Security Basics mailing list archives
Re: Re: Automated penetration test
From: jeevanullas () gmail com
Date: Fri, 17 Apr 2009 06:53:57 -0600
Hi, The blogspot link pointed above is using commands which are pretty old. If you are using metasploit3-dev from SVN then you need to first configure whatever db you would like to use first of all. I had done automated pen testing with metasploit3-dev using postgresql db. Just load the appropriate db plugin using: msf > db_driver postgresql; Then you need to issue the db_create to create the db , this might require you to setup a appropriate role in postgresql before hand which postgresql logs will let you know off. After that as mentioned in the blog post also you just need to run db_nmap to run nmap on a particular port in a particular network. Though .nessus file from Nessus or .xml output file from nmap also works (basically loads the db). Finally as people above suggested there you have the db_autopwn to finally start the exploiting. There were couple of changes made to the MSF to support postgresql so if you are using msf3 then please do a 'svn update' from the msf3 directory on your system. Also regarding the payload , well I have tested vncinject payloads to work perfectly fine with automated pen testing jobs done via metasploit3-dev. Cheers ;) Deependra Singh Shekhawat ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------
Current thread:
- Automated penetration test p3dRø (Apr 02)
- RE: Automated penetration test David Gillett (Apr 03)
- RE: Automated penetration test Rui Pereira (WCG) (Apr 03)
- RE: Automated penetration test leegarner (Apr 03)
- Re: Automated penetration test Nikhil Wagholikar (Apr 03)
- Re: Automated penetration test Nicholas Harvey (Apr 03)
- <Possible follow-ups>
- Automated penetration test p3dRø (Apr 02)
- Re: Automated penetration test Abhishek Kumar (Apr 03)
- Re: Automated penetration test τ∂υƒιφ * (Apr 03)
- Re: Automated penetration test Sujit Ghosal (Apr 03)
- Re: Re: Automated penetration test jeevanullas (Apr 20)
- RE: Automated penetration test David Gillett (Apr 03)