1) DETERMINING COMMUNITY STRING FOR SNMP_ENABLED DEVICES OF TARGET:
We can find the SNMP_ENABLED devices of target by using following commands in metasploit;
(msfconsole)
(use auxiliary/scanner/snmp/snmp_login)
(show options)
(set RHOSTS + ips range of target) e.g. (set RHOSTS 192.168.8.4/24)
(set THREADS + numbers of attacks) e.g. (set THREADS 254)
(run)
2) FINDING THE VERSION OF TALENT SERVICE OF TARGET:
We can find the version of talent service of target by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/talent/talent_version)
(show options)
(set RHOSTS + network range of target) e.g. (set RHOSTS 192.168.8.4/24)
(set THREADS + numbers of attacks) e.g. (set THREADS 254)
(run)
3) FINDING SOME MAIN BACKUP, CONFIGURATION AND OTHER FILES OF TARGET:
We can find the backup, router configuration and other main files of target by using following
commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/tftp/tftpbrute)
(show options)
(set RHOSTS + network range of target) e.g. (set RHOSTS 192.168.8.4.116)
(set THREADS + numbers of attacks) e.g. (set THREADS 10)
(run)
4) CHECKING VNC SERVICES OF TARGET HAVING FREE ACCESS WITHOUT USERNAME AND PASSWORD:
We can find the different hosts of target network having no usernames and passwords for vnc service, by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/vnc/vnc_none_auth)
(show options)
(set RHOSTS + network range of target) e.g. (set RHOSTS 192.168.8.4./24)
(set THREADS + numbers of attacks) e.g. (set THREADS 50)
(run)
5) FINDING THE LIVE COMPUTERS IN NETWORK OF VICTIM:
We can find the online computers of network of our target by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/discovery/ipv6_neighbor)
(show options)
(set RHOSTS + network range of target) e.g. (set RHOSTS 192.168.8.4./254)
(set SHOST + ip of your kali Linux) e.g. (set SHOST 192.168.1.101)
(set SMAC + mac address of your kali Linux) e.g. (set SMAC d6:46:a7:38:15:65)
(set THREADS + numbers of attacks) e.g. (set THREADS 55)
(run)
6) FINDING THE COMMON UDP SERVICES IN TARGET NETWORK:
We can scan different udp services details on different hosts of our target network by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/discovery/udp_probe)
(show options)
(set RHOSTS + network range of target) e.g. (set RHOSTS 192.168.8.4-254)
(set THREADS + numbers of attacks) e.g. (set THREADS 253)
(run)
7) FINDING COMMON UDP SERVICES IN NETWORK OF TARGET:
We can discover UDP services in target network by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/discovery/udp_sweep)
(show options)
(set RHOSTS + network range of target) e.g. (set RHOSTS 192.168.8.4.-254)
(set THREADS + numbers of attacks) e.g. (set THREADS 253)
(run)
8) FINDING HOSTS IN NETWORK OF TARGET THAT HAS ANONYMOUS ACCESS ON FTP SERVICE:
We can find ftp services having anonymous access on different hosts of network of our target by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/ftp/anonymous)
(show options)
(set RHOSTS + network range of target) e.g. (set RHOSTS 192.168.8.4.-254)
(set THREADS + numbers of attacks) e.g. (set THREADS 55)
(run)
9) FINDING THE FTP SERVICE VERSION OF TARGET:
We can find the ftp version of target by using following commands in Metasploit;
(msfconsole)
(use auxiliary/scanner/ftp/ftp_version)
(show options)
(set RHOSTS + network range of target) e.g. (set RHOSTS 192.168.8.4.-254)
(set THREADS + numbers of attacks) e.g. (set THREADS 55)
(run)