Metasploit mailing list archives
Question about db_autopwn
From: Craig Freyman <craigfreyman () gmail com>
Date: Wed, 24 Mar 2010 08:08:07 -0600
My test "victim" machine is an XP box with SP3 and no other patches. Nessus reports 77 high vulnerabilities using a credential scan. When I import the results into metasploit with db_import_nessus_xml and run db_autopown -t -x I only see 4 matching exploits: [*] Matching Exploit Modules [*] ================================================================================ [*] 10.0.1.8:445 exploit/windows/fileformat/adobe_libtiff (BID-38195) [*] 10.0.1.8:445 exploit/windows/smb/ms08_067_netapi (CVE-2008-4250, OSVDB-49243) [*] 10.0.1.8:445 exploit/windows/smb/psexec (CVE-1999-0504) [*] 10.0.1.8:445 exploit/windows/smb/smb_relay (CVE-2008-4037, OSVDB-49736) Am I doing something wrong or does db_autopwn not report back on browser vulns? For example, I tested the aurora exploit and it worked fine, but it did not show up as a matching exploit. Any ideas? -Craig
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Question about db_autopwn Craig Freyman (Mar 24)
- Re: Question about db_autopwn HD Moore (Mar 24)