Fixing db_nmap misidentified operating systems inside the metasploit host database

I was doing some scanning the other day against my test lab of VM’s. I noticed that nmap and db_nmap were seeing my windows XP machine as Server 2003. Nmap identified its OS details: Microsoft Windows XP Professional SP2 or Windows Server 2003. When it’s placed inside of the metasploit db, it has the os_flavor 2003. This could be a problem depending on resource scripts or when you attempt to use an exploit against the box.

135/tcp  open  msrpc         Microsoft Windows RPC
139/tcp  open  netbios-ssn
443/tcp  open  https?
|_ssl-cert: ERROR
445/tcp  open  microsoft-ds  Microsoft Windows XP microsoft-ds <=========
1027/tcp open  msrpc         Microsoft Windows RPC
1433/tcp open  ms-sql-s      Microsoft SQL Server 2005 9.00.1399.00; RTM
3389/tcp open  microsoft-rdp Microsoft Terminal Service
MAC Address: 00:0C:29:91:D5:28 (VMware)

The scan shows 445/tcp and clearly says XP.
Here is that same machine’s info inside the database.

msf > hosts

Hosts
=====

address        mac                name            os_name            os_flavor  os_sp  purpose  info  comments
-------        ---                ----            -------            ---------  -----  -------  ----  --------
10.10.101.3    00:0c:29:5f:4f:b7  dc1             Microsoft Windows  2003       SP1    server         
10.10.101.5                       ns              Linux              Ubuntu            server         
10.10.101.8    00:0c:29:60:8a:e8  dc2             Microsoft Windows  2008              server         
10.10.101.11   00:0c:29:d4:bc:0d  winxpsp3-vm     Microsoft Windows  2003 <==== SP3    client 
10.10.101.109                                     Linux              Ubuntu            server         
10.10.101.110                                     Linux              Ubuntu            server         
10.10.101.111                     metasploitable  Unknown                              device         

Now the question is how do we fix this?
Start msfconsole and type irb.

msf > irb
[*] Starting IRB shell...

>> 

Now type:

host = framework.db.workspace.hosts.find_by_address("10.10.101.11")
host.os_flavor="XP"
host.save
exit

Change 10.10.101.11 to the IP address of the host you are trying to modify.
Now run the hosts command and see that the flavor is corrected.

Advertisements

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: