Metasploit server/browser_autopwn is having issues

I am getting the following error after running the exploit on almost every client side link.

Exploit failed: uninitialized constant Msf::Encoder::Type::PrintfUtil


My versions are as listed


Using PowerShell to get Awk like results

In this example we want to convert dns or computer names to a single ip and write that single ip to a file so we can import that file into a scanner like nessus or nexpose.  Typically this would be a job for awk however, now that windows 7 comes with powershell we can utilize that to simulate awk.  
Put your computer names into the file named computernames.txt.  Next create a bat file with the following code in there.

Installing and Initial setup of OpenVAS on Ubuntu

First off I need to say this is just like installing the old nessus client and server, so if you are familar with that this should be a breeze for you.


I am running Ubuntu 10.10

start by using the apt-get installer

$ sudo apt-get install openvas-client openvas-server


Ping Sweep with For Loop

I know this has been document all over but I like using this as a quick ping sweep but I like to filter on TTL vs Reply unlike some other examples out there.  When you find on Reply you get some where it states Reply from Destination host unreachable.  I don't care about the Destination host unreachable and I only want to know the machines that replied so I use Find "TTL".  See Below
From windows
for /L %i in (1,1,255) do @ping -n 1 10.1.16.%i | find "TTL"

Interesting results when using Chrome

What I used to perform this test
Terminal from Ubuntu website from a different computer so I don't disturb the results.
Another terminal to gedit the results file.

So lets see what happens when you use Chrome and go to a bank
So lets use a bank that I don't use like Bank of America.
First I create my watch of the traffic.

$ watch -n 2 'netstat -nat | grep EST'

Next bring up Chrome. Type in
Now check your output on your terminal. Mine looked like this.

Security Quotes that I like

  • The user&;s going to pick dancing pigs over security every time. — Bruce Schneier
  • Young padawan, don&;t forget: Lack of focus leads to sloppiness, sloppiness leads to misconfiguration, and misconfiguration leads to compromise.  ----- security weekly

More to come as I run across them.

Some Good Sites to Check for Malicious Content

I really like McAfee's and BrightCloud located at I paste the ip that I think is bad or malicious into their reputation database. Then I can block accordingly in my firewall. To look for a particular ip address in your apache logs type the following.
grep {ip} /var/log/httpd/*

Typically your apache logs are all located in /var/log/httpd/

I also like this site. If your business does not need access to overseas or no one needs to connect to these netblocks you can use these in a block list as well.

Marriott in Maui does not segregate their Wireless network

Marriott in Maui does not segregate their wireless network which means you or Bob can scan for client vulnerabilities. It also means that if someone brings a virus onto the network they can potential infect your computer. And its also an attractive network for non-ethical hackers. I recommend that if you are on their network to be extremely careful when checking financial accounts. Also if Bob gets quarantined or blocked, all Bob has to do is change his MAC address.

Check your wysiwyg editors in Drupal to make sure you are running the current version

Drupal presents a false sense of Security when using wysiwyg editors.

The reason I say this is that wysiwyg module can run different editors.  For example fckeditor and ckeditor can be included in the libraries directory which is where wysisyg editor module calls editors from.   It will be located in your drupaldir/sites/all/libraries