EH-Net

Hi again, Finaly i downloaded Back track 5 R2 Gnome and its great it comes with metasploit 4.2 i think its latest version fo metasploit but im still wondering about IIS exploits in it. becuase many of exploit is designed for windows 2000 or its better to say IIS 4 or 5. But we know IIS 6 is vulnerable (with deffualt settings) is any body knows why?
 

search iis for IIS exploits in metasploit

Always ensure you run the BT package update as well as the Metasploit update so you have the most up-to-date tools.  The devs for metasploit and the community are always coming up with new plugins.

But i have Metasploit 4.2 with bactrack R2 i think it must has some exploits at least for IIS5 i mean windows 2003 not 2000 or NT its soooooooooooooooo old!!!!!!!!!!

Yes, you have the latest version but you still need to keep updating to have the latest updates of exploits and modules. It's even stated at the banner meesage that metasploit update should be done atleast daily :)

ok  liliyke if you think i meed to update that i'lltest it today.
but i dont think it works

If you want to practice using Metasploit, I would recommend getting some purposely made vulnerable systems.  One good one to grab would be Metasploitable.  It is a linux build but will give you some good understanding of how to use Metasploit.  You can also get the distros like Damn Vulnerable Linux, install WebGoat on an XP system - turns it into a vulnerable website and there are probably a few other ones that I can't recall at the moment.

Also you may want to look at Metasploit: A Penetration Testers Guide by Dave Kennedy.  Its a great book and should be on the shelf for all users of the framework.