Leveraging the information collected during information gathering and scanning, we will enter the world of exploits. In this recipe, we will see how we can use Metasploit to break into our Metasploitable 3 target system, which is running Windows Server 2008 R2. We will be using the commands we learned in the previous section, and then move ahead to select exploits and payloads, and set up various required parameters.
We will start our penetration testing process right from msfconsole
. So, launch the console and perform a port scan to gather information about the target. We discussed port scanning in detail in the previous chapter. Here, I will assume that you have gathered information about the target system and its services. So, let's proceed with selecting exploits and payloads.
Sometimes, looking at the output of a Nmap or even vulnerability scanners is not enough. The output of the services
command just shows us that the server is running...