When you want to run a scan for a specific vulnerability across a network, Metasploit provide many auxiliary can help you accomplish such tasks.
The following Metasploit modules are just a few examples of many useful auxiliary scanning modules include in the Framework. Take advantage of your lab to probe and explore as many of them as you can.
smb_login in Metasploit
To check the validity of a username and password combination, use the SMB Login Check Scanner to connect to a range of hosts. As you might expect, this scan is loud and noticeable, and each login attempt will show up in the event logs of every Windows box it encounters.
After selectings the smb_login module with use, you can run show options to see the settings listed under the Required column. Metasploit allows you to specify a username and password comnination, a username and password list, ar a combination of either. In the next example, RHOSTS is set to small range of IP addresses and a username and password are configured for Metasploit to try against all addressws.
Options in smb_login module
Exploit target using smb_login module
You can see successful login with user Administrator and a password of s3cr3t. Because workstations are all cloned from one image and deployed through the enterprise in many corporate environments, the administrator password may well be the same on all of them, granting you access to every workstation on the network.
Thanks for your reading.
Any question!
Subscribe my channel to receive new tutorial for pennetration testing.
Thanks again!
No comments:
Post a Comment