-2

I have backtrack and metasploitable running on my Macbook pro and I am trying to run **exploit/unix/webapp/tikiwiki_graph_formula_exec** exploit on msfconsole to penetrate the metasploitable operating system. But once i have setup the IP address of the metasploitable and I run the exploit i get the result "The target is not exploitable". On the other hand when I run the nmap command to check if there is any open port i do find that the "80/tcp open http".

My question is what could be the problem, i am using Backtrack 5 R3 and metasploitable as my testing machine. Another thing is when I try to run "*nc Ip address HEAD / HTTP 1.1"* I get that post is unreachable could some one tell me what can be the issue.

Ali Ahmad
  • 4,784
  • 8
  • 35
  • 61
Basha Man
  • 1
  • 1
  • 2
    Why did you choose the tikiwiki exploit? Why do you think that having port 80 open means that the exploit should work? Also, your 'nc' command is not properly formed, which is why it says 'port unreachable'. – schroeder Dec 27 '12 at 19:45
  • 2
    My powers of deduction tells me that the web server in question isn't vulnerable to that particular exploit. –  Dec 25 '12 at 05:42

1 Answers1

1

First things first, gather information on the target to determine where the vulnerabilities are. Then craft the exploit attempts accordingly. Throwing random exploits at an application will not result in success.

What other tools have you tried besides MSF? What do they report? What guide(s) are you following to help you through this process?

Penetration Testing is a complex field that can be 'point-and-click' at times, but it still requires that you have a deep understanding of how things work before you can get a particular exploit to run reliably on command.

schroeder
  • 123,438
  • 55
  • 284
  • 319