Metasploit mailing list archives

Question about db_autopwn

From: Craig Freyman <craigfreyman () gmail com>
Date: Wed, 24 Mar 2010 08:08:07 -0600

My test "victim" machine is an XP box with SP3 and no other patches. Nessus
reports 77 high vulnerabilities using a credential scan. When I import the
results into metasploit with db_import_nessus_xml and run db_autopown -t -x
I only see 4 matching exploits:

[*]                             Matching Exploit Modules
[*]
================================================================================
[*]   10.0.1.8:445  exploit/windows/fileformat/adobe_libtiff  (BID-38195)
[*]   10.0.1.8:445  exploit/windows/smb/ms08_067_netapi  (CVE-2008-4250,
OSVDB-49243)
[*]   10.0.1.8:445  exploit/windows/smb/psexec  (CVE-1999-0504)
[*]   10.0.1.8:445  exploit/windows/smb/smb_relay  (CVE-2008-4037,
OSVDB-49736)


Am I doing something wrong or does db_autopwn not report back on browser
vulns? For example, I tested the aurora exploit and it worked fine, but it
did not show up as a matching exploit.

Any ideas?

-Craig

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Question about db_autopwn Craig Freyman (Mar 24)
- Re: Question about db_autopwn HD Moore (Mar 24)