Introduction
Metasploit framework is a penetration testing framework that contain a lot of tools (port scanners, vulnerability scanners, exploits,…etc), now we will start with the important step in penetration testing.
The first and the most imprtant step in penetration testing is information gathering, it is collecting as much information as possible about a target and your information must be accurate.
Information gathering is 2 types
1- Passive information Gathering: It’s collecting information wthout touching the target like using
A- Google (or any other search engine)
B- whois
C- nslookup
D- netcraft
2- Active Information Gatherig: It’s collecting information by touching the target like using (nmap).
First you must connect to database (to dump results in it) by using command db_status and the result must be postgresql connected to msf3
Some Nmap options:
oX –> Export a report
sI –> Scan targets stealthy by spoofing ip address (Idle IP)
A –> Banner graabbing
sS –> Stealth TCP port scan
Pn –> Don’t use ICMP (Don’t ping)
msf> db_nmap -sS 127.0.0.1
[*] Nmap: Starting Nmap 6.25 ( http://nmap.org )
[*] Nmap: Nmap scan report for root (127.0.0.1)
[*] Nmap: Host is up (0.000012s latency).
[*] Nmap: Not shown: 994 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 3001/tcp open nessus
[*] Nmap: 5432/tcp open postgresql
[*] Nmap: 5900/tcp open vnc
[*] Nmap: 9050/tcp open tor-socks
[*] Nmap: 9091/tcp open xmltec-xmlmail
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 2.23 seconds
Note: Metasploit uses PostgreSQL database to store your results such as (nmap results, nusses results … )To get the results in detail use
hosts command
address mac name os_name os_flavor os_sp purpose
------- --- ---- ------- --------- ----- -------
127.0.0.1 00:22:68:31:93:b0 Unknown device
192.168.0.131 00:16:e6:64:5d:d1 Unknown device
192.168.0.155 Microsoft Windows XP SP2 client