Date post: | 13-Dec-2014 |
Category: |
Technology |
Upload: | chris-harrington |
View: | 94 times |
Download: | 0 times |
Metasploit for information
gatheringAuxiliary modules
For cybercrime investigationsUsage guide
Created by Chris Harrington
There are several interfaces ◦ gui◦ console◦ web
Auxiliary modules are in 3 categories◦ Admin◦ Scanner◦ Server
General info
Using Kali Linux◦ Start Postgresql
Metasploit uses postgresql to speed up searching
/etc/init.d/postgresql start◦ Start metasploit
/etc/init.d/metasploit start
Starting up Metasploit
Run command: msfconsole
Inside Metasploit console
Starting Metasploit console
Ensure Metasploit is connected to the postgresql database◦ This speeds up search significantly
Command: db_status
Database check
Searching the auxiliary databaseCommand: search auxiliary
◦ All auxiliary modules are shown Filter search and search for mysql
Command: search mysql
More refined search only for auxiliary
Searching
Selecting module for information gathering
Results
Use the probe module
Command: use auxiliary/scanner/mysql/mysql_version
Show options that can be setCommand: show options
Using module
Required options must be set
Options
list of options that can be set using set commandcurrently assigned value to option
required or not required option to set
description of option
Set required parameters
Command: set <OPTION> <VALUE>
Set RPORT if default port is different Threads can be changed for multiple hosts
Set options
set command to set parameters
option to set called RHOSTS
host of suspect running mysql
Command: run
Suspect host running MySQL 5.1.73-community
Running auxiliary
Metasploit comes with several scanners◦ identifying open ports◦ Service identification◦ and more
Command: search auxiliary/scanner
Scanners
Use arp_sweep module to discovery other hosts on the same network
Command: use auxiliary/scanner/discovery/arp_sweep
Show options and set required values
Host discovery
Port scan Use tcp portscan module to identify open
ports on the suspect’s machine
Command: use auxiliary/scanner/portscan/tcp
Show options and set required values
Set RHOSTS and other options
Run the scan
Single host scan
Contains many tools and modules◦ Auxiliary◦ Exploits◦ Payloads
Easy to use and multiple interfaces Cost and time saving Remember to set OPTIONS appropriate to
your situation Other tools exist for port and service
identification Know what you are doing. Don’t get
compromised
Notes