Name: Piyush Jain

Course: Ethical Hacking Course- CEHv 11

Mobile No: 9886137127
Email-Id: [email protected]
Batch Date: 5th July
Project Name: CEH Module 3: Assignment 4

1|Page
 CEH Module 3 Assignment 4
1) Scan a target network using Metasploit
Ans) Metasploit framework is a tool that provides information about security
vulnerabilities in the target organization system, and aids in penetration testing and IDS
signature development. It facilitates the tasks of attackers, exploit writersand payload
writer.

Here we will use metasploit to discover active hosts, open ports, services running, and OS
details of systems present in the target network.

Open terminal
And to turn into root Type “sudo su”
And add password

And Now linux terminal, type servicepostgresql start and hit enter

2|Page
Now, Type msfconsole and hit enter to launch metasploit

An msf command line appears. Type db_status and hit enter to check if Metasploit has
connected to the database successfully. If you receive the message “postgersql selected,
no connection,” then the database did not connect to msf. Note: screenshot might differ while
you are performing the lab tasks

Exit the metasploit framework by typing exit and press enter. Then, to initiate the
database, type msfdb init and press enter

3|Page
To restart the prostgresql service, type service postresql restart and press enter now start
the metasploit framework again by msfconsole and pressing enter

Check the database status by typing db_status and press enter. This time, the data base
should succesfully connect msf, as shown in the screenshot

Type nmap -Pn -sS -A -oX Test 10.10.1.0/24 and enter scan the subnet, as shown in the
screenshot Note: here, we are scanning the whole subnet 10.10.1.0/24 for active hosts
Nmap begins scanning the subnet and displays the results.

Note : Due to some techincal error I havr to change to parrot

4|Page
After the scan completes, nmap directly displays the number of active hosts in the target
network Now, type db_import test and hit the enter to import the nmap results from
database.

Type hosts and hit enter to view the list of active hosts along with their MAC Address, os
names , ETC as shown in the screenshot

5|Page
Type services and hit enter to receive a list of the services running on the active hosts, as
shown in the screenshot. Note in addition to running Nmap, there are a variety of other
port scanners that are avaliable with in the metasploit framework to scan the target
systems

Type search portscan and hit Enter. The Metasploit Port scanning modules appear, as
shown in the screenshot

6|Page
 Here, we will use the auxiliary/scanner/portscan/syn module to perform an SYN scan on
the target systems. To do so, Type Use
Auxiliary/scanner/portscan/syn and press enter

We will use this module to perform an SYNscan against the target IP address range
(10.10.1.5-20) to look for open port 80 through the eth0 interface. To do so, issue the
below commands:

 set INTERFACE eth0

 set PORTS 80
 set RHOSTS 10.10.1.5-20
 set THREADS 50

Note: PORTS: Specifies the posts to scan (eg., 22-25, 80,110-900), RHOSTS: specifies the
target address range or CDIR identfier, and THREADS: specifies the number of concurrent
threads (default 1)

After Specifying the above values, type run, and press, enter to inititate the scan against the
target IP address range. Note: Similarly, you can also specifiy a range of ports to be scanned
Against the target IP address range

7|Page
Now, we will perform a TCP scan for open ports on the tagets systems. To do so frist type
back, and then press enter to revert to the msf command line.

To load the auilixary/scanner/portscan/tcp module, type USE

auilixary/scanner/portscan/tcp and press Enter.

Type hosts-R and press enter to automatically set this option with the discovered hosts
present in our database.ORType set RHOSTS (target IP Address) and press enter. Note here,
we will perform a TCP Scan for open ports on a single IP address (10.10.1.16), as scanning
multiple IP addresses consumesm much time. Screenshots might differ while you are
performing the lab tasks

8|Page
Type run and press enter to discover TCP ports in the target systems
The results appear, displaying all open TCP ports in the target IP address (10.10.1.16)

Now that we have determined the active hosts on the target network, we can futher attempt
to determine the OSes running on the target systems. As there are systems in our scan that
port 445 open, we will use the module scanner/smb/version to determine which version of
windows running on a target and which samba version is on a linux hosts

To do so, frist type back, and then press enter to revert to the msf command line. Then type
use auxiliary/scanner/smb/smb_version and press enter

We will use this module to run a SMB version scan against the target IP Address range
(10.10.1.5-20).to do so issue the below command

 set RHOSTS 10.10.1.5-20

 set THREADS 11

9|Page
Type run and press enter to discover to SMB version in the target systems.
The results appear, displaying the os details of target hosts.

Type hosts and press enter to view detailed information on active hosts in the target network: Note:
screenshot might while differ while you are performing the lab tasks

10 | P a g e
You can further export this information to a CSV file. To do so, first type back and then press enter
Now type hosts -0
/root/Desktop/Metasploit_Scan_Results.csv and press enter

Click places from the top-section of desktop and click Home folder from the drop-down options

11 | P a g e
The attacker window appears, click file systems and double click root Folder

The root window appears, double-click desktop folder

12 | P a g e
You can observe Metasploit_Scan_Results.csv file. This CSV file contains detailed information on the
active hosts in the target IP range.ss

This information can further be used to perform vulnerability analysis on the open service discovered
in the target hosts.
This conducts the demonstrations of gathering information on open ports, a list of services running
on active hosts, and information related to OSes, amongst others.
Close all open windows and documents all the acquired information.
Type Hosts and press enter to view detailed information on active hosts in the target network Note:
screen shots might differ while you are performing the lab tasks.

13 | P a g e
You can further export this information to a CSV File. To do so, first type back and then press enter
now type hosts-o
/root/Desktop/Metasploit_Scan_Results.csv and press enter

Click places from the top-section of desktop and click Home folder from the drop-down options

The attacker windows appear, click File Systems and double click root folder

14 | P a g e
The root window appears, double click desktop folder

You can observe Metasploit_Scan_Results.csv file. This file CSV File contains detailed information on
the active hosts in the target IP Range.ss

15 | P a g e
This information can further be used perform vulnerability analysis on open service discovered in
target hots
This concludes the demonstration of gathering information open ports, a lists of service running on
active hosts, and information related to OSes, among others

16 | P a g e