Probing a Machine

Running Metasploitable through UTM

I got a metasploitable machine. It is an ubuntu station that is vulnerable by design. With UTM for the metasploitable machine and the Kali machine from where I should be probing the metasploitable station. Starting it, I code ifconfig and retrieve the IP value of the machine. The IP value is a private IP value, 192.168.7.157 through my LAN.

Finding the active station and getting available ports

Through obtaining the IP value of the metasploitable machine. I start my Kali Linux machine and start the shell. I write the code nmap -F -T4 192.168.7.157 and quickly get a table of the most important available ports for the metasploitable machine. There are thousands of ports but I want to save time and I code the -F flag through nmap to probe the 100 most important ports.

Running initial probes

Through the nmap’s code feature to program codes, I find the available logins, login codes, system features, and program details. You should find a lot of ports with active programs that have details that are available. I got to find that the msql port 3306 got a thread value of 167 and more than 43,564 features.

Running Auth Probes

I program another set of codes under the category of authentication and one of these is a program code that goes against the mysql port 3306. This is the mysql-empty-password program code which throws an error. As this code does not give me the login code, I investigate by starting other nmap mysql probe programs.

Probing Vulnerable Databases

I run four different programs. Number one, mysql-enum, tells me that there are no logins installed in the mysql station. Number two, mysql-brute, tells me that the mysql station defaults to the root login setting and this login has no login codes set. The third, mysql-databases, tells me that there are seven databases installed in the mysql station. The fourth program code, mysql-query, assists with simple queries like SELECT and finds databases through the root.

Building Monitoring System

Programming a path

I want to program nmap to provide a inventory of all of the stations for my LAN. With the built-in nmap program I code —send-ip to send probe ARP packets to all of the IP values in the 192.168.0.0/16 network. Finding that this works, I automate the code. I build a path in the /usr/local/share/ which goes by /usr/local/share/nmap-mon to store a bash program code that should start the nmap code.

Writing the bash program code to automatically start the program

Through bash, I program code that runs the code nmap -oX base.xml -pn -sV -n -T3 —send-ip 192.168.0.0/16. Instead of probing ports and stations, it tells nmap that to just check for a station reply and cut from probing individual ports inside the stations. It tells nmap to just send a ARP packets to the stations in the LAN instead of TCP SYN and TCP ACK packets. The -oX base.xml flag tells nmap to save the outcome of the probe to a path named base.xml. Running another probe with the same code, the bash program code tells nmap to run an ndiff code to generate a table of differences between the two probes that I ran and save the data in a path within the same parent path. Saving the data, the program sends an email to the email specified in the ADMIN variable of the bash program code.

Starting the program

I program the bash program code to run through the crontab tool in GNU. I manually program the code itself as a simple gut-check. I found that there are 13 available stations for my network. I should be getting data about the stations available for my network off a weekly basis.