7/24/2013

Metasploit 2


Metasploit 2


Scanning By Modules

Metasploit contains a lot of modules such as (port scanners , banner grabbers for services ... etc).
We will use here some of these modules

Note: to get port scanner modules msf>search portscan


1- TCP-SYN scanning

To make TCP-SYN port scan (syn)

To use a module use (use) command

msf>use auxiliary/scanner/portscan/syn

Then to adjust this modules use (show options) , you will see many options and you can set any variable you want by (set) command

For example to set IP address of the target address
set RHOST 192.168.0.1
set THREADS 100



To start execute the module use (run) command



2- SMB (server message block)

We use this scan to get Windows version (smb_version)

msf>use auxiliary/scanner/smb/smb_version




3- FTP scan 

To get FTP version or FTP banner (ftp_version)

msf>use auxiliary/scanner/ftp/ftp_version




To get tgat FTP alloow anonymous login (anonymous)

msf>use auxiliary/scanner/ftp/anonymous

4- SSH scan 

To get SSH version (ssh_version)

msf>use auxiliary/scanner/ssh/ssh_version




5- MS-SQL scan

MS-SQL uses static TCP port 1433 or it's use a dynamic porting so it's uses a query UDP port 1434
(ms-sql) module can do
A- Locate MS-SQL in a network
B- Get the instance name
C - Get porn number
D- Get the version of MS-SQL

msf>use auxiliary/scanner/mssql/mssql_ping

Note: For sure these modules can use for entire network
(set RHOST 192.168.0.0/24)

7/18/2013

Metasploit 1

Metasploit 1
Introduction 

Metasploit framework is a penetration testing framework that contain a lot of tools (port scanners , vulnerability scanners ...etc) .

Now we will start with the important step in penetration testing 

Information Gathering :
The first and the most imprtant step in penetration testing is information gathering , it is collecting as much information as possible about a target and your information must be accurate. Information gathering is 2 types 

1- Passive information Gathering
It's collecting information wthout touching the target like using

A- Google (or any other search engine)
B- whois
C- nslookup
D- netcraft

2- Active Information Gatherig
It's collecting information by touching the target like using (nmap).

NMAP:

some nmap options:

-oX ---> Export a report
-sI ---> Scan targets stealthy by spoofing ip address (Idle IP)
-A ----> Banner graabbing
-sS ---> Stealth TCP port scan
-Pn ---> Don't use ICMP (Don't ping)

Using nmap in Metasploit 

First you must connect to database (to dump results in it) 
by using command db_status and the result must be postgresql connected to msf3
Then use (db_nmap -A example.com)

msf > db_nmap -sS 127.0.0.1

[*] Nmap: Starting Nmap 6.25 ( http://nmap.org ) 
[*] Nmap: Nmap scan report for root (127.0.0.1)
[*] Nmap: Host is up (0.000012s latency).
[*] Nmap: Not shown: 994 closed ports
[*] Nmap: PORT     STATE SERVICE
[*] Nmap: 22/tcp   open  ssh
[*] Nmap: 3001/tcp open  nessus
[*] Nmap: 5432/tcp open  postgresql
[*] Nmap: 5900/tcp open  vnc
[*] Nmap: 9050/tcp open  tor-socks
[*] Nmap: 9091/tcp open  xmltec-xmlmail
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 2.23 seconds

Note: Metasploit uses PostgreSQL database to store your results such as (nmap results nusses results ... )

To get the results in detail use hosts command

address        mac name os_name os_flavor  os_sp  purpose 
   -------          ---    ----      -------          ---------  -----  -------
127.0.0.1      00:22:68:31:93:b0      Unknown                          device
192.168.0.131  00:16:e6:64:5d:d1                  Unknown                              device
192.168.0.155 Microsoft Windows XP   SP2   client