Perform version scan of your target port sevice and find nse scripts of that service and

get scan info?

- Run brute scripts of ssh,ftp and access the ftp,ssh services using that output
credentials?
METASPLOITABLE SERVER INSTALLATION
 Metasploit framework

Metasploit tool

1. Exploits:
  Exploits in Metasploit are modules that take advantage of vulnerabilities
in target systems. They are essentially pieces of code designed to
leverage weaknesses in software or system configurations to gain
unauthorized access or control over a target machine. Exploits are
categorized based on the vulnerabilities they target, such as remote
code execution, privilege escalation, or buffer overflows.
 Exploits may come in various forms, including remote exploits that
target services running on remote systems, client-side exploits that
target vulnerabilities in client applications like web browsers or email
clients, and local exploits that target vulnerabilities in locally accessible
software or configurations.

2. Auxiliary:

 Auxiliary modules in Metasploit serve a variety of functions that support

penetration testing activities. They perform tasks such as scanning
networks for open ports and services, identifying vulnerabilities in target
systems, gathering information about target systems (e.g., OS
fingerprinting, banner grabbing), and conducting brute-force attacks
against authentication mechanisms.
 Auxiliary modules are versatile and can be used in reconnaissance,
vulnerability assessment, and other preparatory phases of penetration
testing.

3. Payloads:

 Payloads in Metasploit are the actual payloads delivered to the target

system after successful exploitation. They provide the attacker with
various functionalities, depending on their objectives. Common payload
types include:
 Meterpreter: A powerful payload that provides an interactive shell with
extensive post-exploitation capabilities, including file system
manipulation, network reconnaissance, privilege escalation, and more.
 Reverse shells: Payloads that establish a reverse connection from the
target system to the attacker's machine, allowing the attacker to execute
commands on the compromised system.
  Stagers and stages: Payloads that are delivered in multiple stages to
evade detection. Stagers establish an initial connection to the attacker,
while stages download and execute the actual payload.
 Shellcode: Raw machine code that performs specific actions on the
target system, often used in memory corruption exploits.

4. Post-exploitation:

 Post-exploitation modules in Metasploit are used after successful

exploitation to perform various tasks on the compromised system.
These tasks may include:
 Privilege escalation: Exploiting additional vulnerabilities to escalate
privileges on the compromised system, gaining higher levels of access.
 Data exfiltration: Stealing sensitive information from the target system,
such as passwords, documents, or credentials.
 Lateral movement: Moving laterally within the network to compromise
additional systems and expand the attacker's foothold.
 Persistence: Establishing mechanisms to maintain access to the
compromised system even after reboots or system changes.

5. NOP Generators (NOPs):

 NOP generators in Metasploit produce sequences of No Operation

(NOP) instructions, which are used in exploit development to pad
payloads or exploit code. NOP sleds are commonly used in buffer
overflow exploits to facilitate the execution of injected shellcode by
providing a landing pad for the exploit.

6. Encoders:

 Encoders in Metasploit are used to obfuscate payloads or exploit code

to evade detection by security mechanisms such as antivirus software or
intrusion detection/prevention systems (IDS/IPS). Encoders modify the
appearance of the payload while preserving its functionality, making it
more difficult for security tools to detect and block.

7. Evasion:
 Evasion modules in Metasploit are designed to bypass security measures
such as firewalls, intrusion detection systems (IDS), or antivirus software.
They utilize various techniques to evade detection, including payload
obfuscation, traffic encryption, fragmentation, and protocol
manipulation. Evasion techniques aim to make exploits and payloads
more stealthy and difficult to detect by security defenses.