24
Chapter 3
Running Nmap from MSFconsole
Now that we’ve performed advanced enumeration on our target, let’s connect
nmap
with Metasploit. To do this, we first connect to the
msfbook
database:
msf >
db_connect postgres:toor@127.0.0.1/msf3
Now we should be able to enter the
db_nmap
command from within
msfconsole
to run
nmap
and have its results automatically stored in our new
database.
NOTE
We’ll be attacking only one system in this instance, but you can specify IPs by CIDR
notation and even ranges (for example, 192.168.1.1/24 or 192.168.1.1–254).
msf >
db_nmap -sS -A 172.16.32.131
Warning: Traceroute does not support idle or connect scan, disabling...
Nmap scan report for 172.16.32.131
Host is up (0.00056s latency).
Not shown: 990 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
25/tcp open smtp Microsoft ESMTP 6.0.2600.2180
80/tcp open http Microsoft IIS webserver 5.1
|_html-title:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1433/tcp open ms-sql-s Microsoft SQL Server 2005 9.00.1399; RTM
3389/tcp open microsoft-rdp Microsoft Terminal Service
MAC Address: 00:0C:29:EA:26:7C (VMware)
Device type: general purpose
Running: Microsoft Windows XP|2003
OS details: Microsoft Windows XP Professional SP2 or Windows Server 2003
Network Distance: 1 hop
Service Info: Host: ihazsecurity; OS: Windows
Host script results:
|_nbstat: NetBIOS name: IHAZSECURITY, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:ea:26:7c
| smb-os-discovery:
| OS: Windows XP (Windows 2000 LAN Manager)
| Name: WORKGROUP\IHAZSECURITY
|_smbv2-enabled: Server doesn't support SMBv2 protocol
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 33.51 seconds
Notice a series of open ports , software versions , and even a predic-
tion about the target’s operating system .