- NMAP – (“Network Mapper”) is a free and open source utility for network discovery and security auditing.
- NESSUS – In Greek mythology, Nessus was a famous centaur who was killed by Heracles, in the area of Computer Security Nessus is Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. Its goal is to detect potential vulnerabilities on the tested systems.
- METASPLOIT – The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
- Its best-known sub-project is the open-source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the.
- Opcode Database, shellcode archive, and security research.
- Setup the 3 Virtual Machines.
- Perform deep nmap scans to find OS versions and services running.
- Perform Nessus scans to discover vulnerabilities in the OS and services.
- Use the information gathered with Metasploit to compromised the vulnerable systems in several ways.
Get the ip address of the victim machine.
Run ipconfig to obtain the ip address of the system.
Get the ip address of the attack machine.
Once you are in run the ifconfig command in your terminal of the metasploit virtual machine you can get this.
Now check whether the connection is established.
Through executing pin command in the terminal of the virtual machine you can see whether the connection is success or not.
In Kali terminal type the nmap command.
This will give you a list of options.
Now our two targets can be scanned in more depth, for this in the terminal type this.
Nmap –O[ip address of target].
Open a terminal and ensure the Nessus daemon is running with the command
Service nessusd start (Nessus runs as a server in the background and is accessible via a web interface)
Open a browser and browse to https://127.0.0.1:8834
Login with user name and password.
Go to the Policies tab > internal network scan > Plugins
Put the IP address of your first target into the Scan Targets Box and click Run Scan
Purple – Critical
Red – High
Orange – Medium
Green – Low
Grey – Information
Get the offline database through searchsploits wins.
To start metasploit open a terminal, start by initialling the database and the webserver the commands are,
service apache2 start,
service postgresql start,
To get the metasploit console use the command,
now we can use the search features.
then run the command,
- We can then view the ifnromation metasplot holds for this vulnerabulity Using the command
- Then to view what other information it requires,
- Now give the ip address of the victim through the command,
Set RHOST[ip of victim]
- And finally use the command,
exploit to complete penetration.
Then we used the run vnc command. Now we can do any change to the victim machine without the knowledge of the user.
S.H.M Lahiru Prabath Balasuriya.