Metasploit mailing list archives
Re: Question about db_autopwn
From: HD Moore <hdm () metasploit com>
Date: Wed, 24 Mar 2010 09:27:23 -0500
On 3/24/2010 9:08 AM, Craig Freyman wrote:
My test "victim" machine is an XP box with SP3 and no other patches. Nessus reports 77 high vulnerabilities using a credential scan. When I import the results into metasploit with db_import_nessus_xml and run db_autopown -t -x I only see 4 matching exploits: Am I doing something wrong or does db_autopwn not report back on browser vulns? For example, I tested the aurora exploit and it worked fine, but it did not show up as a matching exploit. Any ideas?
The db_autopwn command skips client-side exploits, since they would require action from the client to exploit and autopwn is an active-attack tool. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Question about db_autopwn Craig Freyman (Mar 24)
- Re: Question about db_autopwn HD Moore (Mar 24)