IPS testing with metasploit

Unanswered Question
Sep 13th, 2007

Hi,

can anyone give a sample or a detailed example on how to test IPS with metasploit, no exploit is really working or triggering anything.

thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
mhellman Thu, 09/13/2007 - 07:49

I would focus on creating an environment where metasploit actually works (i.e. you can exploit an unpatched box). Then you can focus on IDS.

josephium Sun, 09/16/2007 - 22:31

yes, but can anyone give a sample or a detailed example on how IPS stops a working exploit with metasploit or any other software

mhellman Tue, 09/18/2007 - 07:13

I have used metasploit to trigger alarms in promiscuous mode, but not inline. It's pretty much the same though. Get metasploit working. go through the list of available metasploit exploits and choose one that is:

1) exploitable on the test machine

2) detected by Cisco IPS

Test the exploit without IPS. One you have verified that it is working(during my test, I was creating a local user on a Windows box), test the exploit with IPS.

Actions

This Discussion