Video Screencast Help

CCS-VM integration with Metasploit Framework

Created: 18 Mar 2012 • Updated: 21 Mar 2012 | 3 comments
Language Translations
Sanehdeep Singh's picture
+14 14 Votes
Login to vote
We can intergrate Symantec Control Compliance Suite Vulnerability Manager (CCS-VM) with Metasploit Framework.The current functionality provides the ability to run CCS-VM scans from the Metasploit console,  cross-reference scan results with available Metasploit modules, and automatically launch the resulting exploits.
CCS-VM Intergration with Metasploit Framework
Follow the below steps to integrate CCS-VM with Metasploit Framework:
1. Start CCS-VM and launch the Metasploit Console (msfcnsole).
2. Load the Nexpose plugin by using command load nexpose in msfconsole.
3. Connect to the running CCS-VM instance by running nexpose_connect username:password@CCS-Vm Server IP Address:portno ok command.
4. Run a CCS-VM scan by using command nexpose_scan target machine IP Adress.
5. CCS-VM scanned the targert IP Address successfully.
6. I loaded db_autopwn plugin and tried to automate exploitation of target machine with db_autopwn.
7. After completed automatic exploitation i got 3 sessions of target machine.
8. I am trying to connect with target system through sessions available. I successfully got the meterpreter shell of Our target machine
9. Let's type ipconfig command to verify whether we enter into victim machine or not.

Comments 3 CommentsJump to latest comment

patriot3w's picture

It works. Thanks. 

Got below warning: Warning: This version of Nexpose has not been tested with Metasploit! 

Login to vote
Sanehdeep Singh's picture

@patriot: Ya, It gives you the same warning everytime you use nexpose plugin because its not offically supported with CCSVM

With Regards,

Er. Sanehdeep Singh

(E|CSA, C|EH, Security5)

Login to vote
techi_it's picture

great article..thanks a lot for sharing..

Login to vote