Tips for an Information Security Analyst/Pentester career - Ep. 35 - Metasploit: auxiliary and check

Auxiliary modules 

Metasploit has auxiliary modules, as well, that contain also network scanners, fuzzers and denial of service modules.

Auxiliary modules also provide vulnerability scanning functionalities.

Our Nmap scan showed the FTP server on our Ubuntu target machine allowed anonymous login.

We can check if this vulnerability can be exploited by using an auxiliary module, auxiliary/scanner/ftp/anonymous.

This vulnerability is confirmed by our scan.

Using Metasploit this way gives us a great advantage: instead of having to materially exploit the system, we can check right away if a specific exploit would be successful.

Check functionality

Some exploits provide you with the check functionality, which is alike the auxiliary module we saw before.

Once we setup an exploit as we normally do with Metasploit, we can check if our target is potentially vulnerable to it, without having to materially attack the system.

As an example of an exploit supporting it, I chose a very well-known one, MS-08_067 netapi.

After setting up its options as usual, we can use check to verify if your target is vulnerable.

It turns out our XP machine isn't exploitable.

That's the reason why this exploit didn't work in the previous video.

Sadly, though, this functionality isn't supported by all exploits.

In fact, I tried to use it on a different exploit and it didn't work.

Wrap-up

Metasploit is mostly used for exploitation, but it can also be very helpful for vulnerability scanning and has a lot of extended functionalities beyond its most common exploits.

If used right, it can be pretty powerful, so now you should have another tool in your bags of tricks.

Episode 36

Episode 34