Anyone Proficent in Metasploit?

[Idk_Man]

Host OS: Windows 10

Pineapple Nano v. 2.7.0

VirtualBox v. 6.1.6

Kali Linux v. 2020.2

 

**Forward: I've been doing all this on my own private router, WiFi signal, computer, etc. Nothing illegal. Just trying to learn a new skill.**

 

So I've been able to successfully capture a 4-way handshake (Both .CAP and.PCAP) using either the Pineapple Nano or Kali Linux> Successfully cracked the password of the WiFi AP using www.GPUHASH.me> And I can log into the "client" AP. I just don't know where to go from here and feel pretty dumb. How do I actually exploit the target from here?

Over the last week I've been trying to learn Metasploit in Kali, thinking that this was the next logical step in the attack process. (I've also tried Armitage, but it seems like it's outdated and doesn't support Windows 10?)

I understand the workflow of Metasploit:

1. Recon the target with various nmap scans: 

       nmap -v -T4 -PA -sV --version-all --osscan-guess -A -sS -Pn 1-65535 <Target IP address>

2. Note the open port numbers/software & version numbers, etc.

3. (THIS IS WHERE I GET LOST) Search Exploit-Database.com for vulnerabilities on the open ports or services being run (See attached picture)

4. Load the Exploit> Set options> Run.

 

I keep getting confused as to how to actually find known vulnerabilities given the data from the nmap scans.  Has anyone else been in my position or am I just failing to understand something simple here?

Thank you very much for any feedback guys!

Edited May 23, 2020 by Idk_Man

[digininja]

You can't just join a network then exploit things, you need to find something vulnerable first.

Put something like Metasploitable on your target network then go after some of the vulnerabilities on that. They are all well published or you can use OpenVas to scan for them.

[Idk_Man]

On it. Thank you for the guidance @digininja