How To Scan a Target Network Using Metasploit

-

 

Our topic is “ how to scan a target network using Metasploit.” First, let’s explain what Metasploit is. Metasploit is an open-source exploit framework. Metasploit; It can run in Linux, Windows Mac-OS environments. With Metasploit, not only direct attacks are made. You can make various backdoor files and attack the target system with them. Abuse codes written for vulnerabilities can be found on the site https://www.exploit-db.com/. Metasploit is a framework that includes scanning modules, antivirus circumvention models, and currently exploits. Metasploit comes preinstalled on Kali Linux, Backtrack Linux, or Parrot Linux. There are also auxiliary tools required for reverse engineering in Metasploit. Metasploit 3.0 and later versions are developed in the "Ruby" language. Apart from Metasploit, exploit codes can also be downloaded from sites such as https://packetstormsecurity.com/, milworm, and https://www.securityfocus.com/. However, the codes to be downloaded should be used after careful examination as they may contain backdoor or codes that will leak information. Otherwise, you may encounter severe damages.

Metasploit has a practical interface and includes more than 2049 exploits from the current version, more than 1108 auxiliary, over 566 payloads, 45 encoders, 10 nops, and 7 evasions.  Metasploit basically consists of the following components.

 

Exploit is the vulnerability used to achieve the goals by using the services or application weaknesses running on the target system.

The payload is used to infiltrate the target system after the exploit finds vulnerabilities. It attacks using a kind of exploit vulnerability; the payload allows us to do business by settling into this vulnerability.

Auxiliary contains tools to scan the system. Performs operations such as Sniffing, Scanning.

Encoders are responsible for preventing the code within the exploit from being recognized by the system. For Metasploit to be activated, it will be enough to enter the "msfconsole" command on the terminal screen.

Metasploit Shortcuts: As in all Linux operating systems, automatic completion can be done with the TAB key on Metasploit. You can also use the help command to get help.

Show Command: You can get information from the modules in Metasploit. The show command returns responses according to the relevant platform. For example, Linux modules cannot be viewed while inside Windows modules.

 

Search Command: Searches for information about the module you are looking for.

 

Check Command: Used to check whether the target system contains the current exploit. It may not be supported by all exploit modules.

 

Use Command: The command allows us to select the modules required to perform exploit operations.

 

Run Command: We will use the command to launch an attack on the system after we decide that we will use the exploit or auxiliary module against our target machine. Alternatively, the "exploit" command can be used.

 

Set Command: It is the command that defines the parameters in the module to be used. If you want to define parameters to be used in all modules, "setg" command can be used.

 

Sessions Command: Used to manage multiple connections. You can throw your links in the background and recall them when necessary.

 

Let's examine how to scan a target network using Metasploit;

Note: I am using kali Linux.

Sample Testing Using Nmap and Metasploit

The Nmap tool is a network scanning tool included with Kali Linux. It is widely used. General and detailed information about the network can be obtained.

PORTS: Specifies the ports to scan (e.g., 22-25, 80, 110-900), RHOSTS: Specifies the target address range or CIDR identifier.. Browsers and almost all auxiliary modules use the RHOSTS variable instead of RHOST. RHOSTS variable can take IP ranges that can be entered in different formats.

 

IP Ranges (192.168.1.20-192.168.1.30)

CIDR Notation (192.168.1.0/24),

Multi-format (192.168.1.0/24, 192.168.3.0/24),

IP addresses from bis file (file: /tmp/hostlist.txt). There must be 1 IP per line.

THREADS

There is a variable named THREADS in the scanning modules used in Metasploit. This variable allows us to determine how many channels the trial will be run during scanning. The THREADS variable is set to 1 by default. Increasing this value speeds up the scanning. Although speeding up scanning is beneficial for getting things quicker, it has some limitations. It would be best if you considered the recommendations for the THREADS variable in the list below.

 

*If the MSF program is running on Win32 systems, set the THREADS value to 16 and below.

*If the MSF program is running on the Cygwin system, set the THREADS value to 200 and below.

*If the MSF program is running on a Unix-like system, you can set the THREADS value to 256.

Nmap and db_Nmap

You can use the classic Nmap command that you know or use the db_nmap command in Metasploit. When accessed using the db_nmap command, it is automatically transferred to the host tables. When scanning with Nmap, if you save the results to a file in (XML, grepable and normal) formats for later use with the -oA parameter, use the db_import command in Metasploit instead. Also, I will share some useful Nmap parameters with you. Do your research for more.

-sn(disables  Port Scan) -PR (ARP ping scan) -PU(UDP ping scan -PE (ICMP ECHO ping scan)

-PP/-PM(ICMP mask ping scan) -PS (TCP/SYN) -PO(İP) -sT (TCP all open port scan) -v (verbose)

-sS (stealth/TCP half-open scan) -A (aggressive scan) -D (decoy scan) -RND(random generates ip)

-sZ -v (SCTP cookie ECHO scan) -sV (detect service versions) -sl -v (IDLE/IPID header scan)

 

You can use the Nmap command from the operating system's command line or Nmap from the msf> command line.  You can export these files to Metasploit if you want. If you instead command db_nmap -v -sV 192.168.1.0/24, the results are automatically recorded in the host's table. Or we can also type this command to scan the whole subnet and get the results.

 >nmap -Pn -sS  -A -oX Scan_Sub 198.162.*.*/24 - To get the scan result from database >db_import Scan_Sub (enter) If we write >hosts, then we get detailed information about the active hosts.

Now write > services or db_services And examine the results. Useful information comes across.

You don't have to use only Nmap or db_Nmap for port scanning. There are also several other Port scanning modules in Metasploit. You can list them with the search port scan command. Examples;

“Msf > search portscan”

then > use auxiliary/scanner/portscan/syn (SYN scan on target system)

We write the following commands, respectively;

>set INTERFACE eth0

>set PORT 80

>set RHOSTS İPADRESS

>set THREADS 50

>run

Note: Edit the parameters for the target you want to scan.




All TCP ports belonging to the target are displayed.



* smb/Ftp scan /version

Finally, we export the scanning information to the file.(MetasploitScanResult)

You can review different documents for more examples. I hope it is useful for you.



Thank you,

Regards

 

Tarkan Aydınonat.














Yorumlar

Yorum Gönder

Bu blogdaki popüler yayınlar

OSINT*AÇIK KAYNAK İSTİHBARATI’NA GİRİŞ VE UYGULAMA YÖNTEMLERİ

-
Resim
          AÇIK KAYNAK İSTİHBARATI’NA GİRİŞ VE UYGULAMA YÖNTEMLERİ Tarkan Aydınonat BİREYSEL MAKALE   Word count = 4684                         OSINT; BİR KİŞİ VEYA KURUMA AİT BİLGİLERE ULAŞMA     Kamuya açık, ulasılabilir kaynaklardan bilgi toplayarak, istihbarat üreterek analiz etme yöntemi olarak genel bir OSINT tanımı yapabilirim. Bildiğiniz gibi hocam, OSINT’in kapsamı sadece siber güvenlik ile sınırlı değildir. Askeri ve ticari istihbarat gibi bilginin önem teşkil ettiği geniş bir kullanım alanına sahiptir. Günümüzde artık hacker’lar ve siber güvenlik alanında çalışan kişilerin yanı sıra yeterli network bilgisine sahip dedikodu sever bir şirket çalışanından insan kaynakları yöneticilerine kadar uzanan bir skalada kişisel veya tanınmak istenen kişi ya da bir kurum/kuruluş hakkında verilere ulaşmak popüler bir hal almıştır. İşin bu denli yaygınlaşmasının sebep olduğu sorunlar ve kişisel verilerin korunmasının önemi/önlemler ayrı bi
Devamı

AY'IN FİLMİ III ''CONTACT ''

-
Resim
Bilim kurgu severlere sürükleyici bir film.İYİ SEYİRLER.;) KONU :''  Astronom Dr. Arroway, Bir gece  Vega  yıldızından gelen bir sinyal keşfeder. Arroway'in bu keşfi bütün Amerika'yı ayağa kaldıracaktır. İşin daha da tuhaf olan tarafı, Vega yıldızından gelen bu sinyaller birleştirildiğinde bir teknolojik aracın yapım planı ortaya çıkmaktadır. Bu bir  truva atı  mıdır? yoksa başka  gezegen  ve  galaksilere  seyahatin yolunu açan bir makine midir? Bunu öğrenmek için Amerikan Hükümeti makineyi yapmaya karar verir.'' P.S : ''  Carl Sagan 'ın  aynı adlı romanından  beyaz perdeye uyarlanan  1997  yapımı bir bilim kurgu filmidir. Yönetmenliğini  Robert Zemeckis yapmış ve başrollerini Dr. Eleanor Ann "Ellie" Arroway rolüyle  Jodie Foster , Palmer Joss rolüyle  Matthew McConaughey , Ulusal Güvenlik Müşaviri Michael Kitz rolüyle James Woods  ve Dr. David Drumlin rolüyle  Tom Skerritt  oynamıştır.''
Devamı

Open Source Intellıgence (OSINT)FRAMEWORK/ Açık Kaynak İstihbaratı

-
Resim
OSINT Framework(çerçevesi), istihbarat ve veri toplama sürecini kolaylaştırmak için tasarlanmış bir Açık Kaynak İstihbarat araçları koleksiyonudur. OSINT çerçevesi, kullanımı kolay bir web ara yüzünde kapsamlı bir araç listesi sağlar. Çevrimiçi ara yüz ), farklı istihbarat kaynakları için kategoriler ve sınıflandırmalar sağlayarak, olası tüm kaynakları araştırmanızı sağlamak için önemli bir kontrol listesi (veya yol haritası) haline getirir. OSINT çerçevesi araştırmacılar ve penetrasyon test cihazları için mükemmel bir kaynaktır. https://osintframework.com Ne duruyorsunuz? inceleyin! Harika bir kaynak ;)
Devamı