Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: metasploit 3 questions

  1. #1
    linuxbeast
    Guest

    Default metasploit 3 questions

    How can I know which exploits will work, what a system is vulnerable to with metasploit. I'm pratcing these on my home machines. Thanks.

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by linuxbeast View Post
    How can I know which exploits will work, what a system is vulnerable to with metasploit. I'm pratcing these on my home machines. Thanks.
    Have you tried any of the many tutorials available here, the Wiki, and the internet?
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #3
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    I agree... a good way is to try out some tutorials that hold interest to you.
    If possible watch good video tutorials and follow a transcript.
    Some may work... some won't. But you'll learn a good few things along the way.

    I find repetition the best way to learn. That and trying to understand why they work the way they do.
    A lot of practice and and a lot of theory. It takes time to learn.

    I'm still in the beginning stages but the main thing is I'm enjoying it.

    There's also good books out there that one should read and read and read.

    Knowledge and understanding is the key to unlocking one's potential.

    Good Luck
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  4. #4
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by linuxbeast View Post
    How can I know which exploits will work, what a system is vulnerable to with metasploit. I'm pratcing these on my home machines. Thanks.
    It seems as if you want to jump right into Metasploit without doing reconnaissance to determine potential vulnerabilities. Every system will be vulnerable to different things based upon the operating system, version, and security patches, the services that are running, the installed applications, and the versions of those applications. By doing your penetration testing through a tried and true methodology, you will find out which exploits work on your own, and won't run into problems like you have now.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  5. #5
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    21

    Default

    If your looking for a quick taste, then search for information about db_autopwn. Again like everyone else has said a little research goes a long way, and its better to fully understand it rather than just use it. But if a quick fix is what your after db_autopwn should do the trick. Just make sure you are practicing on something that is easily exploitable, like XP with no patches rather than a fully patched XPSP2 system.

    Or maybe just watching the videos on there website will convince you to do some solid research. metasploit.com/framework/gallery

  6. #6
    linuxbeast
    Guest

    Default

    Quote Originally Posted by theprez98 View Post
    Have you tried any of the many tutorials available here, the Wiki, and the internet?
    I have watched the videos. The people seem to know what exploit and payload to use already without explaining how they knew.

  7. #7
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by linuxbeast View Post
    I have watched the videos. The people seem to know what exploit and payload to use already without explaining how they knew.
    Read my previous post.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  8. #8
    linuxbeast
    Guest

    Default

    Is there a complete guide/documentation/howto thats in somewhat simple terms to the whole process? I don't mind reading. Thanks for the replies.

  9. #9
    linuxbeast
    Guest

    Default

    Quote Originally Posted by .lonewolf View Post
    There's also good books out there that one should read and read and read.

    Good Luck
    Thanks, what book is that?

  10. #10
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by linuxbeast View Post
    I have watched the videos. The people seem to know what exploit and payload to use already without explaining how they knew.
    That's because they have a clue how to perform security testing. You can't magically intuit what will work without having performed some steps beforehand to learn about your target. Hence the previous mentions of recon etc.

    Is there a complete guide/documentation/howto thats in somewhat simple terms to the whole process?
    Try googling something obvious like "security testing methodology" or "penetration testing methodology", it's not rocket science there's lots of info available you just have to look.

    Quote Originally Posted by .lonewolf
    There's also good books out there that one should read and read and read.

    Good Luck
    Thanks, what book is that?
    He said "books"...plural not singular. Again, there are lots of them you just have to go looking. There are lots of threads here that contain information on books and other getting started type material. Try doing a search for "books" or "reading material" etc.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •