Sign in to follow this  
Followers 0
ZioMatrix

MetaSploit 3??

20 posts in this topic

Hello people this is my first new topic so be kind :grr: , anyway ive messed with metasploit, looked at irongeeks vid to it and even more example videos. I understand the whole process of setting up the attack but i would like to know how i can tell if a target is vulnerable to a certain exploit ( kinda script kiddie i know) and if i can scan a host and find an exploit to execute on them. Thanks for the help in advance :help:

0

Share this post


Link to post
Share on other sites

wait for easy pawn in BT3 final :)

http://del.icio.us/operat0r

check out all the links there backtrack etc .. also got some (most) videos on my site under the scripts part

Edited by operat0r
0

Share this post


Link to post
Share on other sites

There's a really handy and really popular tool called, " NMAP "

This is available to I believe most Operating systems including windows there's a GUI called zen-nmap if i'm right.

This will basically help you obtain information on a target.

Using the non-gui method can be tedious at first, so read the man pages very carefully and do some google lookups if you're not too familiar with networking.

0

Share this post


Link to post
Share on other sites
im sorry but none of these responses have answered my question

You asked how to scan a host to exploit, and we showed you several host scanning tools. From there it's a matter of taking the running services you found in your scan and checking an exploit archive for possible exploits.

www.governmentsecurity.org/exploits.php

www.securiteam.com/exploits/archive.html

secwatch.org/exploits

www.milw0rm.com

0

Share this post


Link to post
Share on other sites

im still a little comfused ive tried nmap for a while and i thought it was only a ports and such. Ive never really seen a scan exploit function or anything. I know nothing in the exploiting field is spoon fed to people you have to research it can someone point me in the right direction im still not quite sure where to go??

0

Share this post


Link to post
Share on other sites

If you run nmap with the sV flag it may tell you what version of the service is running. Once you know the version you can start to look for exploits for that particular service.

0

Share this post


Link to post
Share on other sites

Windows, Mac os, and linux versions?? is that what you ment by versions? if not i can always research more on the sV function thank you for your input this is going to get me started

0

Share this post


Link to post
Share on other sites

Apache, OpenSSH, and CuteFTP are examples of services. Windows, Mac os, and Linux are operating systems.

You can use nmap to tell you the target is running apache version 2.2 or whatever.

The "O" flag is used for operating system detection.

0

Share this post


Link to post
Share on other sites

well, first of all you need to know what you are doing, install an setup a database server like mysql or postgres. then learn to use

the db_autopwn function.

but like i said make sure you know what you are doing, otherwise you can get into trouble for using such tools.

hope this answers your question.

0

Share this post


Link to post
Share on other sites

Back to a previous reply i scanned my practice box as i like to call it. Running windows 2000 advanced server. i did the scan as follows

nmap -v -sV XXX.XXX.XX.XXX

it did do the nmap -v correctly showing me many vulnerable ports

It also said that there were 7 services running and i see them off to the side now,

theres one ive heard and its running lol

netbios-ssn port 139 i know there has to be an exploit for that but ??

Edited by ZioMatrix
0

Share this post


Link to post
Share on other sites

Hmm, I should have thought it threw before i posted that last one. I remember someone posting Milw0rm.com and im there now . I saw a funny facebook exploit, i click the D for download but it comes up with an error do i need perl or a php thing or something??

im sorry for getting a little off topic there but trying to refrain from making a new thread for just this question

0

Share this post


Link to post
Share on other sites

perl and php are server side scripting languages

Meaning the site you are going to needs php to run php, not you

0

Share this post


Link to post
Share on other sites
im sorry but none of these responses have answered my question

I know older versions of MetaSploit had a vuln. check option. Not sure how reliable it was though.

0

Share this post


Link to post
Share on other sites
perl and php are server side scripting languages

Meaning the site you are going to needs php to run php, not you

umm sorry but perl is not aserver side language either, but most think it is it more of a hybrid like php is but php is more server then client.

0

Share this post


Link to post
Share on other sites

Are you trying to point out that perl is more than a server side scripting language, or are you saying it can not be used as a server side scripting language?

Could you show me an example of a web page that uses perl or php client side?

0

Share this post


Link to post
Share on other sites

umm a database client written in perl.

I'm not talking about web servers I m talking about a desktop or workstation. php can be ran in cli mode but it's not meant like that really I've tried and it's horrible

EDIT: some exploits do need php installed to be used which is why I've actually used it in cli mode. which is baddddddd not part of metasploit though. as well some exploits are written in perl which means you need perl installed to even run them.

Edited by kitche
0

Share this post


Link to post
Share on other sites

original poster, nessus is exactly what you're looking for. Just be warned that it will show up in every log that an admin might check.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0