Home > Developer > Web Develop

Penetration Testing Learning using Metasploit

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

1. Introduction

Metasploit provides a number of friendly, easy-to-use tools for penetration testers. Metasploit was originally created by HD Moore and was later acquired by Radid7, a nexpose vulnerability scanner. During penetration testing, some of the work that can be done by hand can be done by Metasploit.
The Metasploit needs to be updated frequently and the latest attack library has been maintained. You can update Metasploit by running the following command weekly.
  # msfupdate

2. Metasploit and database postgresql2.1 PostgreSQL database

Metasploit can import the results of the execution into the database, using the PostgreSQL database by default. Use service postgresql start the start PostgreSQL service and then command su postgres -c psql to do some configuration. If you want to change the password for the default user name, you can use the following statement:
  ALTER USER postgres WITH PASSWORD ‘myPassword‘;
This will change the password for the default user Postgres to MyPassword. Use \q to exit the console.
  
There is no return alter ROLE, and there is no postgres user, it is we can wear pieces of a user ourselves and create the database we need.
  CREATE USER msfuser WITH PASSWORD ‘msfpass‘;
  CREATE DATABASE pentester;
  

2.2 Confirming the connection status of the database

Start Metasploit control, terminal input msfconsole , after the start of the interface as follows:
  
  
At the msf> prompt, enter:
"' Msf> db_connect msfuser:[email protected]/pentester
Msf> Db_status
View the connection information by entering the host command. The first time you connect to MSF, some tables are created automatically.
  

2.3 Call Nmap Scan in Metasploit

In order to obtain output information when executing the hosts command, you can use Nmap for a quick scan to collect data. In the case of Msfconsole booting, and the database is already connected, we can do the NMAP scan directly in the Metasploit. The scanned results are automatically added to the database and retrieved later.
  db_nmap -nO -sTU -pT:22,80,443,139,111,U:111,137 222.31.76.240
  
  
You can now run the hosts command to see that the target system has been added to the PostgreSQL database. You can also use a variety of retrieval techniques to get the information you need to save time, such as finding which systems are open for 22 ports and can be used services -p 22 .
  

Penetration Testing Learning using Metasploit

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
learning kali linux introduction to penetration testing owasp penetration testing aws penetration testing qualys penetration testing zap penetration testing burp penetration testing ios penetration testing tools

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More