Steps and Instructions -
We all know how information gathering is so needed. Its like the first step of every hack.
In this tutorial we will gain information of a target website using Metasploit Framework.
* Kali Machine or Metasploit installed windows machine
* A target website to hack.
Some terms -
Information Gathering - It is the process of gathering crucial info of target to use it when we will be exploiting.
So lest's start mate -
* We will run metasploit by opening a terminal and typing "msfconsole"
This will give you a console to work on Metasploit
Now we need to get the IP address of the target website
* Type in "host (target address www.target.com)"
When we get the IP....
We will scan the target using NMAP tool
It is necessary to scan for open ports
Type in "nmap -F (IP address)"
Note - This can take time
After some time you will get some ports information
Note - It should say the host is up. If it does't say it, then your target is shutdown or not in the network
Here there are many open ports available.
We will try to get ssh port.
* Type in "search ssh"
This command will give you exploits, auxiliaries and modules.
You will get so many modules. But I know a perfect exploit for this
Type in "search ssh_version"
We will run the fourth auxiliary
* So type in "info auxiliary/fuzzer/ssh/ssh_version_15"
This will give us the info about the auxiliary
Cool. We will use this by typing "use auxiliary/fuzzer/ssh/ssh_version_15"
Once we are in the auxiliary, we will see the options to set it up
* Type in "show options" to see the options
We need to set up few things now,
We will set up the RHOST
Which is the IP address of the target
"set RHOST (target IP)"
And then set up threads "set THREADS 5"
Now everything is in order, just type "run"
You will get the info of that ssh server.
Thats it for this tutorial guys.
I hope you learn t few things.
This was just the basic part. I have made some good exploit tutorials using Metasploit.