Scanning using metasploit:

  1. start the msfconsole
sudo msfconsole
  1. search for portscan modules:
msf> search portscan

cn_1 3. Let’s use the 6th module and do the operation:

use 6
options
set RHOSTS 172.30.1.134 # setting the targt_ip
run

cn_2


Enumerating SMB using msfconsole:

Server Message Block (SMB) is a network service that allows hosts to send resources such as files to other hosts on a network. As an aspiring ethical hacker and penetration tester, it’s always recommended to enumerate file shares once it’s within your scope for the penetration test.

  1. cn_3
  2. Results: cn_4

Using more than one tool to enumerate services running on your target is always good because there’s the possibility one tool may miss something important, while the other tool may not.

  1. Since SMB has been discovered on our target system, we can use smbmap to enumerate the files and shared drives within the target.
    1. To get started with smbmap , open a new terminal and type the following command:
smbmap -H 172.30.1.134

cn_5 2. We can see that anyone can access the tmp share plus having read and write perms. 3. Let’s display the contents of that file share:

smbmap -H 172.30.1.134 -r tmp

cn_6 4. To download the contents of a shared drive using SMBMap, use the following command:

smbmap -H 172.30.1.134 --download .\tmp\*

--download : This option will ask for the path of downloading the contents. .\tmp\* : This is the file share we are going to download, \* means everything inside the file share.


Enumerating SSH using msfconsole:

Secure Shell (SSH) is a common network protocol that’s found on many organizations’ networks. It allows IT professionals to establish a secure, encrypted Terminal connection between their device and a remote server. Port 22 is the default port for ssh .

  1. We will start off with enumerating the version of ssh that’s been used bye the vulnerable machine.
search ssh_version
use auxiliary/scanner/ssh/ssh_version
options
set RHOSTS target_ip
run

cn_7 cn_8 FINDINGS FROM SSH ENUM: SSH version -> OpenSSH 4.7p1, OS version -> Debian8 ubuntu 1