Now that we’ve covered the Metasploit basics, let us dig into the more advanced features of Metasploit. We’ll go in-depth into some brute force attacks by running an Nmap command to map out all publicly available services on a remote IP, and then we’ll look at pivoting! Lastly, we’ll look at what you can do to set up some fake service, like SMB (Service Message Block) to catch user hashed credentials and crack the passwords of the hashes.
But first, we need to install Metasploitable. It's a virtual machine made vulnerable on purpose so that it can be used specifically for penetration testing and hacking. We are going to add it to our VirtualBox list and make some network configuration to it so that we can use it for some parts of this guide.
First off, head over to SourceForge to download the ...
This article will focus on using the Metasploit Framework together with Nessus to scan a remote target for vulnerabilities.
The Metasploit Framework is a computer application that provides information about security vulnerabilities and aids in penetration testing. It’s a tool for developing and executing exploit code against a remote target machine. You can find more information about the project here: https://www.metasploit.com/.
Metasploit can utilize several plugins, one of which we will use to scan for vulnerabilities on a local computer. The plugin is called Nessus and is a vulnerability management software to help you identify remote computers through any backdoors and other exposures. Nessus makes it easy to keep track of all your assets and provides great overview graphs and results when the scan is complete.