5:10:30 AM6/9/12
to null-...@googlegroups.com

Its alwaz advisable to specify the payload..depending on the type of exploit, u should define the payload.

Prashant Guleria

unread,
Jun 9, 2012, 5:35:57 AM6/9/12
to null-...@googlegroups.com

First of all u have to find which exploit to u for that u should know that the traget sys is vunrable according. To that u choices. The payload as well u can exploit

On Jun 8, 2012 8:21 PM, "aditya" <nauty...@gmail.com> wrote:
Reply all
Reply to author
Forward
0 new messages