nulbytesecurity asked: presents, “Owning with Nessus and Metasploit.” I’m going to show you how to use Nessus to scan a target and then import the .nbe file into Metasploit’s db_autopwn. I use Backtrack 4 Beta as my attacking OS and Windows XP SP2 as my victim OS I end the video with a Meterpreter session, but you could easily upload Netcat and open a backdoor to get access again. If you really like Meterpreter, like I do, you can check out my other video where I tell you how to make it into an executable file and use it as a backdoor (I use it in conjunction with Netcat). If you like my videos, you can check out my blog or you can email me at nulbytesecurity [-@-] More HD hacking videos coming soon! Legal Please only do this on your local network for educational purposes and I’m not responsible for anything you do with this knowledge.

Tagged with →  
Share →

25 Responses to Owning with Nessus and Metasploit

  1. pharoah246 says:

    Lol thank you for the command. I knew it was Apt-get install I just couldn’t figure out which “Nessus” it was. =)

  2. CraZayTube says:

    sh: msfconsole: command not found

  3. CraZayTube says:

    when i run the ./msfconsole command it says bash: ./msfconsole no such file or directory

  4. shasanain says:

    everytime i wanna create a database it says i need to install shit help

  5. skateride says:

    great how to to import nessus data into metasploit.

  6. EviousProductions says:

    @ziebesten you have to do: db_driver sqlite3
    then do: db_connect /your/path/here.db
    db_connect will make one, then connect for you all at once.

  7. ziebesten says:

    @EviousProductions The db_create one

  8. ziebesten says:

    the dbcreate one?

  9. EviousProductions says:

    @ziebesten The ‘db_create’ one, or the ‘Exploit Exception’?

  10. ziebesten says:

    @EviousProductions how did you solve that previous problem?

  11. ziebesten says:

    @EviousProductions i think your using backtrack 4 r2. I have just downloaded this version and am getting the same error. my bt4 final works fine. So am stuck like you for the time being

  12. MrSaggat says:

    SOMEONE KNOWS HOW TO MANUALLY INSTALL EXPLOITS? Please help, i cant find how to do it!

  13. EviousProductions says:

    OK, I’ve got that error below solved, now when I run exploit it says: Exploit Exception: The connection time out. ( So no session was created.

  14. EviousProductions says:

    @ziebesten actually I’ve downloaded the program to my host ubuntu machine, and it returns the same error.

  15. EviousProductions says:

    @ziebesten I am on a virtualbox. Would using bt4 on the physical computer solve the problem?

  16. ziebesten says:

    Great vid mate. Im learning metasploit at the moment.

  17. ziebesten says:

    @EviousProductions have you disabled the firewall? Are you using a Virtual machine? Have you got the right IP?

  18. EviousProductions says:

    My db_create command doesn’t work. It says it has a call stack, and it couldn’t connect to the host Apparently the connection was refused. If you know what the problem is, your help would be appreciated a lot. Nice video though!

  19. JooJooBnutz says:

    msf exploit(ms08_067_netapi) > use windows/browser/ms08_053_mediaencoder
    msf exploit(ms08_053_mediaencoder) > set RHOST
    RHOST =>
    msf exploit(ms08_053_mediaencoder) > set RPORT 2869
    RPORT => 2869
    msf exploit(ms08_053_mediaencoder) > set PAYLOAD windows/shell_bind_tcp
    PAYLOAD => windows/shell_bind_tcp
    msf exploit(ms08_053_mediaencoder) > set LPORT 1853
    LPORT => 1853
    msf exploit(ms08_053_mediaencoder) > exploit
    [*] Exploit running as background job.
    [*] Started bind handler
    [*] Server started.

  20. Meowmiks says:

    @jcube001 I suggest you use db_drive sqlite3 command before trying to use msf with windows.

  21. Meowmiks says:

    @planetoftheapez It’s fine. It’s just detecting the files metasploit uses to exploit remote systems.

  22. shahrazkl says:


  23. blacksiddis says:

    I didnt understand how you installed Nessus 🙁

  24. planetoftheapez says:

    @Sc0ttTay copy and paste this: ~# apt-get install nessusd nesses

    you have to right click on order to paste something into your command prompt because if you press control v it will make this weird symbol that i would excpect to be doss or unicode: ^V

  25. planetoftheapez says:

    my computer thinks metasploit is a virus and i dont know if its safe or not PLEASE TELL ME!!!!!!!!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop us a note so we can take care of it!

Set your Twitter account name in your settings to use the TwitterBar Section.