https://heapspray.io/tags/metasploit/ Recent content in Metasploit on heapspray.io - a plethora of infosec garbage Hugo -- 0.152.2 en-us Wed, 22 Apr 2015 00:00:00 +0000 https://heapspray.io/posts/metasploit-soul-searching-part-i-scanning-with-metasploit/ Wed, 22 Apr 2015 00:00:00 +0000 https://heapspray.io/posts/metasploit-soul-searching-part-i-scanning-with-metasploit/ <p>I&rsquo;ve been trying to expand my knowledge of Metasploit recently. I&rsquo;ve gotten training which included quite extensive coverage of the framework, for which I&rsquo;m grateful; but to really get how extensive the tool&rsquo;s functionality is, there&rsquo;s nothing quite like practice.</p> <p>With this in mind, I downloaded the metasploitable VM over at sourceforge (<a href="http://sourceforge.net/projects/metasploitable/files/Metasploitable2/">http://sourceforge.net/projects/metasploitable/files/Metasploitable2/</a>) and began hacking away at it.</p> <p>When you start working on these things, it&rsquo;s awful tempting to fall back into &lsquo;CTF mode&rsquo;, where your only objective is to get in. It&rsquo;s not super effective in testing the tool, though. So I tried to limit myself to metasploit only, and see how far I could go. I also took a breadth-first approach rather than a depth-first approach - in other words, exploring as many of the scanning functionality as possible before moving on to exploitation.</p>