PDA

View Full Version : nessus and metasploit 4.6 trouble



pentest09
2013-05-06, 08:51
Hi after loading nessus plugin and logging in I cant run the following without this error

msf>nessus_policy_list

Call stack:

/opt/metasploit/apps/pro/msf3/lib/nessus/nessus-xmlrpc.rb:258:in `block in policy_list_hash'

/usr/lib/ruby/1.9.1/rexml/element.rb:905:in `block in each'

/usr/lib/ruby/1.9.1/rexml/xpath.rb:67:in `each'

/usr/lib/ruby/1.9.1/rexml/xpath.rb:67:in `each'

/usr/lib/ruby/1.9.1/rexml/element.rb:905:in `each'

/opt/metasploit/apps/pro/msf3/lib/nessus/nessus-xmlrpc.rb:254:in `policy_list_hash'

/opt/metasploit/apps/pro/msf3/plugins/nessus.rb:1442:in `cmd_nessus_policy_list'

/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'

/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'

/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `each'

/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'

/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/shell.rb:200:in `run'

/opt/metasploit/apps/pro/msf3/msfconsole:169:in `<main>'



Any ideas????? it used to work fine on backtrack 5r2/3 I am now using the new 4.6 on kali and i have updated the distro.

Has nessus integration been dropped now?????

also outlook gives errors also, it seems older rb files dont work correctly anymore am i missing something?

zimmaro
2013-05-06, 13:12
Hi after loading nessus plugin and logging in I cant run the following without this error

msf>nessus_policy_list

Call stack:

/opt/metasploit/apps/pro/msf3/lib/nessus/nessus-xmlrpc.rb:258:in `block in policy_list_hash'

/usr/lib/ruby/1.9.1/rexml/element.rb:905:in `block in each'

/usr/lib/ruby/1.9.1/rexml/xpath.rb:67:in `each'

/usr/lib/ruby/1.9.1/rexml/xpath.rb:67:in `each'

/usr/lib/ruby/1.9.1/rexml/element.rb:905:in `each'

/opt/metasploit/apps/pro/msf3/lib/nessus/nessus-xmlrpc.rb:254:in `policy_list_hash'

/opt/metasploit/apps/pro/msf3/plugins/nessus.rb:1442:in `cmd_nessus_policy_list'

/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'

/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'

/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `each'

/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'

/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/shell.rb:200:in `run'

/opt/metasploit/apps/pro/msf3/msfconsole:169:in `<main>'



Any ideas????? it used to work fine on backtrack 5r2/3 I am now using the new 4.6 on kali and i have updated the distro.

Has nessus integration been dropped now?????

also outlook gives errors also, it seems older rb files dont work correctly anymore am i missing something?

hi pentest09 :)

***THIS IS MY"standard-source.list"

#

# deb cdrom:[Debian GNU/Linux 7.0 _Kali_ - Official Snapshot i386 LIVE/INSTALL Binary 20130311-20:38]/ kali contrib main non-free

#deb cdrom:[Debian GNU/Linux 7.0 _Kali_ - Official Snapshot i386 LIVE/INSTALL Binary 20130311-20:38]/ kali contrib main non-free

deb http://http.kali.org/kali kali main non-free contrib
deb-src http://http.kali.org/kali kali main non-free contrib

## Security updates
deb http://security.kali.org/kali-security kali/updates main contrib non-free

***THIS IS MY MSF (i think-update""every-day with apt-get"")

=[ metasploit v4.6.0-2013041701 [core:4.6 api:1.0]
+ -- --=[ 1091 exploits - 683 auxiliary - 181 post
+ -- --=[ 298 payloads - 29 encoders - 8 nops

msf > load nessus
Nessus Bridge for Metasploit 1.1
[+] Type nessus_help for a command listing
Successfully loaded plugin: nessus

msf > nessus_connect root:toor@127.0.0.1:8834
Connecting to https://127.0.0.1:8834/ as root
Authenticated
msf > nessus_policy_list
[+] Nessus Policy List
[+]

ID Name Comments
-- ---- --------
-1 Web App Tests
-2 Internal Network Scan
-3 Prepare for PCI-DSS audits (section 11.2.2)
-4 External Network Scan

msf > MY-kali vm 32 with "standard repo"" WORKED!

bye

zimmaro
2013-05-06, 14:40
ri-hi:)
i'm testing now in my oracle-vm-KALI-64bit(standard-repo[view-up]) update & upgrade (apt-get)
& worked:

http://imageshack.us/f/109/nessusbridgemsf.png/

bye pent09 ;-)

pentest09
2013-05-06, 17:19
Hi Zim,

Thanks for your response, at least it proves to me that its still working, so its either "bleeding edge" or the version of Nessus. Im using Nessus-5.2.0-debian6_i386.deb at the moment I have to scan and import the .nbe file and it works fine , I can load_nessus, nessus_connect user:password@127.0.0.1:8834 ok (ssl) after that anything else errrrrrrrors out.

metasploit version# metasploit v4.6.0-2013041701 [core:4.6 api:1.0] which doesnt update and doesnt even have the Java Applet Reflection Type Confusion Remote Code Execution which is nearly 3 weeks old although I can just drop it in the appropriate folder from exploit-db but it shows me its not updating as previous versions did.

Im going to try and rollback from a clean snapshot "again" and drop bleeding edge repos and see if its all good.

nessus_status within msfconsole =
[+] Nessus Status
[+]

Feed Nessus Version Nessus Web Version
---- -------------- ------------------
HomeFeed 5.2.0 4.0.35 (Build H20130418A)

Kind Regards Dee

zimmaro
2013-05-06, 20:30
hi pent09 ;-)

you're totally right for MSFramework-version today (06/05/2013)
we have 6 exploits & 3 auxiliary less!:
http://imageshack.us/f/441/catturapw.png/
with a fun parody!!
:) :)

pentest09
2013-05-06, 20:53
hi pent09 ;-)

you're totally right for MSFramework-version today (06/05/2013)
we have 6 exploits & 3 auxiliary less!:
http://imageshack.us/f/441/catturapw.png/
with a fun parody!!
:) :)

did you register the pro version by any chance because I reverted back to clean snapshot did apt-get update & upgrade and still no joy one minute it errors while logging in from within msf then it authenticates.... nessus_help runs ok but plain old nessus_scan, Nessus_policy_list etc gives the same error. just wondering if its been locked down so you cant do webapp tests etc now that the pro version is on the go properly. Is this rapids way of limiting it ? would be good to find the answer as its getting very tedious and rapids forum is well ......not very responsive

pentest09
2013-05-06, 21:01
My nessus is different version!!!!!!!!!

root@kali:~# /opt/nessus/sbin/nessusd -R
nessusd (Nessus) 5.2.0 [build N24017] for Linux
Copyright (C) 1998 - 2013 Tenable Network Security, Inc

janko
2013-05-07, 12:20
Hej pentest09!

I have the same problem with my nessus -> the same version and error log.
Somebody know what i must to do?
MSF give me back nessus_policy_list etc.. :)

MasterButcher
2013-05-07, 20:08
I have trouble with Metasploit update..
Latest Metasploit update was 17.04,after that I can't update Metasploit ..
Everything is update normally only problem is Metasplot
Sources list is ok,everything is there..
I do not want to uninstall and install it again.
Any solution?

zimmaro
2013-05-07, 20:20
My nessus is different version!!!!!!!!!

root@kali:~# /opt/nessus/sbin/nessusd -R
nessusd (Nessus) 5.2.0 [build N24017] for Linux
Copyright (C) 1998 - 2013 Tenable Network Security, Inc
hi pent09
for my ignorance
my (inutil-conclusion):)

-nessus v5.0.3 & version"update" 2013041701 of kali-metasploit_register= WORKED!!! screenshot posted yesterday!
-nessus v5.2.1 & version"update" 2013041701 of kali-metasploit_register= NOT-WORKED!!! screenshot: http://imageshack.us/f/541/newnessusvsoldmetasploi.png/
-nessus v5.2.1 & version"update" 2013050101 of free_ubuntu_-metasploit_register = NOT-WORKED!!! screenshot: http://imageshack.us/f/59/newnessusvsupdatemsf.png/

pentest09
2013-05-07, 20:40
hi pent09
for my ignorance
my (inutil-conclusion):)

-nessus v5.0.3 & version"update" 2013041701 of kali-metasploit_register= WORKED!!! screenshot posted yesterday!
-nessus v5.2.1 & version"update" 2013041701 of kali-metasploit_register= NOT-WORKED!!! screenshot: http://imageshack.us/f/541/newnessusvsoldmetasploi.png/
-nessus v5.2.1 & version"update" 2013050101 of free_ubuntu_-metasploit_register = NOT-WORKED!!! screenshot: http://imageshack.us/f/59/newnessusvsupdatemsf.png/

Yeah triied version 5.2.1 today , no joy. Is there a chance you could send me the .deb for 5.0.3 at all as I cant get hold of older version?

I sent an email to tenable today regarding this issue.

Kind regards Dee

zimmaro
2013-05-07, 20:56
Yeah triied version 5.2.1 today , no joy. Is there a chance you could send me the .deb for 5.0.3 at all as I cant get hold of older version?

I sent an email to tenable today regarding this issue.

Kind regards Dee

azz!! idelete it!!!
but ..it's for you ...run-fast!!!!:)
wget http://goo.gl/CDTb5 -O Nessus-5.0.3-debian6_i386.deb

zimmaro
2013-05-07, 21:08
azz!! idelete it!!!
but ..it's for you ...run-fast!!!!:)
wget http://goo.gl/CDTb5 -O Nessus-5.0.3-debian6_i386.deb

SORRY!!!don't work!!!! azzzzzz!!!

pentest09
2013-05-07, 21:09
azz!! idelete it!!!
but ..it's for you ...run-fast!!!!:)
wget http://goo.gl/CDTb5 -O Nessus-5.0.3-debian6_i386.deb

Thanks your a star!! I got it..will keep u updated .

Kind Regards Dee

#Nessus-5.0.3-debian6_i386.deb' is not a debian format archive

zimmaro
2013-05-07, 21:17
http://archive.ualinux.com/ubuntu/main/precise/

i've reinstall this!! 5.0.1
bye &sorry

pentest09
2013-05-07, 21:50
http://archive.ualinux.com/ubuntu/main/precise/

i've reinstall this!! 5.0.1
bye &sorry

Already on same page installing now thanks

Nessus 5.0.1 version solves metasploit integration issue..

root@kali:~# dpkg -i Nessus-5.0.1-debian6_i386.deb
(Reading database ... 263933 files and directories currently installed.)
Unpacking nessus (from Nessus-5.0.1-debian6_i386.deb) ...
Setting up nessus (5.0.1) ...
nessusd (Nessus) 5.0.1 for Linux
(C) 1998 - 2012 Tenable Network Security, Inc.

Processing the Nessus plugins...
[##################################################]

All plugins loaded

- You can start nessusd by typing /etc/init.d/nessusd start
- Then go to https://kali:8834/ to configure your scanner

root@kali:~#[B] /etc/init.d/nessusd start
$Starting Nessus : .
root@kali:~# service postgresql status
Running clusters: 9.1/main
root@kali:~# service metasploit status
[ ok ] Metasploit rpc server is running.
[ ok ] Metasploit web server is running.
root@kali:~# msfconsole

__________________________________________________ ____________________________
| |
| METASPLOIT CYBER MISSILE COMMAND V4 |
|_________________________________________________ _____________________________|
\ / /
\ . / / x
\ / /
\ / + /
\ + / /
* / /
/ . /
X / / X
/ ###
/ # % #
/ ###
. /
. / . * .
/
*
+ *

^
#### __ __ __ ####### __ __ __ ####
#### / \ / \ / \ ########### / \ / \ / \ ####
################################################## ##############################
################################################## ##############################
# WAVE 4 ######## SCORE 31337 ################################## HIGH FFFFFFFF #
################################################## ##############################
http://metasploit.pro


Frustrated with proxy pivoting? Upgrade to layer-2 VPN pivoting with
Metasploit Pro -- type 'go_pro' to launch it now.

=[ metasploit v4.6.0-dev [core:4.6 api:1.0]
+ -- --=[ 1068 exploits - 670 auxiliary - 179 post
+ -- --=[ 277 payloads - 29 encoders - 8 nops

msf > load nessus
Nessus Bridge for Metasploit 1.1
[+] Type nessus_help for a command listing
Successfully loaded plugin: nessus
msf > nessus_connect attaxsuite:######@127.0.0.1:8834 ok
Connecting to https://127.0.0.1:8834/ as attaxsuite
Authenticated
msf > nessus_policy_list
[+] Nessus Policy List
[+]

ID Name Comments
-- ---- --------
-1 External Network Scan
-2 Web App Tests
-3 Prepare for PCI-DSS audits (section 11.2.2)
-4 Internal Network Scan

msf > nessus_scan_new -4 test 192.168.0.1/24
Creating scan from policy number -4, called "test" and scanning 192.168.0.1/24
Scan started. uid is c4f3ad7a-8806-5c13-c231-1808e026ec0f3320412ddcb3c15c

Problem solved!!! thanks zimmaro for all your input.

Kind regards Dee

zimmaro
2013-05-07, 22:02
Already on same page installing now thanks

:)

again sorry for the wrong information before!


now I scourge the ***! muahaha!

NOW I'VE 5.0.1 ubuntu_xx_i386 now worked!
http://imageshack.us/photo/my-images/22/n501.png/

good night!

1n50mn14c
2013-06-06, 14:47
Already on same page installing now thanks

Nessus 5.0.1 version solves metasploit integration issue..

I have the same issue. Does anyone have a link to Nessus-5.0.1-debian6_i386.deb? The http://archive.ualinux.com/ubuntu/main/precise/ link only provides the build for Ubuntu.

p0wder
2013-08-22, 15:33
Same problem here. I couldn't find Nessus-5.0.1-debian6_i386.deb. Does anyone have a link?

hax0rz
2013-08-22, 18:23
Same problem here. I couldn't find Nessus-5.0.1-debian6_i386.deb. Does anyone have a link?

Upgrade nessus bridge from darkOperator's github. Works fine for me with Nessus 5.2.1

https://github.com/darkoperator/Nessus-Bridge-for-Metasploit/

zimmaro
2013-08-22, 18:57
Same problem here. I couldn't find Nessus-5.0.1-debian6_i386.deb. Does anyone have a link?
INTO this thread:
http://forums.kali.org/showthread.php?18288-nessus-integeration-with-metasploit-is-not-working&highlight=nessus
;)