Forum Thread: How to Metasploit Framework Help

A screenshot of your work may do.

# Sergeant

C0D3R:

First, vulnerability scanners like Nikto nearly always produce false positives. Just because this vulnerability showed up in Nikto does not mean that the vulnerability necessarily exists.

Second, this is an old vulnerability. Very few sites still have this vulnerability.

Third, we need more information if we are to help. As Sergeant Sploit wrote above, take a screenshot of your commands and it will help us to help you.

OTW

Dear Occupy,

I know. But, I just typed RHOSTS, typed Exploit and nothing came up. Why did nothing come up??

If you don't listen, we can't help.

Dear Cracker Hacker, OTW and Sargeant,

I don't really want to take screenshots of my commands because it'll show my website.

Other then that... I basically followed instructions as told by Rapid7.

Set Target - {Target ID}/Set RHOST = 127.0.0.1

Exploit

You can always blotch it out.

Why don't you try this Perl script instead of the Metasploit script..

Dear Cracker.

Thank you so much. And as for the Nikto False-Positives... What other vulnerability scanner would you recommend?

Uniscan, Nmap (mostly recon), OpenVAS, and mostly Nexpose.

Also, I agree with OTW. Unless you have purposefully made your website vulnerable, it is very likely Nikto gave a false-positive. Get your "hands dirty" and manually check open ports, etc. with Telnet and Netcat. While Nikto is a wonderful vulnerability scanner, YOU must manually debunk any false-positives. Attempting an attack on a non-vulnerable website in the real world could very well lead to years in prison.