Jump to content

Nmap tells me what I need to know but how do I find it in Metasploit?


subterra

Recommended Posts

I have set up my pentest lab with 2 stand alone systems and another system running a vm of many os versions. I am new to Metasploit. I have a system set up with a couple of exploitable programs and using nmap I can scan them and they show up as exploitable. Problem is how do I reconcile those exploits from nmap to Metasploit. Nothing in nmap shows up within Metasploit nor can I search and make a connection to tell me how to bring up anything in Metaspoit that is relatable to the languish I see in nmap. Lets use this as an example so I can try to be more clear. Say my test machine has "exploit_123" on it according to my nmap scans. So I go to my Kali machine to bring up Metasploit and I look through for "exploit_123" and nothing matches. I go to the link in my nmap scan nest to "exploit_123" and at the site it lists a lot of exploits but nothing matches the name of the "exploit_123" in my nmap scan. So how do I locate "exploit_123" so I can get started with Metasploit?

Thanks for your time!

Link to comment
Share on other sites

I think you should try the Metasploit IRC or Slack. Then I would advise to deepen the searches on the matter since there are a lot of information available about the basics on nmap and Metasploit and how they can interact (or run nmap within Metasploit). You also have to get deeper knowledge about each vulnerability. There are no guarantees that there's a 1:1 relationship between results in an nmap scan and how they are exploited when using Metasploit (as you have noticed). Because of this fact, you need to understand "what is nmap showing me/what is this vulnerability actually about" and then take it further by having knowledge about what's possible in Metasploit and how to exploit that specific vulnerability. Many times, there's no "click, click, success" process when it comes to cybersec, you often need to break some sweat to reach the goal.

Link to comment
Share on other sites

I thank you for your response. You confirmed a couple things for me. That being said I was expecting a little more I guess. After two weeks of working on this issue it would be nice to have been given a little more of an incite-full answer. However I do plan of cracking this nut, I guess it is going to take a bit longer to do so.

I will try your suggestion about IRC and see if I get any start from there. Thank you for taking the time to input what you did.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...