Metasploit connect

zagwalker · November 20, 2019, 10:28am

Hi,

Might be a stupid question, but I am quite confused with Greenbone Security Manager, OpenVAS, etc.

Yesterday I have downloaded and installed GCE from here: https://www.greenbone.net/en/install_use_gce/

Connected it to the internet and everything works just fine. It is able to download updates, etc. However, I have installed it to connect to Metasploit. Internet suggests that OpenVAS should be listening on some 939* ports, depending on the version, but I have scanned all ports using NMAP and only 22, 80 and 443 are open. Now I’m wondering whether I have installed right version of OpenVAS, or I did something totally wrong. Could someone suggest on this matter please?

Thanks a lot in advance and apologies for stupid question.

Lev

bricks · November 20, 2019, 10:36am

9392 is the fallback port if port 80 can’t be assigned e.g. if the http daemon doesn’t have the permissions to acquire it or the port is already used.

In your case because you are using our Greenbone Community Edition VM port 80 (http) will redirect to port 443 (https) automatically.

zagwalker · November 20, 2019, 10:45am

Hi,

Thanks for your answer. I have tried connecting to 443 and 80, but the result is the same

msf5 > openvas_connect admin password 159.122.129.184 80 ok
[*] Connecting to OpenVAS instance at 159.122.129.184:80 with username admin...
[-] Error while running command openvas_connect: uninitialized constant OpenVASOMP::OMPConnectionError

Call stack:
/usr/share/metasploit-framework/plugins/openvas.rb:195:in `rescue in cmd_openvas_connect'
/usr/share/metasploit-framework/plugins/openvas.rb:189:in `cmd_openvas_connect'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:158:in `run'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:49:in `<main>'

Any idea?

Thanks
Lev

bricks · November 20, 2019, 10:51am

I am not sure what you are trying to do here…

Port 443 provides the graphical interface called GSA and not an API.

Lukas · November 20, 2019, 1:12pm

That was for OpenVAS 5, so OMP is no longer supported, maybe you can inform the Maintainer of the bridge to update the API and integration to a supported version.

Additional the GCE does not support any API, you need a real appliance or build your own GVM form the source for GMP.

zagwalker · November 20, 2019, 1:15pm

Hi,

Yeah, I have reinstalled OpenVAS on CentOS rather than virtual appliance and now port is open, but still could not connect. Probably dues to an old connector or something, as you mentioned.

Thanks
Lev

Lukas · November 20, 2019, 1:22pm

This is a known bug here the Metasploit Information:

zagwalker · November 20, 2019, 1:28pm

Something wrong happened with this thread - cannot see posts I can only see that you mentioned it is a known bug in Metasploit.

Steffen · November 20, 2019, 1:35pm

Lukas posted a link to the respective github issue.

If you can’t see or click it, try this:

Metasploit fails at import Openvas report (openvas_report_import) · Issue #11851 · rapid7/metasploit-framework · GitHub

zagwalker · November 20, 2019, 2:10pm

Well, seems like this is not exactly the case. Link Lucas posted is about importing OpenVAS report into Metasploit. In my case I could not even connect OpenVAS to Metasploit. Also the version of Metasploit is different in my case.

Lukas · November 20, 2019, 2:38pm

Therefore it is not a GCE topic, i move it onto the GSE region. Please note OMP is discontinued and no longer available, you need to speak GMP to your GVM installation.