Issue with Metasploitable: Thing I find with Metasploitable, being so new is that they do not test on the actual VM. It will be random ip addresses, many which are multiple. I know this because the default IP address for metasploitable is 192.168.56.101. I proceeded anyway, and just put in the VM IP, it is good though to see how it works with multiple IP's.
It would be so great if it was the VM that all the documentation was taken on. That way if something goes wrong, I can quickly see if its my misunderstanding (which I am sure happens alot!) or something else.
So here I have just completed, gone through quickly, not a full understanding of the information gathering section.
Information Gathering:
This I understand is a very important skill for pen testing/hacking, or whatever you wish to do. Research is really important for anything really, it allows you to understand what you have, what you could do or want to do and really 'prepare'.
It saves heaps of time in the long run, like LOADS. A lame analogy I have come up with is a locked box, spending ages trying to break the lock, when if you have looked around it first you would have seen the button to open it. Lame I know, but gets to the point really quickly.
So Metasploitable takes you through many but not all (as it states) of the different ways to scanning. Starting with the popular NMAP, through to SSH, TCP and FTP.
Most basic fundamentals that I think most of everyone has, but good for me to go through again.
So as I frantically go back to the website to remember what I did, the first page was Port Scanning.
Port Scanning
In order to talk to someone, you must agree on the form of how to interact and it is generally speaking. Just like humans, applications and networks require an accepts way to interact, this is generally done via ports, by generally I mean it is a requirement. This helps uniquely identify the application that wants to communicate.
So perhaps I used a bad analogy. But the idea is in there sort of. A better one after writing I have come to think of, its like a 2 way radio, unless you are on the same channel you cannot communicate. You could be communicating with some random person and not realize..
Nmap was used first up. I understand it is very popular, and many to many the scanner of choice
I do not fully understand the syntax, but it is on my to do list. I have the hakin9 magazine devoted to it, which I plan on reading on the commute to and from work.This hopefully amazing magazine can be found at
http://hakin9.org/tag/hakin9-nmap/
Metasploit quickly runs you through nmap, and then allows you to save it to db_nmap to go into the Metasploit server, which is really useful.
I learned that running a really wide scan will either crash what you are scanning or stop your internet connectivity altogether.I am unsure if this is due to Backtrack being run in a VM, but when I scan just the IP on the Metasploitable VM nothing crashes :).
Other types of scans within the Msfconsole:
Pages I am writing about here
I learned to scan SNMP devices, ftp and ssh
All can be found at
(manually typing because Blogger copies and pastes the text as it is in the web browser, but does not allow me to get back to my normal font and size?!?)
msf> use/auxillary/scanner/<scan type>
This is really useful, very basic for a noob like me to understand.
Simply typing show options is beautiful!
Metasploit does not explain in too much depth why you need to scan, but then it would be called 101 scanning and not a Metasploitable tutorial. It really shows the flexibility of it, and the easy of use.
My posts are getting extremely long quickly, so I will stop here.
Not much info, more like a review, but helps me quite immensly.
If you like reading let me know, if not let me know WHY :).
Note: Maybe I should start thinking about why I want to do each blog, the aim etc. That way I do not ramble on!
Cheers
Haydn
No comments:
Post a Comment