Social Icons

Sunday, October 25, 2015

Kali Linux 2 : Putting SCANNERS at work

1.    In this post we get introduced to built in scanners that come preloaded with Metasploit in Kali Linux that let us search and recover service information from a single computer or an entire network.We assume the same setup of virtual machines as in my past post at


Exactly the same setup as I followed at the post at

Virtual Machine One,VM1  : Kali Linux 2 @
Virtual Machine Two,VM2 : Metasploitable 2 @

Machines pinging each other...please check before proceeding ahead

Using SCANNERS to gain info

To find scanners available in Kali Linux,just run “msfconsole” from Kali command prompt and then type “search scanner” at the prompt as below :

msf > search scanner

U get something like this as seen below which is actually trimmed shot as the complete out is pretty exhaustive.

nmap the metasploitable we did earlier and we get this screen as below :

Let’s focus on Port 22 ie Secure Shell (ssh) and thus search Metasploit for ssh scanners as follows :


At msf terminals type : search scanner/ssh
Click to ENLARGE
We see from above about six of them and in these there is one looking for version information ie the “auxiliary/scanner/ssh/ssh_version” module.Will use this to find the version info as follows :

- Type, “use auxiliary/scanner/ssh/ssh_version” at the terminal of msf
- Then type “show options
- set RHOSTS  
- Type “exploit” to run.

From above we see that the victim is running an SSH server and the software version is 
SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu


But the above comes with a exclamation too...if we run mysql version query,then too we get some result that's different as seen below :
Click to ENLARGE
The scan reveals that MySQL 5.0.51.a-3ubuntu5 is running as seen in the shot above.


Click to ENLARGE
Highlighted text “Login with msfadmin/msfadmin to get started”, actually gives login credentials on the Telnet page....these kinds of security holes actually exists in the real world..real web at so many web sites....


The above gives the SAAMBA version


Post a Comment