Skip to content

METASPOILT – How to run a SYN SCAN – How to use BACKTRACK and METASPLOIT

28/05/2013

I hope to give you the quickest  visual guides for learning Penetration Testing and Security.  Firstly install Backtrack (of course).

1. Applications > BackTrack > Exploitation Tools > Network Exploitation Tools

Metasploit Framework > msfconsole

ben

There are 4 ways to use Metasploit – but full power is via MSFCONSOLE.

2. MSFConsole Syntax = USSR

To configure Attacking Modules – we use the USSR 4 part procedure:

ussr

use

set RHOSTS

set THREADS

run

This USSR 4 stage setup is used over and over.  So just remember that it’s USSR – from Russia with love.

What is RHOSTS? (The Target IP)

RHOSTS is the target IP.

set RHOSTS 192.168.1.0

This IP targets your home router IP of 192.168.1.0.  You use the “set” command to tell the module the victim’s IP address.

What are THREADS?

THREADS is the number of threads /processes on your CPU.  There is a catch here – windows machines must have much lower threads set than Unix.  The Max Thread count for Windows is 16, whereas for Unix it’s 128.

To be safe, and not crash Windows machines, use 1, 5 or 10 threads, depending on how old the laptop or windows machine happens to be.  You use the “set” command to tell Metasploit how many threads to launch at the victims IP address.

set THREADS 10

I don’t recommend setting THREADS above 10, as Windows is prone to crashing.  If you want to be a covert scanner, it’s not good practice to crash the machine, as that’s a bit of a giveaway.

******

Step 3 COMMANDS TO LAUNCH SYN SCAN

Go to the MSFCONSOLE prompt – msf>

search portscan

use scanner/portscan/syn

set RHOSTS 192.168.1.65

set THREADS 1

run

It looks like this in your msfconsole window:

meta syn scan

********

RESULTS of Syn Scan – Open Ports

The results will show you which ports are open on the target machine.

meta open ports

*****

What other scan are available in Metasploit?

Go to the MSFConsole window and type:

msf> search portscan

A list of all port scanning modules be shown….as you can see in the picture.

 

Meta search portscan

Each of the scanners above has a particular use in attacking networks.

I’ll discuss each of these in later articles.

For now, use the Syn Scan on your home network – to see what open ports exist on your domestic network that an attacker could exploit.

Advertisements
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: