Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners Video Lecture | Get to know Ethical Hacking (English) - Software Development

hey guys hackers Floyd here back again
with another video and welcome back to
the Metasploit course now in this video
we are going to be looking at
information gathering with the
Metasploit framework
more specifically the Metasploit console
alright so let's get started now just be
requisite I have a virtual machine I
have the Metasploit - both - virtual
machine running and I'm just going to be
using it as a kind of a target system
for illustration purposes you know I
like to create a lab and that's what
keeps my videos you know stay within the
range of legality so again I'm just
demonstrating how this all works
alright so information-gathering most
specifically for example we can look at
using the nmap we can look at using how
to use nmap to perform port scanning we
can look at how to scan for SSH services
so we look at all of that so oh you
might be confused and you might be
asking yourself well how is this even
possible right now again using a
framework like Metasploit to perform in
information gathering kind so it tends
to keep things in a more in a modular
modularized fashion alright now what I
mean is is let's say you're dealing with
a target directly alright so this is a
fantastic way of using for frameworks
like nmap for example to perform sports
scanning in this case which will which
is what we're going to do alright so I
already have my Metasploit the MSF
console open here and it's really very
simple right like if I wanted to perform
an nmap scan let's say we had we already
have a target right and again I'm going
to use the Metasploit - IP address here
so let me just get that up again it is
bridged to my adapter so there we are
one in two point one six to eight point
one point 107 okay so that is going to
be the breached its bridge to my it's
bridge to my network that means they all
going to be on the same network alright
so for those of you
in trouble with her that's how to fix
that issue where you can detect it on
the same network all right so I could
perform a simple port scan on nmap so I
would say nmap just as you would all
right nmap and then I would use the
commands s and capital T what these
comments do I'm pretty sure you already
know them it it initiates the three-way
handshake and will essentially just
detect the open ports on the target
machine now the target machine being
Metasploit able to it'll have a lot of
open ports all right so took one ninety
two one one sixty eight point one point
107 okay and we're gonna start that and
it'll just open up the nmap framework
and there we are those are the results
so you can see all the ports that open
probably all of them we have the FTP ssh
telnet you have your you know your login
your MySQL etc etc right now that's
pretty cool you know that we can
actually use the N map the n map
framework in information-gathering
right so I'm pretty sure you guys
already know how to how to use n map but
I'm gonna show you one more comment
because a lot of people ask me this and
this is when a site has probably a
firewall and you want to perform a
stealth scan all right so a stock scan
essentially allows you what it'll do is
really it will give you a connection
between the target and the scanner
all right so it'll give you a you know
the ability to perform it in a more
promiscuous manner while still
maintaining maintaining I don't know how
to explain this LLL not do it in a in
more of a direct way so probably the
target will not recognize it so much as
a scan alright so in order to do this
we're gonna obviously use the N map and
it's use the commands the SS all right
so a small s and a large s I'm pretty
sure if you're familiar with the syntax
you know this means and again we'll just
target the system and again Metasploit
able to not being you know very very
secured it should return us there we are
really
quickly all right so that's if you want
to perform a stock scan all right so
that's very very interesting now looking
at the other type of information
gathering that we can you know carry out
we can actually use auxiliary x' we can
use the auxiliary modules or the scanner
modules that come with Metasploit all
right so you might be asking yourself
well you know what what do you mean
exactly well what I mean is we can
actually use the inbuilt modules that
come with Metasploit or you know in the
form of auxiliaries where where you have
your scanners as we explained in the
previous video they allow you to use the
inbuilt scanners which are considered to
be information gathering tools now
probably not a lot of you guys have
actually used this and that's fine you
know it's really very simple to do and
that's what we're gonna do now all right
so what we're gonna do is I'm gonna
demonstrate this let me just clear the
console I'm gonna demonstrate this very
very simply using the SSH scanner all
right so this is an inbuild scanner that
comes with Metasploit I'm pretty sure
probably most of you have gone through
it it's a very it's not you know very
very early when using the Metasploit the
Metasploit framework
all right so essentially what it'll do
it allow you to detect the ssh versions
that are running on a target okay so if
you don't know what ssh means it's ssh
is secure shell alright it is
essentially uses it uses cryptography
and authentication you know to connect
between two computers as a connection
between two computers right so let's get
started now
we are going to be using the auxilary
called ssh version alright so I'll show
you how to do this in a few second so
what we're going to do is we're going to
utilize the search command the search
command allows us to search for modules
or in this case we're using the auxilary
and furthermore the scanner alright so
what we're gonna do is we're going to
say search ssh version all right so hssh
version and again you can start up the
database if you want to or the
PostgreSQL database if you want to or if
not you can just you know
you you can just let it perform the
normal set which is again it is it's a
slow search but nonetheless it'll
written the the results that we want all
right so just give it a few seconds it
shouldn't take too much time at all
again you'd be much better off if you
started up the database and you had it
properly configured right but I didn't
so I'm sorry about that again it
shouldn't take too much time in fact
it's probably taking quite a while now
but these search results are pretty much
standardized there we are
so we have this search is also now what
we're going to be using is the auxilary
scanner because we don't want fuzzers we
already discussed what those ones were
we want these auxilary scanner alright
so I hope you guys remember the these
syntax so we're gonna say so this is the
one we're going to be using the
auxiliary scanner SSH version so what
we're gonna do is we're going to use the
we're going to use the use we're going
to use the use command to select that
one all right so to use auxilary
auxilliary
oops I should have actually just copied
it and oops oh my sorry about that guys
let me just copy it so just keep things
really really simple because even if it
was a scanner
it shouldn't it should have actually
detected that itself so let me just
paste that in there again a lot of
people ask why I do that with the mouse
pointer and that's just to reinforce the
idea of me actually copying and pasting
something because if I did it with my
keyboard strokes some people would ask
me what I did and there's really not
it's not important that we go through
that so I'm gonna hit enter and there we
are so let me just clear that out and
it's using the scanner as sh ssh version
so essentially it's just gather it's
getting information about is it's
getting information about the target in
terms of what ssh version it's running
on the SSH port alright so we can look
at the options that we have here and as
you can see the port is set to 22 which
is the default tcp port you have the
threads which is what we'll be looking
any time out so usually the timeout is
pretty much okay but we need to change
the threads and the our host alright the
eros is the target address or the aura
range so you can actually use a range
okay but in this case we're not gonna
use a range because again I only have
about three computers running on my
network right now so you know it's
probably gonna get only like one of them
because my F my SSH ports are all closed
on the other computers so let's set the
our hosts like so and I'm just going to
use the Metasploit able to target
machine to point one point 107 right and
once that's done we want to set the
threads to something quite high like
something like a hundred yeah that
sounds about right
there we are and finally once we're
ready all you have to do is hit run not
exploit because we're not exploiting
anything that's also a mistake that many
many people make is they actually go
directly for you know for the exploit
command so just hit run and there we are
immediately it's going to return the
results so on that on the Metasploit
able to machine we have the sage version
running ssh version 2.0 OpenSSH it's
running ubuntu and the version number is
written there and again this is can be
valuable information you know you could
find exploits related to the version of
SSH running and that's for the
exploitation stage which we'll be
getting to but it's important to know
how to use the Metasploit how to use the
Metasploit framework in any way whether
it's the Metasploit console or you're
using the other frameworks the gy
frameworks right so there's a lot of
other things that you can do with in
terms of information gathering you can
also use you can also search for the ftp
version and you can look at other things
like sweeping and banner grabbing but
really that i'm sure if you have done it
before you know in you know with hacking
you learn information gathering first
and you learn about all the frameworks
for gathering information so i just
wanted to show you how to utilize the
auxilary module where you can use
scanners or fuzzers for that matter to
gather information about your talk
it's really really very interesting so
that's gonna be it for this video I told
I give you a bit of an introduction and
you know just move you around how to use
all of these in a modularized way to
perform individual tasks right
so I hope you guys found value in this
video if you did please leave a like
down below if you have any questions or
suggestions just let me know in the
comment section or you can hit me up on
my social networks and you know for the
latest version or for the documented
version of this of this video you will
check out my website a chestplate comm
is the latest hacking news there and you
can also get tutorials you know
different PDFs guides just guiding you
on your way as you learn hacking and
yeah thank you so much guys for watching
this video thanks so much for the
support I appreciate it and in the next
video we'll be looking at how to use
aneesa's alright so thanks so much for
watching and I'll be seeing you in the
next video peace