sudo apt update sudo apt install metasploit-framework sudo apt upgrade
msfconsole
interface.
Read the first page at https://www.offensive-security.com/metasploit-unleashed/Msfconsole/
Then click to the next page and skim the various commands and what they do.
If you haven't done so already, watch this video:
help
and then scroll up to read the list of core commands and their
descriptions.
ls
and observe the output (which should be a list of files in the same
directory from which you launched the msfconsole command. NOTE: The ls command is
NOT a metasploit command. The msfconsole program will send unrecognized commands to
the shell from which it was launched which conveniently allows you to perform a variety
of tasks from within msfconsole!
To perform initial setup for the database do these commands which will start the database, instruct Kali to start then database when it boots up again in the future:
sudo systemctl start postgresql.service
sudo systemctl enable postgresql.service
sudo msfdb init
db_status
(Should say “Connected to msf.”)
help database
Spend a moment to read the list of database commands available in msfconsole. We'll be especially intereted in the workspace command.
Create (on you local computer ... i.e., NOT in Kali) a text document named hw4.txt and record the commands you enter to accomplish the tasks below as well as your answers to questions in the instructions below. Then do these commands from your msfconsole:
db_nmap -sS -sV -O -PN -p- MS3WIP --privileged
NOTE: You can press enter at the msfconsole to get a report for how much progress has been made on the command. This command will take quite some time to complete. How long did it take for this command to complete? (1 pts)
services
command to see a list of ports discovered by
db_nmap
in the previous step. How long did it take for this
command to complete? (1 pts)
db_nmap
command on the MS3L machine
using the same options as above except with these two changes:
-T2
option to the command so that the command runs in
a more stealthy mode.
Write down the full command that you typed to accomplish this action.
services
command to view the MS3L services
and detected versions. Then switch back to the ms3w
workspace before
continuing.
Use the services -h
command to see options for services. What do
the -c
and -S
switches accomplish in this command? (2 pts)
Then paste into your text document the output of the services
command with the switches applied.
vulns -h
command to learn about it. What does the
vulns
command do?
vulns
command to report all vulnerabilities associated
with the port typically used with the SSH protocol. In your text document show
the command you used and paste in the results of the output of the command. NOTE:
We are expecting this to be blank because we haven't stored vulnerabilities in
our local database yet (more on that in future homework).
Upon completion of this assignment, upload your text document to this Canvas assignment.