Thursday, 2 February 2017

Metasploit Tutorial - 2 (information gathering)

Steps and Instructions -

We all know how information gathering is so needed. Its like the first step of every hack.

In this tutorial we will gain information of a target website using Metasploit Framework.

Requirement -

* Kali Machine or Metasploit installed windows machine

* A target website to hack.

Some terms -

Information Gathering - It is the process of  gathering crucial info of target to use it when we will be exploiting.

So lest's start mate -

* We will run metasploit by opening a terminal and typing "msfconsole"

This will give you a console to work on Metasploit

Now we need to get the IP address of the target website

* Type in "host (target address"

When we get the IP....

We will scan the target using NMAP tool

It is necessary to scan for open ports

Type in "nmap -F (IP address)"

Note - This can take time

After some time you will get some ports information

Note - It should say the host is up. If it does't say it, then your target is shutdown or not in the network

Here there are many open ports available.

We will try to get ssh port.

* Type in "search ssh"

This command will give you exploits, auxiliaries and modules.

You will get so many modules. But I know a perfect exploit for this

Type in "search ssh_version"

We will run the fourth auxiliary 

* So type in "info auxiliary/fuzzer/ssh/ssh_version_15"

This will give us the info about the auxiliary

Cool. We will use this by typing "use auxiliary/fuzzer/ssh/ssh_version_15"

Once we are in the auxiliary, we will see the options to set it up

* Type in "show options" to see the options

We need to set up few things now,

We will set up the RHOST

Which is the IP address of the target

"set RHOST (target IP)"

And then set up threads "set THREADS 5"

Now everything is in order, just type "run"

You will get the info of that ssh server.

Thats it for this tutorial guys.

I hope you learn t few things.

This was just the basic part. I have made some good exploit tutorials using Metasploit.

No comments:

Post a comment