Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Description

In this video we have a look at other scanners available in Metasploit for information gathering. The approach demonstrated by Dean is to begin with a broad set of scans where we examine ports and essential services such as TCP. During this phase, it's more efficient to run multiple scanners simultaneously using multiple threads of execution. Once basic ports and services have been identified then it's time to hone in with more specific scanners in order to uncover potential vulnerabilities. Metasploit offers a vast selection of scanners for just this purpose!

Video Transcription

00:05
so moving along,
00:06
Let's let's examine
00:09
some of the other
00:11
port scanners
00:15
I do a search reports can.
00:18
Looks like I got some other ones here. I've got word press on external port scanner and act fire. Well, scanner that ax cans help you detect if you've got state for far wall FTP bounce Port
00:30
Sin Port Scanner.
00:33
Do you see peace care?
00:34
The Christmas scanned
00:37
an escapee rounder
00:40
so I can run
00:42
a,
00:44
uh, let's. We'll run a TCP scan really quick just to try it out.
00:58
Always remember to show your options. Make sure that we'll see our host is not
01:03
set any longer. That's strange,
01:15
all right,
01:17
if I show my options and looks good,
01:21
and I can just
01:23
exploit or run this
01:26
and you see it's a very simple scan,
01:30
this is quick and dirty compared to something like a map where you get a lot more detail.
01:34
But I can define my number reports. I can find how many ports to check it once if you increase the number of the scan may run faster. Increasing number of threads also make the scan run faster because it's able to
01:49
divide the work up into multiple different processing threats instead of just relying on one.
02:00
So doing the difference can types, as I was saying, does give you some good information
02:06
for
02:07
getting a certain details that you need right off the bat something that you want quickly.
02:15
I can also do something like,
02:17
uh,
02:19
these are just poor containers, by the way,
02:22
so should almost be done.
02:24
I probably should have increased the threats to make this run a little faster, but there are all kinds of other skaters that are looking for specific service's or specific features
02:34
of a hair of a given target system.
02:38
So we're nearly done.
02:44
Actually, I think if I just hit control C, I should be able to break out of that. Okay, good.
02:46
So
02:49
let's do a search for
02:53
Skinner.
02:53
See what we get.
02:58
Much larger list.
03:04
All right, so continuing to try to scroll to the top here.
03:08
See, there's quite a few scanners available, and some of these have dates associate with them. We get we have our rankings,
03:16
so that helps you. You know, things like Apple TV image, remote control. There's
03:23
D B to scanning UDP Service's
03:28
patchy brute force,
03:30
Cisco Devices website crawlers drew people.
03:36
I've got HP printers. It looks like
03:39
at five load bouncers
03:43
I I s scans for Microsoft Web servers. J Boss
03:46
Juma scans
03:50
open mind message portal Ruby on rails s AP business There's a quite a large variety
03:55
and of course, this list of scanners
03:59
will grow over time because people keep on adding things to the framework.
04:04
SMTP open open relay detection,
04:09
war dialing T f T p brute force viene See, there's a quite quite a large number of of items.
04:16
We know that, uh, that server message block
04:20
was running on the system. So one thing we can try
04:24
is too
04:27
I can narrow this down by looking for S and B.
04:32
That still gave me a lot of information.
04:34
I want S and B version. I think
04:38
I want to verify one little piece either there is. So
04:43
I might I might
04:45
zero in on something based on the results of the port scan or Nen Maps can
04:49
and
04:54
run one of these tools. The scanner tool
04:58
Thio. Just give me some specifics about this one particular item.
05:02
Sorry, Mort. Houses already
05:05
ready? Set
05:11
not specifying a user name or password, So we'll just see if this
05:15
runs as it is,
05:21
all right. It worked, so
05:29
couldn't identify some of the information. But it did come back and tell me my
05:32
samba version.
05:35
So depending on what we find out later, if I can discover some credentials, then I could get some different details from these things. So
05:46
there's a couple different ways to think about how that might pan out
05:53
other types of scanning to think about. We've got,
05:58
let's say, uh,
06:01
looking for
06:09
There's a strain of scans. My sequel,
06:12
I've got Windows
06:15
Skins Godfathers, which are interesting thio able to to try to do application. Fantastic.
06:24
There's also skins here for
06:27
other other aspects of windows, like the browser information
06:31
S and B information, as I tried to get,
06:33
um, some specific known vulnerabilities
06:39
related to Windows or some Lennox
06:42
related scans. Not not terminal scanners for Lennox,
06:46
but but some

Up Next

Metasploit

This Metasploit tutorial will teach you to utilize the deep capabilities of Metasploit for penetration testing and help you to prepare to run vulnerability assessments for organizations of any size.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor