2021-06-15 16:59:55
@The Metasploit is very vast .As vast as you can't think ! This was just a guide which has made you famalier with Metasploit and how to launch a attack on Metasploit.
Their are also advance ways which you can use to evade firewall while attacking and meterpreter which is itself a very vast post-exploitation topic which we would not cover.
More more information about Metasploit you can refer to the offensive security Metasploit Unleashed article to get detailed guide about Metasploit and all its components.
Their are also many auxillary modules which I have not covered but I hope that after reading this guide you could use them on your own from the above understanding because the process is same : ) Link: https://www.offensive-security.com/metasploit-unleashed/
2021-06-15 16:59:40
Today we will have a look at Metasploit which is one of the best Exploitation framework owned by Rapid7 and is integrated with many exploits to completely destroy our target. Metasploit is written in Ruby Language and comes pre-packaged with many exploits, scanners, encoders which can perform different tasks. Metasploit has a large database which has more than 2000 exploits related to all the protocol versions and also related to Windows, Linux and much more.
Features: 1. It comes pre-packaged with Kali Linux and parrot OS . 2. It is constantly updated and new exploits are added to it in every 2 to 3 days. 3. It also has the capability to scan the target for open ports and also for vulnerabilities.They are called auxillary modules. 4. Whenever an interesting exploit is discovered it is soon added to the Metasploit Framework. 5. It also has an additional functionality called as meterpreter which is a kind of shell with very advance functionalities. 6. It can be used for both exploitation and post-exploitation. 7. It also include exploit related to Android devices and also related to voip and other attacks. 8. It also has capability to attack various IOT devices. 9. With msfvenom we can create a malacious payload which when executed cam be used to gain access to our target machine
Some Important Terms:
Exploit: It is a piece of code which triggers the vulnerability and successfully exploit it
Payload: It is the preice of code which is run after the exploit has successfully executed on the victim. The payload can be made to gain shell or to perform malacious tasks.
How to Use ?
To launch Metasploit you can type the command "msfconsole" on your terminal.
>>msfconsole
#Now we would see that the Metasploit has loaded and we are greeted with a banner
To change the banner we can use the banner command on the msf terminal. msf> banner
To make the loading of Metasploit even faster we can start postgresql service.
>>service postgresql start
How to Use ?
1. search utility - search is used to search for strings such as msf>search exploits - search for all the exploits search MySQL - search for all exploit and auxillary with keyword MySQL . search ftp - Search for all modules having word ftp
@ Like this we can search for exploits and auxillary modules related to our needs
2. Now when you have selected which exploit you want to use now we have to select that exploit . We can do that by 'use' command. msf>use exploit/ftp/vsftpd2.3.4 This will load the specified exploit and you will notice that the exploit name is shown in red color. This is a indication that the exploit was successfully loaded.
3. Now we have to set some options which we need to run the exploit. The options may include the RHOST, LHOST, LPORT and sometimes password or hashes or even wordlists.
show options = This will show you all the options you need to set to the exploit you just loaded for it to run properly.
Synatx to set Value: set
2021-06-15 08:28:57
CompTIA Security+ Certification (SY0-501). (Udemy) Everything you need to pass the CompTIA Security+ SY0-501 Exam, from Mike Meyers. CompTIA expert and bestselling author.
Link - https://www.udemy.com/course/comptia-security-certification-sy0-501-the-total-course/
Password - ethicalhackx 10 Parts How to Extract - https://t.me/ethicalhackx/430 How to Extract Video - https://t.me/ethicalhackx/343
2021-06-15 08:21:06
Nmap Scripting Engine (NSE) The NSE has a huge databese to scripts which can be used to enumerate the target. NSE has scripts to enumerate SSH, FTP, HTTP, SQL, SMB, DOMAIN and many other CVE and Services and Vulnerability.
The Namp scripts are stored in the /usr/share/nmap/scripts/ directory.
Syntax: --script=
Some of the most common used scripts are:
1. ftp-anon.nse = To see anon login is enabled 2. ssh-brute.nse = brute force SSH 3. ftp-brute.nse = brute force FTP 4. smb-enum.nse = enumerate SMB 5. mysql-enum.nse = enumerate MySQL
Their are many other scripts and it is impossible to remember the name of all the scripts : )
Advance Options:
1. --min-parlellism 20 = Scan minimum 20 ports parlelly 2. --max-parlellism 20 = Scan maximum 20 ports parlelly 3. --min-hostgroups 34 = Scan minimum 34 hosts parlelly; when scanning whole subnet 4. --max-hostgroups 34 = Scan maximum 34 hosts parlelly; when scanning whole subnet 5. --scan-delay 10 = Wait for 10 second after scanning each host;when scanning whole subnet 6. --host-timeout 20 = Skip the host if it don't reapond to the scan in 20 seconds;when scanning whole subnet 7. --min-rate 20 = send minimum 20 packets in a second 8. --max-rate 20 = send maximum 20 packets in a second
Note: Nmap is a very vast tool and it is impossible to tell you whole Nmap as it is very difficult. So I would like to end here. The above blog gives you a detailed overview of Nmap and I hope that now you will be able to use Nmap with your requirements and would be able to take most of out it.
2021-06-15 08:20:52
Network Mapper commonly known as Nmap is one of the best tool to gather network information about a target or even about a whole subnet. Nmap is a information gathering tool which can gather nearly every information about the target.It is mostly used to gather information about open ports and the services on them on the target. It is a CLI based tool which come pre-packaged with most of the Linux distribution such as Kali Linux, parrot os and also ubuntu. Nmap is written in Lua language which is very easy to learn and understand. Nmap also comes with many scripts to gather extensive information realted to the configuration of a praticular protocol on the targert.
Features:
1. It has a GUI based version called ZenMap which has a beginner friendly interface. 2. It has easy to use commands and the syntax is very easy. 3. It can easily show the results in the way we want to see. 4. It has verbose option which can help us to monitor the status of the scan. 5. The large database of Nmap help us to easily fingerprint information not only about Windows, Linux, Mac but also about various IOT devices. 6. We can easily write scripts and customise existing Nmap scripts to works it in way we want. 7. The larger database of scripts help us to deeply enumerate the target related to a particular point. 8. Along with network it can also be used to gather information related to HTTP(web). 9. It can also be used to deted Eternal Blue , HeartBleed and many other CVE's target is vulnerable to. 10. The time support of Nmap help us to increase or decrease the speed of enumeration according to the version and capacity of the target server.
Basic Syntax:
nmap (IP/subnet)
Note: The Flags used below are to be putted between in tag while doing scanning. Basic usage of Nmap
1. To gather information about open ports 1.1 -p = Used to scan ports we specify 1.2 -p 22 = Only scan port 22 1.3 -p- = Scan all the ports (65535) 1.4 -p-23 = Scan from port 1 to 23 1.5 -F = Scan only well known port 1.6 -sS = Do a SYN scan(don't complete handshake) 1.7 -sT = Only scan TCP ports 1.8 -sU = Only scan UDP ports 1.9 -O = Try to detect OS of the target 1.10 -Pn = Do not ping the target(Mostly used for windows target) 1.11 -A = Perform a Aggressive scan 1.12 -sV = Try to detect service version of open ports
2. Getting desired information 2.1 -oA result = Creatae 3 output file of the scan. result.txt, result.xml, result.gnmap 2.2 -oA result.xml = Only create a XML file 2.3 -v = Verbose output 2.4 -vv = Double verbose output 2.5 -vvv = Triple verbose output
3. Firewall detection and Bypassing 3.1 -sA = ACK probing, check if firewall is present 3.2 -D 12.32.23.43 = Perform scan with the specific IP as source. Used to hide our IP. Technique is called as Decoy. 3.3 -D RND:4 = Perform scan with any 4 random IP as source. 3.4 -f = Break the packets in fragments to bypass firewall.Technique is called as fragmentation. 3.5 --mtu 24 = Make each packet of 24 bytes to evade the firewall.
# If these techniques do not work you may need to add --send-eth flag after the filter. For example: nmap -sT -D 12.33.22.64 --send-eth (target IP/subnet)
#Above technique may not work on modern firewall due to their extensive functionally of reassembling packets on destination : (
# The scan are listed on their increasing speed.We sometimes may have to use -T0 or -T1 when we are dealing with old machine and server as if they recieve large amount of packets in less time they may crash.
# You may use T5 flag when dealing with modern servers and machines as they can handle large amount of packet at same time and they will not crash and we will also get our results faster.
## These were some of the basic filters which you can use to scan your target and see the desired results you want . Now we will move to some advance Nmap filters and to the NSE.