Jump to content

Anyone Proficent in Metasploit?


Recommended Posts

Posted (edited)

Host OS: Windows 10

Pineapple Nano v. 2.7.0

VirtualBox v. 6.1.6

Kali Linux v. 2020.2

 

**Forward: I've been doing all this on my own private router, WiFi signal, computer, etc. Nothing illegal. Just trying to learn a new skill.**

 

So I've been able to successfully capture a 4-way handshake (Both .CAP and.PCAP) using either the Pineapple Nano or Kali Linux> Successfully cracked the password of the WiFi AP using www.GPUHASH.me> And I can log into the "client" AP. I just don't know where to go from here and feel pretty dumb. How do I actually exploit the target from here?

Over the last week I've been trying to learn Metasploit in Kali, thinking that this was the next logical step in the attack process. (I've also tried Armitage, but it seems like it's outdated and doesn't support Windows 10?)

I understand the workflow of Metasploit:

1. Recon the target with various nmap scans: 

       nmap -v -T4 -PA -sV --version-all --osscan-guess -A -sS -Pn 1-65535 <Target IP address>

2. Note the open port numbers/software & version numbers, etc.

3. (THIS IS WHERE I GET LOST) Search Exploit-Database.com for vulnerabilities on the open ports or services being run (See attached picture)

4. Load the Exploit> Set options> Run.

 

I keep getting confused as to how to actually find known vulnerabilities given the data from the nmap scans.  Has anyone else been in my position or am I just failing to understand something simple here?

Thank you very much for any feedback guys!

Capture.PNG

Edited by Idk_Man
Link to post
Share on other sites

You can't just join a network then exploit things, you need to find something vulnerable first.

Put something like Metasploitable on your target network then go after some of the vulnerabilities on that. They are all well published or you can use OpenVas to scan for them.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...