Basic Penetration Testing With Metasploit WebUI

Postby **TheVikingsofDW** » Thu Mar 07, 2024 2:35 am

Metasploit embodies a Penetration Testing framework that presents a diverse range of automated penetration testing functions. Furthermore, Metasploit boasts an intuitive WebUI, facilitating novice users in effortlessly harnessing a substantial portion of its capabilities.

Basic Penetration Test:
1. Upon successfully logging in with our credentials within the Metasploit WebUI login interface, we are afforded the capability to initiate the creation of fresh projects. Subsequent to the initiation of a new project, Metasploit prompts us to furnish the requisite project configurations.
2. Upon project creation, we shall be presented with a screen displaying the array of options supported by Metasploit. Among these options is the discovery module, offering a fundamental scanning capability that amalgamates various operations designed to unveil systems within a network. Additionally, there is the Nexpose scan option, which, when installed and configured, conducts a comprehensive vulnerability scan of the designated network. Furthermore, there exists a Web Apps module for executing rudimentary web application penetration testing, a Social Engineering module for orchestrating campaigns against specific systems, and a Penetration module dedicated to executing an exhaustive penetration test on the target network.
3. Upon selecting the basic scan option within the discovery module, we are afforded the opportunity to configure these scan settings to align with our specific requirements. Advanced users have the option to utilise advanced settings to fine-tune the scanning process to a greater degree.
4. Upon completion of the scan, we are able to obtain a comprehensive overview of the target network. This overview provides us with information regarding the quantity of active systems present within the network, the various operating systems in operation, and a detailed account of the network services currently running.
5. To review all active hosts, one may navigate to the Analysis -> Hosts tab.
6. Once more, one can return to the project's main page and select the "exploit". Advanced users have the capability to adjust a multitude of exploitation settings.
7. Upon initiating the exploitation process, any hosts compromised during this operation are distinctly highlighted in yellow. Furthermore, the specific exploit utilised to compromise each host is clearly displayed alongside the respective host.
8. Upon the conclusion of the exploitation process, a screen is presented indicating the compromised status of a host. Distinct sessions are established for each host that has been compromised through the utilisation of a particular exploit.
9. Selecting a session directs us to a screen replete with an array of options that can be employed to execute specific tasks on the compromised system.
10. Accessing a command shell on the compromised system unveils a console interface, enabling us to execute desired commands with unrestricted flexibility.

The previously mentioned exposition provided a succinct overview of the capabilities inherent in the Metasploit WebUI interface for identifying vulnerabilities within networked systems.