09-13-2007 12:50 AM - edited 03-10-2019 03:47 AM
Hi,
can anyone give a sample or a detailed example on how to test IPS with metasploit, no exploit is really working or triggering anything.
thanks
09-13-2007 07:49 AM
I would focus on creating an environment where metasploit actually works (i.e. you can exploit an unpatched box). Then you can focus on IDS.
09-16-2007 10:31 PM
yes, but can anyone give a sample or a detailed example on how IPS stops a working exploit with metasploit or any other software
09-18-2007 06:19 AM
easiest is to reverse engineer the signature details and craft packets based on the Sig RegEx for example.
For example, if a SIG is inspecting packets for "DNS" in traffic over 53/tcp, crafting a packet with this info will trigger the IPS...
09-18-2007 07:13 AM
I have used metasploit to trigger alarms in promiscuous mode, but not inline. It's pretty much the same though. Get metasploit working. go through the list of available metasploit exploits and choose one that is:
1) exploitable on the test machine
2) detected by Cisco IPS
Test the exploit without IPS. One you have verified that it is working(during my test, I was creating a local user on a Windows box), test the exploit with IPS.
10-28-2014 09:05 PM
Hi buddy,
what type of Cisco Systems Cisco Intrusion Prevention System (IPS) do you want to exploit?
05-29-2015 02:09 PM
So, about what IDS you are talking about? Cisco MARS or just Ettercap NG filters?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: