Wrong Port for Metasploit in NetworkConnect Rule - Githubissues

SwiftOnSecurity / sysmon-config

Sysmon configuration file template with default high-quality event tracing

4.73k stars 1.69k forks source link

Wrong Port for Metasploit in NetworkConnect Rule #142

Open brokenvhs opened 3 years ago

brokenvhs commented 3 years ago

https://github.com/SwiftOnSecurity/sysmon-config/blob/5ded528c3386c11be1ca0c972035617f412ad0f8/sysmonconfig-export.xml#L335

Line 335 has a typo with the default metasploit port, the default listener should be 4444.

For Reference: https://blog.rapid7.com/2012/06/01/metasploit-exploit-failed-how-to-test-if-metasploit-is-working/#:~:text=The%20default%20port%20for%20this,by%20some%20anti%2Dvirus%20software.

brokenvhs commented 3 years ago

Submitted PR #143 as a proposed fix.