Metasploit 1
Introduction
Metasploit framework is a penetration testing framework that contain a lot of tools (port scanners , vulnerability scanners ...etc) .
Now we will start with the important step in penetration testing
Information Gathering :
The first and the most imprtant step in penetration testing is information gathering , it is collecting as much information as possible about a target and your information must be accurate. Information gathering is 2 types
1- Passive information Gathering
It's collecting information wthout touching the target like using
A- Google (or any other search engine)
B- whois
C- nslookup
D- netcraft
2- Active Information Gatherig
It's collecting information by touching the target like using (nmap).
NMAP:
some nmap options:
-oX ---> Export a report
-sI ---> Scan targets stealthy by spoofing ip address (Idle IP)
-A ----> Banner graabbing
-sS ---> Stealth TCP port scan
-Pn ---> Don't use ICMP (Don't ping)
Using nmap in Metasploit
First you must connect to database (to dump results in it)
by using command db_status and the result must be postgresql connected to msf3
Then use (db_nmap -A example.com)
msf > db_nmap -sS 127.0.0.1
[*] Nmap: Starting Nmap 6.25 ( http://nmap.org )
[*] Nmap: Nmap scan report for root (127.0.0.1)
[*] Nmap: Host is up (0.000012s latency).
[*] Nmap: Not shown: 994 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 3001/tcp open nessus
[*] Nmap: 5432/tcp open postgresql
[*] Nmap: 5900/tcp open vnc
[*] Nmap: 9050/tcp open tor-socks
[*] Nmap: 9091/tcp open xmltec-xmlmail
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 2.23 seconds
Note: Metasploit uses PostgreSQL database to store your results such as (nmap results nusses results ... )
To get the results in detail use hosts command
address macnameos_nameos_flavor os_sp purpose
------- --- ---- ------- --------- ----- -------
127.0.0.1 00:22:68:31:93:b0 Unknown device
192.168.0.131 00:16:e6:64:5d:d1 Unknown device
192.168.0.155Microsoft WindowsXP SP2 client