Ethical Hacking and Penetration Testing Guide


◾  Ethical Hacking and Penetration Testing Guide Metasploit Autopwn



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə121/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   117   118   119   120   121   122   123   124   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

188
◾ 
Ethical Hacking and Penetration Testing Guide
Metasploit Autopwn
The concept behind the Autopwn is very simple and straightforward. It will simply fire up all the 
exploits in the Metasploit database against your target. The good thing about the Autopwn is that 
it’s very fast; the bad thing is that it’s very noisy. So this is not recommended in a real penetration 
test as it would trigger IDS/IPS alerts. However, if you are trying to do a proof of concept and you 
don’t need to use stealth, this could be very helpful.
Usage
The usage is pretty much simple. We can either attack the “Host” based upon the ports or based 
upon the vulnerabilities.
From Metasploit’s console, you can type the 
db _ autopwn –h
command to see what 
commands are available.
The important ones to look for are –e, –p, and –x. We would use the –e command to execute 
the Autopwn. We could use 
–p
command to ask the Metasploit to try vulnerabilities based upon 
particular ports. For example, you performed a port scan and found that an FTP server was run-
ning on port 21. By using the –p option, you can use all the exploits available in the Metasploit 
Framework for port 21. The –x option would use the exploits based upon certain vulnerabilities. 
So it is up to you to choose what to use.
db _ autopwn
 in Action
By running a port scan with 
db _ nmap
, we found that ports 135, 139, and 445 were open. The 
reason we would use 
db _ nmap
command instead of simply nmap is because it will automati-
cally save the hosts and associated information in the database.

Remote Exploitation
◾ 
189
Therefore we would use the –p command to try all the exploits based upon the open ports 
135, 139, and 445. Last but not least, we use the following command to execute the Metasploit 
autopwn:
db_autopwn –p –e
In case if Metasploit’s “Autopwn” has successfully managed to compromise the target, a session 
would be created. We can use the “sessions –l” command to display all the active sessions with 
the target.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   117   118   119   120   121   122   123   124   ...   235



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət
gir | qeydiyyatdan keç
    Ana səhifə
Stomatologiya
Anesteziologiya
Cərrahlıq
Ginekologiya
Tibb

yükləyin