Re: Question about db_autopwn

[HD Moore <hdm () metasploit com>]

On 3/24/2010 9:08 AM, Craig Freyman wrote:
> My test "victim" machine is an XP box with SP3 and no other patches.
> Nessus reports 77 high vulnerabilities using a credential scan. When I
> import the results into metasploit with db_import_nessus_xml and run
> db_autopown -t -x I only see 4 matching exploits:
>
> Am I doing something wrong or does db_autopwn not report back on browser
> vulns? For example, I tested the aurora exploit and it worked fine, but
> it did not show up as a matching exploit.
>
> Any ideas?

The db_autopwn command skips client-side exploits, since they would
require action from the client to exploit and autopwn is an
active-attack tool.

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework