Why doesn't Metasplot Pro work?

F

Fishay2015-05-27 22:34:34

Information Security

Fishay, 2015-05-27 22:34:34

The virtual machine has Ubuntu 14.04 and MetaSploit Pro installed.
Scanned with Nexpose and Nessus on my own VPS. Identified 50 vulnerabilities.
After that, I imported the scan data into Metasploit Pro, chose my VPS for the pentest and clicked "exploit".
As a result, after two hours, the operation ended with a zero result (no session was created to exploit the vulnerability).
During the pentest operation, it always came out: Starting bind handler and then nothing but an error notification (like Mysql request failed, TimeoutConnection).
Firewall disabled on the virtual machine. Not so fresh software is installed on the VPS (LAMP, PHP 5.4, phpMyadmin).
In general, I don’t understand why there are vulnerabilities, but Metasploit cannot use them?!?!

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

G

g00dv1n, 2015-05-27
@g00dv1n

Check if ports are forwarded + it happens. Sometimes it erroneously shows that there is a vulnerability.
Try to turn it in msfcosole, try different payloads.

S

Sergey N, 2015-06-04
@Albibek

The fact that nessus or nexpose shows you a vulnerability does not mean that the vulnerability actually exists, nor does it mean that it can be exploited. Treat the scanner message as a warning about a possible vulnerability. The checks in these scanners are quite simple, read the descriptions of vulnerabilities, maybe they are not so dangerous or they do not exist at all.