Using Nmap, Nessus + Metasploit, compromised a vulnerable system.


  • NMAP(“Network Mapper”) is a free and open source utility for network discovery and security auditing.
  • NESSUSIn Greek mythology, Nessus was a famous centaur who was killed by Heracles, in the area of Computer Security Nessus is Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Its goal is to detect potential vulnerabilities on the tested systems.
  • METASPLOIT The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
  • Its best-known sub-project is the open-source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the.
  • Opcode Database, shellcode archive, and security research.


  1. Setup the 3 Virtual Machines.
  2. Perform deep nmap scans to find OS versions and services running.
  3. Perform Nessus scans to discover vulnerabilities in the OS and services.
  4. Use the information gathered with Metasploit to compromised the vulnerable systems in several ways.


Date 23/08/2017
Exploit Name MS03.026
Payload Exploit/windows/dcerpc/ms03_026_dcom

Step 1

Get the ip address of the victim machine.

Run ipconfig to obtain the ip address of the system.


Step 2

Get the ip address of the attack machine.

   Once you are in run the ifconfig command in your terminal of the metasploit virtual machine you can get this.


Step 3

Now check whether the connection is established.

  Through executing pin command in the terminal of the virtual machine you can see whether the connection is success or not.


Step 4

In Kali terminal type the nmap command.

 This will give you a list of options.


Step 5

Now our two targets can be scanned in more depth, for this in the terminal type this.

  Nmap –O[ip address of target].


Step 6

Open a terminal and ensure the Nessus daemon is running with the command

Service nessusd start (Nessus runs as a server in the background and is accessible via a web interface)

Open a browser and browse to

Login with user name and password.

Go to the Policies tab > internal network scan > Plugins

Put the IP address of your first target into the Scan Targets Box and click Run Scan

Purple – Critical

Red – High

Orange – Medium

Green – Low

Grey – Information


Step 7

Get the offline database through searchsploits wins.


Step 8

To start metasploit open a terminal, start by initialling the database and the webserver the commands are,

         service apache2 start,

         service postgresql start,


Step 9

To get the metasploit console use the command,


now we can use the search features.


Step 10

then run the command,

    use exploit



  • We can then view the ifnromation metasplot holds for this vulnerabulity Using the command


  • Then to view what other information it requires,

    Show options,

  • Now give the ip address of the victim through the command,

    Set RHOST[ip of victim]

  • And finally use the command,

    exploit to complete penetration.


Then we used the run vnc command. Now we can do any change to the victim machine without the knowledge of the user.





S.H.M Lahiru Prabath Balasuriya.









Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s