Pen Testing - Some questions
ac1d
Prime
Prime

Status:
Offline

Posts:
241

Threads:
25

Joined:
Nov 2015

Trade Count:
2
  
0

Reputation:
20

Credits:

Likes received:


Prime

#1
Pen Testing - Some questions
Hello everyone

I am just trying to get into pen testing, but facing a little hurdle at the moment. 

Basically I am trying to hack into my Windows 8.1 from Kali linux, but I am unsure how to export latest 2017 exploits from CVE database to metasploit. 

I have tried 'msfupdate' command, but after search the database still does not list most recent CVE's that were reported on 20th of march 2017 on windows 8.1 vulnerabilities. 

Can anyone tell me how to update metasploit with most recent CVE's. Please

Also, is there any easy way to identify which vulnerabilities match which services/ports and on what operating system?

Appreciate your help.



“Never underestimate the determination of a kid who is time-rich and cash-poor.” - Zeus
04-05-2017, 12:37 PM
Find   Reply
robocop
Junior Member
New Registered

Status:
Offline

Posts:
1

Threads:
0

Joined:
Sep 2017

Trade Count:
0
  
0

Reputation:
0

Credits:

Likes received:



#2
RE: Pen Testing - Some questions
If you're looking for the most recent exploits, it's possible the CVE hasn't been added to the msf repository yet. The msf developers usually release a packaged exploit a few weeks *after* the CVE has been publicly disclosed. You might also consider rebuilding your kali box with a full update (dist-upgrade). Depending on the version, the repos might be outdated and/or no longer supported.

"is there any easy way to identify which vulnerabilities"

There are a number of useful tools for this. I prefer vulnscan + nmap:

[Image: ZLVBQS.jpg]

But there's also searchsploit, reconscan, exploit-db, etc:

[Image: searchsploit-colour2.png]

https://www.blackmoreops.com/2015/11/03/...etasploit/
https://github.com/RoliSoft/ReconScan
https://www.exploit-db.com/search/
Likes:
ac1d likes this post
09-19-2017, 10:54 AM
Find   Reply
ac1d
Prime
Prime

Status:
Offline

Posts:
241

Threads:
25

Joined:
Nov 2015

Trade Count:
2
  
0

Reputation:
20

Credits:

Likes received:


Prime

#3
RE: Pen Testing - Some questions
Cheers Robocop (blood). Appreciate your response. I sorted out that problem a while ago. There was something wrong with the configuration of my Metasploit database.



“Never underestimate the determination of a kid who is time-rich and cash-poor.” - Zeus
09-19-2017, 11:09 AM
Find   Reply




Users browsing this thread: 1 Guest(s)