1. In this post we get introduced to built in scanners that come preloaded with Metasploit in Kali Linux that let us search and recover service information from a single computer or an entire network.We assume the same setup of virtual machines as in my past post at http://anupriti.blogspot.in/2015/10/irc-exploit-tutorial-to-hack-into-root.html
SETTING UP THE VIRTUAL MACHINES
Exactly the same setup as I followed at the post at http://anupriti.blogspot.in/2015/10/irc-exploit-tutorial-to-hack-into-root.html
Virtual Machine One,VM1 : Kali Linux 2 @ 192.168.56.102
Virtual Machine Two,VM2 : Metasploitable 2 @ 192.168.56.103
Machines pinging each other...please check before proceeding ahead
Using SCANNERS to gain info
To find scanners available in Kali Linux,just run “msfconsole” from Kali command prompt and then type “search scanner” at the prompt as below :
msf > search scanner
U get something like this as seen below which is actually trimmed shot as the complete out is pretty exhaustive.
CLICK TO ENLARGE |
nmap the metasploitable machine...as we did earlier and we get this screen as below :
CLICK TO ENLARGE |
Let’s focus on Port 22 ie Secure Shell (ssh) and thus search Metasploit for ssh scanners as follows :
SSH
At msf terminals type : search scanner/ssh
Click to ENLARGE |
We see from above about six of them and in these there is one looking for version information ie the “auxiliary/scanner/ssh/ssh_version” module.Will use this to find the version info as follows :
- Type, “use auxiliary/scanner/ssh/ssh_version” at the terminal of msf
- Then type “show options”
- set RHOSTS
- Type “exploit” to run.
From above we see that the victim is running an SSH server and the software version is
SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu
Mysql
But the above comes with a exclamation too...if we run mysql version query,then too we get some result that's different as seen below :
The scan reveals that MySQL 5.0.51.a-3ubuntu5 is running as seen in the shot above.
Click to ENLARGE |