I started playing with the metasploit framwork recently; and something struck me.

In my noob mind, the following statement is true.

In order to successfully rollout an exploit on a target computer, one would need to know what kind of services the target computer is running (does it have itunes installed? Does it have winamp installed? What version if IE is it running? etc).

And in order to find out what kind of serviecs the target computer is running, one needs access and privilidges enough to find that information out in the first place...

ipso facto... if you are able to find out what services a computer is running, then you;ve no need for all aspects of a Metasploit exploit.

So you are kind of chasing your own tail.

Can anyone point out my failings / inaccuracies / edumacate me?