Exploits - Henryisgreat/TechJournal GitHub Wiki

METASPLOIT

Metasploit sudo service postgresql start Henryisgreat edited this page now · 3 revisions What command do you type to access the msf console? msfconsole

What command would you type to get help with using the msfconsole once you have logged in? / or help

Run the command you would use to get help using msfconsole and post a full screen screenshot.

If you wanted to search for a module within metasploit, what command would you use? search [regex] (also throw down help [name of module], super duper helpful)

NOTE: Workspaces provide an easy to use interface for working with the database backend for metasploit.

What command is used in Metasploit to create workspaces? Workspace -a

What command do you type to get help with using workspaces? Post a full screen screenshot.

Create a new workspace named SEC335Fall20.

Check to be sure you are in the workspace SEC335Fall20. Post a full screen screenshot.

Run a db_nmap scan against the Target 1 VM.

Run the metasploit command to show the host that was scanned. Post a full screen screenshot.

Run the metasploit command to list the services discovered from the db_nmap scan. Post a full screen screenshot.

What information does the "creds" command provide? “Lists credentials. If an address range is give, show only credentials with logins on hosts within that range.” - creds help

Part II:

Perform an nmap scan outside of metasploit (eg. from the Kali command prompt) on Target 2 and save the results in an XML format.

Run msfconsole.

Create a new workspace named: Week3Challenge

Use the db_import command to import the results from the nmap scan in Step 1.

Show evidence that the host exists in the Week5Challenge workspace and that the services were saved, as well. Post Screenshot

Search for one of the software versions found in the db_nmap scan within Metasploit and post the results. Post Screenshot

** Finding and Using Modules **

Use ‘search’ to look for modules Then type ‘use MODULE/PATH’ to use the module Use Info to view options If you need to change an option type ‘set OPTION VALUE’ (tab complete works on these)

How to initialize How to search Configure modules Issues and steps to resolve them Again, you will need to be able to use Metasploit on a