Find your Windows machine's IP address and ping it from the Kali machine. Make sure you can see replies, as shown below.
If you don't see replies, make sure the firewall is off on the Windows machine.
ls /usr/share/nmap/scripts | more
You see a long list of Nmap scripts,
as shown below. Press the Spacebar
to see another screen of them.
On Kali, in a Terminal window, execute this command:
nmap --script-help default
The default scripts are considered safe
and effective.
Scroll back many pages to see the smtp-commands script description, as shown below.
nmap -sC 192.168.119.129
Scroll back to see the results for SMTP.
You should see that the VRFY method is allowed,
as shown below. This is not recommended, because
spammers can use that method to verify email addresses.
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT
On Kali, in a Terminal window, execute these commands to see the scanner modules available:
msfconsole
search auxiliary ^scanner
A long list scrolls by, with scanners for
many products. Unfortunately, the results include
exploits and other items instead of just scanners--the Metasploit search engine doesn't seem to work
very well.
Execute these commands to enumerate the user accounts on the system via SMB (Microsoft's File and Printer Sharing).
use auxiliary/scanner/smtp/smtp_enum
show options
set RHOSTS 192.168.119.129
exploit
You should see several user accounts
found, as shown below.
Capture a whole-desktop image and save it as "Proj 9b".
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT
use windows/smb/ms08_067_netapi
set RHOSTS 192.168.119.129
check
exit
If you are using Windows 2008,
Metasploit determines that
"the target is not exploitable",
as shown below.
You see a page titled "XAMPP 1.7.2", as shown below.
Nikto is a web application vulnerability scanner. Execute this command, replacing the IP address with the IP address of your Windows 2008 machine.
nikto -h 192.168.119.129
You should see several vulnerabilities
in the "phpmyadmin" Web administration
module, with OSVDB numbers,
as shown below.
These are serious vulnerabilities--that module should be hidden from unauthorized users of the website.
Capture a whole-desktop image and save it as "Proj 9c".
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT
Send a Cc to yourself.
Last Modified: 9-28-17