182
◾
Ethical Hacking and Penetration Testing Guide
Set/Unset Command
The set command could be used to set RHOST, RPORT, payload, and other various functions.
In this case, we would use it to set the RHOST and RPORT.
set RHOST 127.0.0.1
set RPORT 21
(which is the default port for a ftp server)
The unset command is the exact opposite of the set command. It can be used, for example,
when we have mistakenly typed a wrong target or if we would like to unset an option.
unset rhost 127.0.0.1
unset rport 21
run/exploit
Command
The run command would run an auxiliary module, whereas an exploit command would run an
exploit. The exploit command is an alias of the run command.
Reconnaissance with Metasploit
With Metasploit, we can literally do full penetration testing from port scanning to exploitation
and postexploitation. As a penetration tester, you would be using Metasploit for most of your
engagements, and it’s very helpful to keep everything in the same place, especially when you are
testing a big organization where you would have lots of targets. In that case, Metasploit could be
very helpful.
Port Scanning with Metasploit
We have talked a lot about nmap. It is one of the best and feature-rich scanners out there. In fact,
I dedicated a whole chapter on different things we could do with nmap (Chapter 5). The great
thing about nmap is that it integrates within Metasploit. The usage is exactly the same; the only
difference and advantage is that scan results can be saved to Metasploit, which can be accessed
and used for future attacks.
Dostları ilə paylaş: 
