How To Scan a Target Network Using Metasploit

-

 

Our topic is “ how to scan a target network using Metasploit.” First, let’s explain what Metasploit is. Metasploit is an open-source exploit framework. Metasploit; It can run in Linux, Windows Mac-OS environments. With Metasploit, not only direct attacks are made. You can make various backdoor files and attack the target system with them. Abuse codes written for vulnerabilities can be found on the site https://www.exploit-db.com/. Metasploit is a framework that includes scanning modules, antivirus circumvention models, and currently exploits. Metasploit comes preinstalled on Kali Linux, Backtrack Linux, or Parrot Linux. There are also auxiliary tools required for reverse engineering in Metasploit. Metasploit 3.0 and later versions are developed in the "Ruby" language. Apart from Metasploit, exploit codes can also be downloaded from sites such as https://packetstormsecurity.com/, milworm, and https://www.securityfocus.com/. However, the codes to be downloaded should be used after careful examination as they may contain backdoor or codes that will leak information. Otherwise, you may encounter severe damages.

Metasploit has a practical interface and includes more than 2049 exploits from the current version, more than 1108 auxiliary, over 566 payloads, 45 encoders, 10 nops, and 7 evasions.  Metasploit basically consists of the following components.

 

Exploit is the vulnerability used to achieve the goals by using the services or application weaknesses running on the target system.

The payload is used to infiltrate the target system after the exploit finds vulnerabilities. It attacks using a kind of exploit vulnerability; the payload allows us to do business by settling into this vulnerability.

Auxiliary contains tools to scan the system. Performs operations such as Sniffing, Scanning.

Encoders are responsible for preventing the code within the exploit from being recognized by the system. For Metasploit to be activated, it will be enough to enter the "msfconsole" command on the terminal screen.

Metasploit Shortcuts: As in all Linux operating systems, automatic completion can be done with the TAB key on Metasploit. You can also use the help command to get help.

Show Command: You can get information from the modules in Metasploit. The show command returns responses according to the relevant platform. For example, Linux modules cannot be viewed while inside Windows modules.

 

Search Command: Searches for information about the module you are looking for.

 

Check Command: Used to check whether the target system contains the current exploit. It may not be supported by all exploit modules.

 

Use Command: The command allows us to select the modules required to perform exploit operations.

 

Run Command: We will use the command to launch an attack on the system after we decide that we will use the exploit or auxiliary module against our target machine. Alternatively, the "exploit" command can be used.

 

Set Command: It is the command that defines the parameters in the module to be used. If you want to define parameters to be used in all modules, "setg" command can be used.

 

Sessions Command: Used to manage multiple connections. You can throw your links in the background and recall them when necessary.

 

Let's examine how to scan a target network using Metasploit;

Note: I am using kali Linux.

Sample Testing Using Nmap and Metasploit

The Nmap tool is a network scanning tool included with Kali Linux. It is widely used. General and detailed information about the network can be obtained.

PORTS: Specifies the ports to scan (e.g., 22-25, 80, 110-900), RHOSTS: Specifies the target address range or CIDR identifier.. Browsers and almost all auxiliary modules use the RHOSTS variable instead of RHOST. RHOSTS variable can take IP ranges that can be entered in different formats.

 

IP Ranges (192.168.1.20-192.168.1.30)

CIDR Notation (192.168.1.0/24),

Multi-format (192.168.1.0/24, 192.168.3.0/24),

IP addresses from bis file (file: /tmp/hostlist.txt). There must be 1 IP per line.

THREADS

There is a variable named THREADS in the scanning modules used in Metasploit. This variable allows us to determine how many channels the trial will be run during scanning. The THREADS variable is set to 1 by default. Increasing this value speeds up the scanning. Although speeding up scanning is beneficial for getting things quicker, it has some limitations. It would be best if you considered the recommendations for the THREADS variable in the list below.

 

*If the MSF program is running on Win32 systems, set the THREADS value to 16 and below.

*If the MSF program is running on the Cygwin system, set the THREADS value to 200 and below.

*If the MSF program is running on a Unix-like system, you can set the THREADS value to 256.

Nmap and db_Nmap

You can use the classic Nmap command that you know or use the db_nmap command in Metasploit. When accessed using the db_nmap command, it is automatically transferred to the host tables. When scanning with Nmap, if you save the results to a file in (XML, grepable and normal) formats for later use with the -oA parameter, use the db_import command in Metasploit instead. Also, I will share some useful Nmap parameters with you. Do your research for more.

-sn(disables  Port Scan) -PR (ARP ping scan) -PU(UDP ping scan -PE (ICMP ECHO ping scan)

-PP/-PM(ICMP mask ping scan) -PS (TCP/SYN) -PO(İP) -sT (TCP all open port scan) -v (verbose)

-sS (stealth/TCP half-open scan) -A (aggressive scan) -D (decoy scan) -RND(random generates ip)

-sZ -v (SCTP cookie ECHO scan) -sV (detect service versions) -sl -v (IDLE/IPID header scan)

 

You can use the Nmap command from the operating system's command line or Nmap from the msf> command line.  You can export these files to Metasploit if you want. If you instead command db_nmap -v -sV 192.168.1.0/24, the results are automatically recorded in the host's table. Or we can also type this command to scan the whole subnet and get the results.

 >nmap -Pn -sS  -A -oX Scan_Sub 198.162.*.*/24 - To get the scan result from database >db_import Scan_Sub (enter) If we write >hosts, then we get detailed information about the active hosts.

Now write > services or db_services And examine the results. Useful information comes across.

You don't have to use only Nmap or db_Nmap for port scanning. There are also several other Port scanning modules in Metasploit. You can list them with the search port scan command. Examples;

“Msf > search portscan”

then > use auxiliary/scanner/portscan/syn (SYN scan on target system)

We write the following commands, respectively;

>set INTERFACE eth0

>set PORT 80

>set RHOSTS İPADRESS

>set THREADS 50

>run

Note: Edit the parameters for the target you want to scan.




All TCP ports belonging to the target are displayed.



* smb/Ftp scan /version

Finally, we export the scanning information to the file.(MetasploitScanResult)

You can review different documents for more examples. I hope it is useful for you.



Thank you,

Regards

 

Tarkan Aydınonat.














Yorumlar

Yorum Gönder

Bu blogdaki popüler yayınlar

Twitter'ın 17 lik Hackerı Yakalandı!

-
Resim
Yetkililer, eski ABD Başkanı Barack Obama ve Elon Musk da dahil olmak üzere ünlülerin hesaplarını hackleyen ve hesapları üzerinden bitcoin dolandırıcılığı yapan kişiyi yakaladıkladıklsrını belirtti. Herkes Twitter ın hack kaşısındaki çaresizliği karşısında bu işin pro. Kişi veya kişilerin yaptığını düşünüyordu. Yakalanan  usta hacker'ın 17 yaşında olması ise herkesi şaşırtı. Mahkeme karşısında 30 ayrı suçtan yetişkin olarak  değerlendirilecek olan genç hacker, biri 19 diğeri 22 yaşında suç ortartakları ile birlikte yargılanacak.
Devamı

2023'te Kali Linux için En İyi 25 Sızma Testi Aracı

-
Resim
Bilgisayar korsanlığınızı bir sonraki seviyeye taşımaya hazır mısınız? Kali Linux, sızma testi ve hackleme için mükemmel bir platformdur ve hacklemenin en iyi yolu doğru araçları kullanmaktır. Bu kılavuzda Kali Linux için en iyi 25 sızma testi aracına genel bir bakış sunacağız. İster sızma testi yapmaya yeni başlayan isterse bir siber ninja olun,{ enumeration, password cracking, web app security, on-path attacks, privilege escalation, network exploitation, pentesting frameworks, social engineering, evasion}✓Sizma testi çerçeveleri için kullandığımız en iyi sızma testi araçlarını öğrenmekten veya hatırlamaktan mutlu olacaksınız. ,  Enumeration Tools Bilgisayar korsanlığına başlamadan önce hedefinizin güvenlik açıklarını bilmeniz gerekir. Başka bir deyişle, her sızma testi numaralandırmayla başlar. Aşağıdaki araçlar keşif, saldırı yüzeyinizi elde etmek ve savaş alanınızın manzarasını öğrenmek içindir. Nmap Nmap bir ağ haritalama aracıdır. Mevcut ana bilgi...
Devamı

OSINT*AÇIK KAYNAK İSTİHBARATI’NA GİRİŞ VE UYGULAMA YÖNTEMLERİ

-
Resim
          AÇIK KAYNAK İSTİHBARATI’NA GİRİŞ VE UYGULAMA YÖNTEMLERİ Tarkan Aydınonat BİREYSEL MAKALE   Word count = 4684                         OSINT; BİR KİŞİ VEYA KURUMA AİT BİLGİLERE ULAŞMA     Kamuya açık, ulasılabilir kaynaklardan bilgi toplayarak, istihbarat üreterek analiz etme yöntemi olarak genel bir OSINT tanımı yapabilirim. Bildiğiniz gibi hocam, OSINT’in kapsamı sadece siber güvenlik ile sınırlı değildir. Askeri ve ticari istihbarat gibi bilginin önem teşkil ettiği geniş bir kullanım alanına sahiptir. Günümüzde artık hacker’lar ve siber güvenlik alanında çalışan kişilerin yanı sıra yeterli network bilgisine sahip dedikodu sever bir şirket çalışanından insan kaynakları yöneticilerine kadar uzanan bir skalada kişisel veya tanınmak istenen kişi ya da bir kurum/kuruluş hakkında verilere ulaşmak popüler bir hal almıştır. İşin bu de...
Devamı