Security Stuff!!
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode


Introduction Metasploit framework is a penetration testing framework that contain a lot of tools (port scanners, vulnerability scanners, exploits,…etc), now we will start with the important step in penetration testing. Information Gathering The first and the most imprtant step in penetration testing is information gathering, it is collecting as much information as possible about a target and your information must be accurate. Information gathering is 2 types 1- Passive information Gathering: It’s collecting information wthout touching the target like using
Read full post

Nmap 1

Nmap or Network Mapper, it’s a security scanner for scan ports, OS fingerprinting, banners and others ) in range of network or a specific machine, Nmap written by Faydor Now we want to use this program to scan our system to know what banners will shown to attacker, and open ports that is not useful to my system and i have to close it or shutdown these services that works on these ports.
Read full post

Scanning By Modules

Scanning ByModules Metasploit contains a lot of modules such as (port scanners, banner grabbers for services … etc), we will use here some of these modules Note 1: To get port scanner modules msf> search portscan TCP-SYN scanning To make TCP-SYN port scan(syn), to use a module use use command msf> useauxiliary/scanner/portscan/syn Then to adjust this modules use show options, you will see many options and you can set any variable you want by set command, for example to set IP address of the target address set RHOST 192.
Read full post

Nmap 2

Let’s try using nmap to scan and how to use it to stop unused services (attackers could use these services) by using command nmap -sS localhost to scan my computer Starting Nmap 5.00 ( ) at 2011-06-28 00:51 EEST Interesting ports on example ( Not shown: 996 closed ports PORT STATE SERVICE 25/tcp open smtp 111/tcp open rpcbind 631/tcp open ipp 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.
Read full post

Advanced Commands

Advanced Commands Now we will introduce some advanced commands in metasploit 1- show exploits: Display all exploites available in metasploit msf> show exploits 2- show auxiliary: Display all auxiliaries available in metasploit (scanners, fuzzers , DOS tools … etc) msf> show auxiliary 3- show options: Display all the options available in specific exploit for example ms03_026_dcom exploit msf> show options 4- show payloads: Display payloads that are related to the current module for example ms03_026_dcom
Read full post