Metasploit, Exploits and eJPT

Hey guys,

I'm currently on the final lab of the eJPT course, and I'm a little confused and would like all of your input!

The lab basically goes:

1) Search for target,
2) Exploit target using Metasploit.

My first step here; would be to identify the target and the OS running on it using nmap.

I'm confused on the next step, which is finding an exploit to use.

What I think I can do next:

2a) Scan the target using Nessus or Nexpose

2b) Research for famous exploits on the vulnerable OS (Windows XP, in this case)

2c) Throw random exploits until it works

My first thinking would be to perform step 2a, which is to perform a vulnerability assessment; followed by exploiting the vulnerabilities that the tool has found.

In a real life pentesting situation, wouldn't this be extremely noisy on the traffic and be subject to tons of dropped packets by firewalls?

What would you do?

Share your thoughts!

Find more posts tagged with

Comments

MrAgent

Enumerate, enumerate, enumerate. Did I mention that you should try enumerating?
Try doing an nmap scan with nmap -v -A -O -sV x.x.x.x and looking all the services that come back.
If that doesn't help, try looking at additional options in nmap.

jamesleecoleman

The same thing that MrAgent wrote. You dont' always have to use Nessus.

I would use the command input that MrAgent wrote and also put it into a text file for later. Then search for the version of the software that nmap came up with within Metasploit.

kaizen_404

nebula105 wrote: »

The lab basically goes:

1) Search for target,
2) Exploit target using Metasploit.

For 1, to find the target, if you don't know the IP, try using netdiscover. Then from there enumerate. nmap is great to get detail. nmap -sV --version-all will aggressively query running services on the target. Also in metasploit you can run nmap commands using db_nmap to populate the metasploit database.

hopes

[I]nmap -p- -sV -oX scan.xml <target_ip>[/I]
[I]searchsploit -nmap scan.xml[/I]

Slyth

Just some advice. When exploiting targets in a lab environment throwing exploits is fine when learning. However keep in mind that some exploits make the remote host unstable and can crash it. This can be devastating in a pen test on an organizations that has production hosts in scope. I think MrAgent forgot another enumerate

supasecuritybro

Did anyone mention enumeration???

nebula105

Amazing advice from everyone.

I'll read up and research more then

Thanks again everyone!