In this step, you will perform a penetration scan on the Metasploitable2 target machine using Nmap to identify open ports and services running on the target.
- Start the Metasploitable2 virtual machine and ensure it is running.
- Launch the Kali container and enter the bash shell.
- Inside the Kali container, run the following command to perform a comprehensive scan on the target machine:
nmap -sV -T4 target-ip-address
The -sV
option instructs Nmap to probe open ports to determine service/version information, while -T4
sets the timing template to an aggressive level (higher values from 0 to 5 increase the aggressiveness).
Start the PostgreSQL service and initialize the Metasploit database:
cd ~
service postgresql start
msfdb init
Launch the Metasploit console:
msfconsole
Perform a comprehensive scan on the target machine:
nmap -sV -T4 192.168.122.102
Here's an example of the output you might see:
[*] exec: nmap -sV -T4 192.168.122.102
Starting Nmap 7.94 ( https://nmap.org ) at 2024-03-24 20:47 UTC
Nmap scan report for 192.168.122.102
Host is up (0.0037s latency).
Not shown: 977 closed tcp ports (reset)
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.3.4
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
23/tcp open telnet Linux telnetd
25/tcp open smtp Postfix smtpd
53/tcp open domain ISC BIND 9.4.2
80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)
111/tcp open rpcbind 2 (RPC #100000)
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
512/tcp open exec?
513/tcp open login
514/tcp open shell?
...
This series of commands starts the PostgreSQL service, initializes the Metasploit database, launches the Metasploit console, and then performs a comprehensive scan on the target machine using Nmap.
Press Ctrl+D to quit the Metasploit console then start the inspection