background image

24

Chapter 3

Running Nmap from MSFconsole

Now that we’ve performed advanced enumeration on our target, let’s connect 

nmap

 with Metasploit. To do this, we first connect to the 

msfbook

 database:

msf > 

db_connect postgres:toor@127.0.0.1/msf3

Now we should be able to enter the 

db_nmap

 command from within 

msfconsole

 to run 

nmap

 and have its results automatically stored in our new 

database.

NOTE

We’ll be attacking only one system in this instance, but you can specify IPs by CIDR 
notation and even ranges (for example, 192.168.1.1/24 or 192.168.1.1–254).

msf > 

db_nmap -sS -A 172.16.32.131

Warning: Traceroute does not support idle or connect scan, disabling...
Nmap scan report for 172.16.32.131
Host is up (0.00056s latency).
Not shown: 990 closed ports
PORT     STATE SERVICE       VERSION
21/tcp  open  ftp           Microsoft ftpd
25/tcp   open  smtp          Microsoft ESMTP 6.0.2600.2180 
80/tcp   open  http          Microsoft IIS webserver 5.1
|_html-title:
135/tcp  open  msrpc         Microsoft Windows RPC
139/tcp  open  netbios-ssn
443/tcp  open  https?
445/tcp  open  microsoft-ds  Microsoft Windows XP microsoft-ds
1025/tcp open  msrpc         Microsoft Windows RPC
1433/tcp open  ms-sql-s      Microsoft SQL Server 2005 9.00.1399; RTM
3389/tcp open  microsoft-rdp Microsoft Terminal Service
MAC Address: 00:0C:29:EA:26:7C (VMware)
Device type: general purpose
Running: Microsoft Windows XP|2003 
OS details: Microsoft Windows XP Professional SP2 or Windows Server 2003
Network Distance: 1 hop
Service Info: Host: ihazsecurity; OS: Windows

Host script results:
|_nbstat: NetBIOS name: IHAZSECURITY, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:ea:26:7c
| smb-os-discovery:
|   OS: Windows XP (Windows 2000 LAN Manager)
|   Name: WORKGROUP\IHAZSECURITY
|_smbv2-enabled: Server doesn't support SMBv2 protocol

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 33.51 seconds

Notice a series of open ports  , software versions  , and even a predic-

tion about the target’s operating system  .