1) FINDING THE AVAILABLE NAMED PIPES OVER SMB SERVICE OF TARGET:
We can find the available named pipes over smb service of target by using following commands in metasploit;
(msfconsole)
(use auxiliary/scanner/smb/pipe_version)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-160)
(set THREADS + numbers of attacks) e.g. (set THREADS 11)
(run)
2) FINDING THE INFORMATION OF DCERPC SERVICE OF TARGET:
We can find the some information related to DCERPC of target by using following commands in metasploit;
(msfconsole)
(use auxiliary/scanner/pipe_dcerpc_auditor)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-20)
(set THREADS + numbers of attacks) e.g. (set THREADS 11)
(run)
3) FINDING THE SMB2 SUPPORT ON TARGET:
We can find the SMB2 support target by using following commands in metasploit;
(msfconsole)
(use auxiliary/scanner/smb2/smb2)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-20)
(set THREADS + numbers of attacks) e.g. (set THREADS 16)
(run)
4) FINDING THE SMB SHARES OF TARGET:
We can find the smb shares of target using by following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/smb/smb_enumshares)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-210)
(set THREADS + numbers of attacks) e.g. (set THREADS 16)
(run)
5) FINDING THE USERS OF TARGET:
We can find the user of target systems present in network of target by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/smb/smb_enums_user)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-20)
(set THREADS + numbers of attacks) e.g. (set THREADS 16)
(run)
6) FINDING THE LOCAL USERS PRESENT IN SYSTEMS OF TARGET NETWORK:
We can find the different local users of different systems present in network of target by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/smb/smb_lookupside)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-20)
(set THREADS + numbers of attacks) e.g. (set THREADS 16)
(run)
7) FINDING SMTP SERVICE VERSION OF TARGET:
We can find the version of SMTP service of target by using following commands in metasploit;
(msfconsole)
(use auxiliary/scanner/smtp/smtp_version)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4/24)
(set THREADS + numbers of attacks) e.g. (set THREADS 254)
(run)
8) FINDING THE DETAIL OF TARGET SYSTEM OR WEBSITE IP BY SNMP:
We can find the detail information of our target by using following commands in metasploit;
(msfconsole)
(use auxiliary/scanner/snmp/snmp_enum)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4)
(run)
9) FINDING THE AVAILABLE SHARES OF TARGET HOSTS OF NETWORK:
We can find the shares detail of target hosts by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/snmp/smnp_enumshares)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-210)
(set THREADS + numbers of attacks) e.g. (set THREADS 210)
(run)
10) FINDING THE USERS OF TARGET SYSTEMS OF TARGET NETWORK:
We can find the usernames of target systems of target network by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/snmp/smnp_enumshares)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4-20)
(set THREADS + numbers of attacks) e.g. (set THREADS 11)
(run)