Introduction

The topics to be covered:

• How to scan target systems using Metasploit.
• How to use Metasploit database feature.
• How to use Metasploit to conduct a vulnerability scan.
• How to use Metasploit to exploit vulnerable services on target systems.
• How msfvenom can be used to create payloads and obtain a Meterpreter session on the target system.

Scanning

Port Scanning

• Metasploit has a number of modules to scan open ports on the target system and network.

• We can list portscanning modules using - search portscan command in msfconsole.

  

• The module requires setting up a few options.

  

• CONCURRENCY- Number of targets to be scanned simultaneously.

• PORTS- Port range to be scanned. 1-1000 here will not be the same as using Nmap. Nmap scans the top 1000 most used ports whereas Metasploit will scan the port numbers from 1 to 1000.

• RHOSTS- Target or target network to be scanned.

• THREADS- Number of threads that will be used simultaneously. More threads will result in faster scans.

• We can also perform Nmap scans directly from the msfconsole prompt.

  

UDP Service Identification

• The scanner/discovery/udp_sweep module allows us to quickly identify services running over UDP.
• This module doesn’t conducts an extensive scan of all possible UDP services but does provides a quick way to identify services such as DNS or NetBIOS .