Thursday, 11 July 2013

Attack An IP With Metasploit & NMAP

Hello guys, howz you all ? Vandan here. First of all I want to say thanks to XEO Hacker for giving me chance to write for this blog and I will try my best to give you guys the best I can. I have chosen "GOOGLE WORM" as my nick in hacking world hope you guys like it as well.Lets come to the tutorial. Tomorrow I have posted about ClickJacking Attack in which I have given an idea about ClickJacking and the ways how to do it. Today I am going to write about Nmap with Metasploit. Let's start . 

Steps to Follow

  • First download Metasploit 3.3 from the official website.
  • Let it install and towards the end of the installation it will ask if you would like Nmap installed also, choose YES. 
  • Once you have installed the Metasploit, the below screen will open up.

  • Now type db_create. 
  • Once you have typed that type nmap, it will load nmap as shown in below image.
  • You need to configure your scan now, I usually do a simple -sT -sV scan which will tell us the open ports and services running on the victims computer. 
  • Now type nmap -sT -sV xxx.xxx.xxx.x (X's being victims Ip number)
  • Now give it 5 minutes to complete the scan,Once that is complete if you are lucky you should get a response like this...
  • This is basically a list of the open ports and services running on the target machine. 
  • Now the handy feature of the metasploit 3.3 framework is the autopwn feature, this basically searches and runs all matching exploits in the Metasploit database against the target machine and if successful will create a shell or similar privilege for the attacker.
  • Now once you have the nmap results delivered back to you showing the open ports and services type db_autopwn -p -t -e.
  • From this point you will either have access to the victims computer through a successfully launched exploit or you will get a response saying the machine wasn't vulnerable to any of the exploits in the Metasploit database. 
  • Unfortunately on this particular machine I found it wasn't vulnerable as the image below proves.But if you are in luck and the targeted computer is vulnerable to exploits then BOOM.
  • Good luck. Have fun !!!

0 comments:

Post a Comment