Vulnerability Scanning is to finding a payload for attacking a machine.
What we do now is the very important phase in hacking, It may look easy here but this is the difficult path, this is the place a real time hacker writes his own code.
When should a hacker write his own code and when he should use tools ?
How can we find a suitable payload ?
There is no need of writing code every time, first check for the vulnerabilities it got if it is highly secure and the most updated and The God Pc or You need to do something unusual which was never done before like Ransomewhere or wannacry virus then you should write your own code.
So, Our first thing is to find any vulnerabilities are present or not, for that purpose there are many ways, but one of my favorite way is by using a too Nmap.
Nmap is one of the best scanner, that gives information of a System by the ports it was using and it can even tell us what os the victims machine was.
From now on wards,
Attackers IP : 10.4.33.3
Victims IP : 10.4.33.8
Remember the victims IP can be 10.9.1.19, 172.16.101.104, 172.16.48.38 from different gateway but same private network .
Now we need to find Information about the PC which was assigned an IP 10.4.33.8.
The following commands in terminal give you a lot of information
nmap -sS 10.4.33.8 lists out the ports that are open
Forget about the IP in the above picture[replace it with your victims ip]
now you can see a lot of ports open and the services it got like
22 port – SSH
23 port – telnet
now using the command nmap -sv 10.4.33.8 gives you the information about the version of the services our victim was using.
recently we got an exploit for openssh 5.3 so you can upload that payload into metasploit and fill the required variables like RHOST LHOST RPORT LPORT VERBOSE and use it as an remote exploit. But you may find it to be latest updated version for many reasons.
Now what to do ?
OS scan you can scan OS by using the command nmap -O -Pn 10.4.33.8
-O : Detect which OS
-Pn : Think the system is alive dont just skip it by a normal ping test.
This is how we get the information about our Victims machine there are many ways to find information, It varies according to the location and position of the victims machine.
If you got a different scenario and was not able to find a way just give me some information I will guide you to get knowledge and this is for educational purpose only, It should be your lab environment only.
In the next post we will be using a common way for hacking any windows machine which is enabled with antivirus and disabled with anti virus.
Doubts and suggestions can be commented below.