7/18/2013

Metasploit 1

Metasploit 1
Introduction 

Metasploit framework is a penetration testing framework that contain a lot of tools (port scanners , vulnerability scanners ...etc) .

Now we will start with the important step in penetration testing 

Information Gathering :
The first and the most imprtant step in penetration testing is information gathering , it is collecting as much information as possible about a target and your information must be accurate. Information gathering is 2 types 

1- Passive information Gathering
It's collecting information wthout touching the target like using

A- Google (or any other search engine)
B- whois
C- nslookup
D- netcraft

2- Active Information Gatherig
It's collecting information by touching the target like using (nmap).

NMAP:

some nmap options:

-oX ---> Export a report
-sI ---> Scan targets stealthy by spoofing ip address (Idle IP)
-A ----> Banner graabbing
-sS ---> Stealth TCP port scan
-Pn ---> Don't use ICMP (Don't ping)

Using nmap in Metasploit 

First you must connect to database (to dump results in it) 
by using command db_status and the result must be postgresql connected to msf3
Then use (db_nmap -A example.com)

msf > db_nmap -sS 127.0.0.1

[*] Nmap: Starting Nmap 6.25 ( http://nmap.org ) 
[*] Nmap: Nmap scan report for root (127.0.0.1)
[*] Nmap: Host is up (0.000012s latency).
[*] Nmap: Not shown: 994 closed ports
[*] Nmap: PORT     STATE SERVICE
[*] Nmap: 22/tcp   open  ssh
[*] Nmap: 3001/tcp open  nessus
[*] Nmap: 5432/tcp open  postgresql
[*] Nmap: 5900/tcp open  vnc
[*] Nmap: 9050/tcp open  tor-socks
[*] Nmap: 9091/tcp open  xmltec-xmlmail
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 2.23 seconds

Note: Metasploit uses PostgreSQL database to store your results such as (nmap results nusses results ... )

To get the results in detail use hosts command

address        mac name os_name os_flavor  os_sp  purpose 
   -------          ---    ----      -------          ---------  -----  -------
127.0.0.1      00:22:68:31:93:b0      Unknown                          device
192.168.0.131  00:16:e6:64:5d:d1                  Unknown                              device
192.168.0.155 Microsoft Windows XP   SP2   client 

No comments:

Post a Comment