I’m new to the area, so I’m sorry if the question is ridiculous. I’m doing the Metasploit module, specifically in Meterpreter. I’ve read it many times and couldn’t figure out how to find a metasploit module as accurate as it’s explained. For example:
“…server is running Microsoft IIS httpd 6.0. So we further our research in that direction, searching for common vulnerabilities for this version of IIS. After some searching, we find the following marker for a widespread vulnerability: CVE- 2017-7269. It also has a Metasploit module developed for it.”
msf6 > search iis_webdav_upload_asp
How did you come to the conclusion that this is the correct module (iis_webdav_upload_asp) to use? Because I searched many times on google, and all the results point to another module.
Another doubt is about the first question.
I even found the exploit (I believe it’s the right one) by looking in msfconsole, but the module I found requires a session to work. Could someone give me a hand? I don’t want anything ready, just a direction