Scan the Target Machine for Network Vulnerabilities
In a typical penetration test, we need to further attack the target machine. The first thing we need to do is to perform a penetration scan on the target machine. During the scanning process, we can discover the services provided by the machine, and then determine whether there are vulnerabilities based on the information available. Next, we attempt to penetrate the potential vulnerabilities and ultimately compromise the target machine to obtain its vulnerabilities.
- Open an xfce terminal on the LabEx host machine and start the Metasploitable2 target by running the following command:
sudo virsh start Metasploitable2
Wait for the target machine to start, it may take 1-3 minutes.
- Test the connectivity to the target machine by pinging it:
ping 192.168.122.102
Press Ctrl+C
to stop the ping.
- Launch the Kali Linux container and enter the bash environment by running:
docker run -ti --network host b5b709a49cd5 bash
- Inside the Kali container, test the network connection to the target machine:
ping 192.168.122.102
Press Ctrl+C
to stop the ping.
Now both the attack machine and the target machine are running, and you can start the penetration testing.
- Then we start msfconsole and enter the operation interface:
cd ~
msfconsole
- In the scanning phase, Nmap is a very useful scanning tool. During the vulnerability scanning process, we can analyze and attempt potential vulnerabilities through analysis. Here, we perform a penetration scan on the target machine using the following command:
nmap -sV -T5 target
In the above command, -T
sets the scanning speed:
Parameter |
Meaning |
nmap T0 |
Extremely slow scan, used for IDS (Intrusion Detection System) evasion |
nmap T1 |
Slow scan, speed between 0 and 2, can also evade some IDS |
nmap T2 |
Reduced scan speed, usually not used |
nmap T3 |
Default scan speed |
nmap T4 |
May flood the target, likely to trigger the firewall |
nmap T5 |
Insane scan speed, sacrificing accuracy for speed |
Press Ctrl+D to quit the Metasploit console then start the inspection