Metasploit mailing list archives
Re: A small question regarding IP
From: Kurt Grutzmacher <grutz () jingojango net>
Date: Sat, 17 Sep 2011 09:47:43 -0700
Don't believe the haters. Metasploit is super amazing and has already found systems you can hack. It puts them in this file called "hosts": For backtrack: cat /etc/hosts For Windows XP: type c:\windows\system32\drivers\etc\hosts Good luck! -- Kurt Grutzmacher -=- grutz () jingojango net On Fri, Sep 16, 2011 at 4:47 PM, Sean Keane <keanesf () gmail com> wrote:
Lolling, try ping 'hostname' ex: ping google.com also you should try to learn how to use nmap among other tools. but as everyone has stated your missing the whole recon phase of attacking a network, your lack of understanding of how networks operate will get you caught. Read a book on TCP\IP or CCNA. My advice set up metasploitable in a virtual machine and play with that. Also download backtrack or any other security distro and explore that, while metasploit is a great framework theres alot more to pentesting a network than running autopwn on a host. On Fri, Sep 16, 2011 at 16:14, Travis Phillips < perfect_insanity2004 () yahoo com> wrote:Okay. Do not hack a system that your not authorized to attack by that systems owner. This is illegal under the computer misuse act of 1990. However. For finding the IP address of remote host. If you don't know how to do this then you shouldn't be using metasploit as you lack a proper foundation to work off of. You should read the hacking exposed book series. While its exploit section is out of date the "framework" of the testing methods are tried and true. I suggest you look at that first as the first step in any pentest is PASSIVE FOOTPRINTING! Meaning check everything you can without being intrusive. This means finding their IP address and netblocks. Using whois to find admins and contacts and address, and searching forums for people who ask tech questions who may have revealed a little too much info about there systems. Find there servers that offer public services, and public offices with poor security. If I were to give you a webserver, you should be able to tell me the IP address, the web server software and the version, the OS, and were its located. Till you can do that you shouldn't be using exploits as an attack should be more of a surgical attack, not throwing everything and the kitchen sink at the server. Hacking exposed explained this as the same as a person looking to rob a bank may go look for cameras and guards in the bank first to make things go smoother. So practice this first. Final thoughts. I implore you to learn as much as you can. I love my research and break no laws in doing so. Build a lab in your home with spare boxes or VMs or find a college that will allow your research in their labs (most schools have an IT sec program. In my school I found an IT sec instructor that has a lab that's got an offline network and he lets me use that and request help in making new labs and also captures memory dumps for his forensics class to analyze. A fair deal both ways.) You can also join wargame sites such as "hack this site" to practice your hacking skills and compete in hacking competitions like SANS NetWars and also see if colleges in your area run CTF challenges. With all that said, there is no reason to break laws to learn hacking skills. So take the black hat off and throw on the white hat! You can't change the things you done but you can control your future. So its never to late to switch teams and call yourself a researcher! In the words of Spidermans aunt "with great power comes great responsibility." Cheers mate, Travis Phillips (http://theunl33t.blogspot.com) Sent from Yahoo! Mail on Android _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- A small question regarding IP dmz928 (Sep 16)
- Re: A small question regarding IP Tod Beardsley (Sep 16)
- Re: A small question regarding IP haZard0us (Sep 16)
- Re: A small question regarding IP Tommy Elliott (Sep 21)
- Re: A small question regarding IP kishore vekaria (Sep 21)
- <Possible follow-ups>
- Re: A small question regarding IP Travis Phillips (Sep 16)
- Re: A small question regarding IP Sean Keane (Sep 16)
- Re: A small question regarding IP Kurt Grutzmacher (Sep 17)
- Re: A small question regarding IP Sean Keane (Sep 16)