Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Metasploit Penetration Testing Cookbook

You're reading from   Metasploit Penetration Testing Cookbook Over 70 recipes to master the most widely used penetration testing framework with this book and ebook.

Arrow left icon
Product type Paperback
Published in Jun 2012
Publisher Packt
ISBN-13 9781849517423
Length 268 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Abhinav Singh Abhinav Singh
Author Profile Icon Abhinav Singh
Abhinav Singh
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Metasploit Penetration Testing Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
1. Metasploit Quick Tips for Security Professionals FREE CHAPTER 2. Information Gathering and Scanning 3. Operating System-based Vulnerability Assessment and Exploitation 4. Client-side Exploitation and Antivirus Bypass 5. Using Meterpreter to Explore the Compromised Target 6. Advanced Meterpreter Scripting 7. Working with Modules for Penetration Testing 8. Working with Exploits 9. Working with Armitage 10. Social Engineer Toolkit Index

Analyzing the stored results of the database


After storing the testing results in the database, the next step is to analyze it. Analyzing the data will give us a deeper understanding of our target systems. The results of the database can be kept either for a long time or for a short time storage depending upon the usage.

Getting ready

Launch msfconsole and follow the steps mentioned in the previous recipe to establish the database connectivity. We can either use it to store fresh results or analyze the previously stored results as well. The XML file for the Nmap scan created in the previous recipe can be imported to analyze the previous scan results.

How to do it...

Let us analyze some of the important commands to have a clearer understanding of the stored results:

  • msf > hosts: This command will show all the hosts that are available in the database. Let us analyze the output of this command:

    The preceding screenshot snapshot reflects the output of the hosts command. As we can observe, the result of this command is not very clean, as there are lots of columns in the table. So we can move ahead and add filters and view only those columns which we are interested in, as illustrated by the following command :

    msf > hosts -c address,os_name
    Hosts
    =====
    address       	   os_name
    -------     	   ------
    192.168.56.1  
    192.168.56.101  
    192.168.56.102  Microsoft Windows
    192.168.56.103  Linux
  • msf > services: This is another interesting command that can give us useful information about the different services running on the target machines:

    msf > services
    Services
    ========
    host        	port  proto  name      	state      info
    ----        	----  -----  ----      	-----      ----
    192.168.56.101  111   tcp	rpcbind   	open   
    192.168.56.102  135   tcp	msrpc     	open   
    192.168.56.102  139   tcp	netbios-ssn   open   
    192.168.56.102  445   tcp	microsoft-ds  open   
    192.168.56.102  135   tcp	msrpc     	open   Microsoft Windows RPC
  • msf > vulns: This command lists all the vulnerabilities that exist in the hosts present in the database.

  • msf > db_autopwn: This is a powerful command that is used to automate the process of exploiting the target machines that are available in the database. This command requires more understanding about the exploitation process so we will analyze this command later.

How it works...

The analysis process is simple and can be easily filtered to get the desired results. We have seen how to read the database output and how we can manage it efficiently. The last two commands, vulns and db_autopwn are post-exploitation commands, which we will deal with in later chapters.

You have been reading a chapter from
Metasploit Penetration Testing Cookbook
Published in: Jun 2012
Publisher: Packt
ISBN-13: 9781849517423
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime