Automatic scanning of windows with Metasploit intrusion

The latest version of Metasploit is 4.0 and can be downloaded directly from the official website (www.metasploit.com) because it is open source, so it's free.

Metasploit is very good and powerful, integrates more than 700 kinds of exploit, but if the operating system is full of patches, it is still difficult to invade, so in order to test, choose the oldest version of Windows XP, is not with any SPX patch, or you can choose Windows XP SP1 version, the more loopholes, the more prone to attack.

Open the Metasploit console, wait for the boot, start up, confirm that there is no error message, but the normal start, especially with the PostgreSQL database link.

Enter a command db_status view the connection status to the database, showing that the link was successful

We started scanning WinXP system development ports, using port scan instructions, DB_NMAP, see

After scanning, found 135, 139, 445 and so on open, so next to implement the attack

Input command Db_autopwn, see

As you can see, Metasploit is probing various vulnerabilities to see if it matches the port you just detected, and then he will automatically log in to try to see if the connection can be established.

Finally we found that there are two sessions that can establish a connection with each other and get permissions, and I'll look further through the sessions command

Here the session type is Meterpreter, different types, after establishing the link can perform different operations, we first set up a link, is to use the session command after adding a-I

After establishing the link, we pass through the. Good view of what you can do

Concrete operation, it is not here to explain, to try.

OK, the above is the entire process of automatic vulnerability scanning.