Errata

Errata for Metasploit

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version	Location	Description	Submitted by	Date submitted
	28 ssh_version example	The example does not set the RHOSTS value. I can only assume when they were running it a previously used value was carried forward, however to run this command alone the following would need to have been run "set RHOSTS ip_range" where ip_range is the ip address range for the example.	aziramai	Nov 07, 2011
	30 snmp_login example	Syntax error in command - should read 'use scanner/snmp/snmp_login' but currently reads ' use use scanner/snmp/snmp_login'	Anonymous	Nov 07, 2011
Printed	Page 270,272,273 p. 270 para 1, p.272 item 2, p. 273 item 4	When the user attempts to login to the vulnerable web page no matter what user and password he/she uses (including the SQL injection) an SQL error is returned saying user sa cannot login. There are two problems here, the first is that the user cannot login and the second is that the SQL injection string is incorrect. 1. User cannot login The vulnerable web page file called web.config 4th line contains the SQL database password=password1 but on page 270 and 272 of the book the password is defined as password123. To fix this problem either open the web.config file and change password1 to password123 then save, then amend the SQL database login at login time. Alternatively amend the text in the book on the pages indicated above and use password123 instead of password1. Long term could the publishers please amend the text accordingly. 2. SQL Injection string is incorrect, see page 273. The SQL injection string should be changed from OR 1=1-- to 'OR 1=1-- Note this is a single quote (found on the @key) followed by a capital oh R space then 1=1 and two minus signs. I think elswhere on some other site someone else has mentioned this so credit to him for this. Otherwise thanks very much for an excellent book.	Paul Totton	Jul 16, 2012
PDF	Page 272 1st paragraph	http://www.nostarch.com/metasploit.htm doesn't show any links to the resources as stated in the paragraph.	Anonymous	Jul 28, 2011
PDF	Page 273 Item 2	After configuring the vulnerable WinXP as described in Annex A, the Default.aspx file supplied in nostarch1.zip displays a "Succesfully logged into the page" immediately. There is no username/password box. Since I'm not too familiar with ASP, any idea what's going wrong here? Thanks.	Anonymous	Jul 28, 2011
Printed	Page 273 Step 4	In reference to above report, issue is just formatting. Correct way to complete this fourth step is the following: In User field, enter the single quote mark followed by OR 1=1-- then enter any data in password field. E.g. (User field) 'OR 1=1-- (pwd field) asdf For clarity, there are two dashes following the 1=1, and not a minus sign. The printed version shows the double dash as a single character. Outstanding book.	Anonymous	Sep 17, 2011
Printed, PDF	Page 273 Step 2	I guess I am having the same problem. I get logged in without being asked for the username and password	Anonymous	Oct 12, 2011