|
Metasploit News
For those who didnt know automated exploit and msfweb can now run on the N800.
|
Re: Metasploit
Gne? What's that?
|
Re: Metasploit
Quote:
I am not sure what you are asking there... Metasploit is a suite of exploits use for auditing... |
Re: Metasploit
Sorry, I'm not a l33t h4x0r, so I didn't made the link with Metasploit.
("use for auditing" always makes me smile). |
Re: Metasploit
serial, are there debs available? what repo?
|
Re: Metasploit
Quote:
|
Re: Metasploit
SeRi@lDiE, please share. I have been looking at this for a few months, but in fear of bricking something -- I hack some, but use the N800 for other stuff to -- the risk was to great.... if there is an easier way that generally published, info would be good. I have a home wireless to shore up and this would really help.
Thanks. |
Re: Metasploit
If any one needs it, I have made a very easy to follow install guide, with all needed packaging.
|
Re: Metasploit
Quote:
Thanks. Here are some screen shots.... http://i106.photobucket.com/albums/m...enshot00-3.png http://i106.photobucket.com/albums/m...enshot01-1.png |
Re: Metasploit
Actually 90% of the RoR packages comes from Pierre's, and is often stated in the docs I wrote. Basically it was written to walk a person without any real experience through the installation of ruby, but Im trying to compact all the BS into a self install script, but I keep bricking my 800 :-(
|
Re: Metasploit
Ic... well if you dont mind you can share your script and Ill be more than glad to help you out and give you some pointers...
Also keep in mind that if you are including the install of the gem files in your script that could be a problem as they go in order and some times they will give you a node error due to lack of proccesing power... Maybe using the old mighty "If" language would help a lot :D "If" not than leave it for manual install thats what I would do ;) Good Luck |
Re: Metasploit
Actually I will be sharing all of our projects. Im just waiting for a domain transfer on an old site. The purpose of the script was a few friends who could not figure out how to install the gems, and in what order. So after helping a few peeps i figured why not just automate the process and go from there. I still can not believe how smooth it runs on the 800 though. In fact if you know anyone who is familiar with the .net 2.0 framework and or SQL backends who wants to help us set a project share up.. let me know.
|
Re: Metasploit
It runs ok is just the start up what takes most of the time...
|
Re: Metasploit
share the wealth...I got it to run a while back....but seems you have Debs or an easier route to get it installed...
|
Re: Metasploit
I can't wait for the fruits of your labor. Thanks for your hard work.
Thorbo |
Re: Metasploit
Anyone had any luck getting auto-pwn working using the Metasploit 3 msfweb interface?
I've been to Pierre's site and downloaded and installed all the packages, up to the .gem files. When I try to install them by doing a gem intall (gem package version) I just get error messages of various types. So if anyone has any tips on how to install them, they'd be gratefully received... Thanks! |
Re: Metasploit
They take a lot of CPU power when they are installing just be patience.
If not... from xterm do... gem install rails --include-dependencies |
Re: Metasploit
Thanks for your help. Unfortunately when I do as you suggest, I get the following messages:
Bulk updating Gem source index for http://gems.rubyforge.org ERROR: While fetching remote gem cache: Errno::ENOSPC reading http://gems.rubyforge.org/yaml and am dumped back to the command prompt. Any idea what this means? Thanks! |
Re: Metasploit
Wow im really late on this... the self install is not completed, but a very self explanatory guide with all needed files for MSF is ready. I will have them posted by tommorow around 6PM CST... SeRi@lDiE: have you noticed a problem on any units where if you install the gems in the wrong order, the entire process is botched, not allowing any removal or addition of further RoR packages. Tried work arounds on multiple units all had the same outcome--- re-flash and install in sequential order.
|
Re: Metasploit
- Ruby Install
1a) ruby_1.8.5-p35_armel.deb - Gem Install 1b) rubygems_0.9.2_armel.deb -Rail Install 2) activesupport-1.4.1.gem 3) activerecord-1.15.2.gem 4) actionpack-1.13.2.gem 5) actionmailer-1.3.2.gem 6) actionwebservice-1.2.2.gem 7) rake-0.7.1.gem 8) rails-1.2.2.gem For anyone who wants the file install order... this should do. |
Re: Metasploit
Quote:
Mhhhhhh I am going to try and replicate the issue. Will keep u post it. |
Re: Metasploit
Metasploit framework 3 seems to work great on the N800, but I'm finding a problem that if you try to show exploits in the console (and I think msfweb too) mode, it only shows a few of the total available. In msfcli mode it's possible to use |more to display the exploits a page at a time, but anyone know how to do the equivalent with msfconsole or msfweb?
And does anyone know if it would be possible to compile the LORCON module to use on the N800 so that it would be possible to carry out the exploits such as the Broadcom Wireless Driver Probe Response SSID Overflow in the Metasploit framework 3? |
Re: Metasploit
Quote:
I dont have that issue I do have the issue where msfweb stop working for me... I am going to reflash my device and start all over..... And I am sure somebody can find a way to port your request. |
Re: Metasploit
Updating Metasploit?
I use Metaspoit on a Linux laptop, and updating is just a matter of running SVN update SO here's my question: what's the best way to update Metasploit 3 running on the N800. There's no SVN client for the N800 (afaik), and the tarball you can down from the Metasploit site is nothing like up to date. I've tried doing an SVN update on the Laptop and transferring the whole Metasploit folder and all its subfolders to the N800 but that doesn;t seem to work porperly. I read somewhere that it's necessary to remove all SVN traces from a folder on a laptop before it can be moved and run properly on the N800 but I am not sure what that means. Anyone else got a good system for keeping Metasploit up to date on the N800? The tarball from www.metasploit.com has 177 exploits, while the latest version downloaded using SVN has 202 so there is quite a difference. |
Re: Metasploit
I been using SVN in my laptop and transfering thru SCP to my N800 no problems here... Well maybe thats why msfweb stop working?!?
|
Re: Metasploit
Interesting, SeRi@lDiE.
When I tried copying the whole thing over from my laptop, msfconsole took an age to load, and then I ran load db_sqlite but I couldn't get beyond that to create a new database for db_nmap and db_autopwn I wonder if that could be related in any way to SVN. I came across this instruction: "When the svn checkout is done go into the Metasploit root directory and run the following command. find . -name .svn -exec rm -fr {} \; " but when I tried it I just got an error message. I don't know enough Linux to even know what that command is meant to be doing. Any ideas? |
Re: Metasploit
Quote:
I do not run that command dont see the need to it. |
Re: Metasploit
Thanks for the info.
Byou reflash your machine (though with any luck we'll all be doing that with the new firmware sometime this month) you could always download and untar the tarball from metasploit in a different folder to your existing updated one to see if that works (ie to see if msfweb doesn't work because of anything to do with SVN or whether you have a problem with your Ruby/Rails installation or something else. Just a thought - apologies if it's so obvious you've already tried it! |
Re: Metasploit
Thanks mfresh I did try that :) Thats why I am going to reflash.
Thanks though! |
Re: Metasploit
Has anyone got a install file for metasploit im not sure how instal it or maybe a guidel
|
Re: Metasploit
I'll do one tomorrow for you. Too late right now...
|
Re: Metasploit
I too would like one. I have been able to successfully install in the past, however any mistake in the order and u are stuck reflashing. An automated install would be greatly appreciated!
|
Re: Metasploit
Please count me in..
|
Re: Metasploit
Errrr.... just to clarify, I'll do a step by step installation guide some time today, not an automatic installer.
It will show you how to get Metasploit running with web interface and db_autopwn etc. |
Re: Metasploit
hope we get a svn-client on the n800 soon, to update the metasploit from the device itself.
|
Re: Metasploit
An SVN client would be great. Is it feasible.
Anyway, if anyone wants a step by step howto on how to install Metasploit on the N800, it's ready now at: http://mfresh-n800.blogspot.com/ Please let me know if there are any mistakes and I'll correct them... |
Re: Metasploit
Quote:
|
Re: Metasploit
Very good Howto !!!
Everything works fine, except for nmap installation. When I try to install the package the system returns me this error (from application manager log): /usr/bin/dpkg-deb -f '/media/mmc2/nmap_4.20_armel.deb' Package must have "Section: user/FOO" to be considered compatible. Can you help me? Thank Scegliau |
Re: Metasploit
If I use dpkg -i nmap_4.20_armel.deb everything works OK.
But now the problem is: Error while running comman db_nmap: SQLite3::SQLException: unsupported file format: SELECT * FROM hosts WHERE (address = '192.168.90.2' and comm = '') LIMIT 1 Any idea about this? thanks scegliau |
Re: Metasploit
Not sure about this.
What was the exact command you typed in at the msfconsole prompt? |
| All times are GMT. The time now is 13:46. |
vBulletin® Version 3.8.8