Kali Linux 2 : Putting SCANNERS at work

1.    In this post we get introduced to built in scanners that come preloaded with Metasploit in Kali Linux that let us search and recover service information from a single computer or an entire network.We assume the same setup of virtual machines as in my past post at http://anupriti.blogspot.in/2015/10/irc-exploit-tutorial-to-hack-into-root.html

SETTING UP THE VIRTUAL MACHINES

Exactly the same setup as I followed at the post at http://anupriti.blogspot.in/2015/10/irc-exploit-tutorial-to-hack-into-root.html

Virtual Machine One,VM1  : Kali Linux 2 @ 192.168.56.102

Virtual Machine Two,VM2 : Metasploitable 2 @ 192.168.56.103

Machines pinging each other...please check before proceeding ahead

Using SCANNERS to gain info

To find scanners available in Kali Linux,just run “msfconsole” from Kali command prompt and then type “search scanner” at the prompt as below :

msf > search scanner

U get something like this as seen below which is actually trimmed shot as the complete out is pretty exhaustive.

CLICK TO ENLARGE

nmap the metasploitable machine...as we did earlier and we get this screen as below :

CLICK TO ENLARGE

Let’s focus on Port 22 ie Secure Shell (ssh) and thus search Metasploit for ssh scanners as follows :

SSH

At msf terminals type : search scanner/ssh

Click to ENLARGE

We see from above about six of them and in these there is one looking for version information ie the “auxiliary/scanner/ssh/ssh_version” module.Will use this to find the version info as follows :

- Type, “use auxiliary/scanner/ssh/ssh_version” at the terminal of msf

- Then type “show options”

- set RHOSTS  

- Type “exploit” to run.

From above we see that the victim is running an SSH server and the software version is 

SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu

Mysql

But the above comes with a exclamation too...if we run mysql version query,then too we get some result that's different as seen below :

Click to ENLARGE

The scan reveals that MySQL 5.0.51.a-3ubuntu5 is running as seen in the shot above.

telnet

Click to ENLARGE

Highlighted text “Login with msfadmin/msfadmin to get started”, actually gives login credentials on the Telnet page....these kinds of security holes actually exists in the real world..real web at so many web sites....

smb

The above gives the SAAMBA version

Setting up Metasploit on a BackTrack5 R3 VM with SSH connectivity@Putty

1.    Setting this up is a simple thing till the time you know how to do it...here I bring you a step by step thing of how you putty to a Backtrack5 v3 machine installed in a Virtual Box from a Ubuntu host OS....

2.    First thing is configuring a additional network card on the BTR3 machine.Select the virtual machine and click on Settings,then move to Network settings and then in the Network adapter, there will be a pre-installed NAT adapter for internet usage of the host machine.Under Adapter 2 select Host only Adapter.

Adapter 1 Default Configuration

 Adapter 2 to be Configured

Before you get ready to ssh...u need to ensure that ssh service is running in Backtrack...which by default is not...run the terminal commands as seen below in the screen shots...

ifconfig as seen at terminal of the Backtrack R3 machine

 Putty to IP of the Backtrack Machine

Putty successfully asks for login as seen below :

 Login with Backtrack credentials :

Here  above we get the msfconsole...ready to accept the commands....