Port Scanning using Metasploit

1:52 pm , 0 comments


Port Scanning with Metasploit

Metasploit Framework includes some port scanners that could be used in a situation that we have compromise a system which is behind a NAT Firewall and we want to do a port scan to the rest of the network or we are just performing an internal penetration test.
In this scenario we will see how we can perform a simple TCP and SYN port scan by using the modules of the Metasploit.

SYN Scanning
First we open the Metasploit Framework and we type search portscan to find the existing scanners.

Choosing the Port Scanner
The port scanner that we will use is the syn scanner and we can see the configuration settings in the image below:

Configuration of SYN Scanner
Before we type the run command that it will start the port scanning in the remote host we can use the show options command in order to see the available options and to check if all the settings are correct.

SYN Scanner Options
From the image above we can see that the default setting for the ports that the scanner will scan is from 1-10000.We can change this setting if want the scanner just to check for specific ports or we can give the range that we want.
For this example we have chosen to scan the ports from 1 to 600.

Port Range Setting
Now we can type the run command and we can see the results in the image below:

Scanning the target with SYN scan
We can see that some common ports are open on the remote host like port 80,139 and 445.This is giving us also an indication for the operating system of the target.It is definitely Windows because ports 139 and 445 belongs to the netbios service in Windows environments.
TCP Scanning
Metasploit Framework has also and a TCP Scanner.We  have used this scanner as well into the same remote host.
We can see that we have slightly different options from the SYN scanner.For example we can set a filter string for capturing traffic or we can process a packet capture file.

Available options of TCP Scanner
For the TCP scan we have set the following parameters:

TCP Scanner Settings
The screenshot below is showing us the output of the scan:

TCP Scan Results
Conclusions
From these two scans we have noticed that the TCP scan is much faster however it is not as stealth as a SYN scan and it could be identified by the IDS (Intrusion Detection System). From the  other hand a SYN scan is slower but less intrusive because it sends the RST packet to the remote host before the connection is established.

About the Author

Written by Admin

Chennai hackers connect is a branch of Computer maniac.It is the platform for the HACKERS to connect and start exploiting.


0 comments:

Subscribe to: Post Comments (Atom)