asked on Need Help using Nmap & Metasploit.
Greeting Experts,
I need some help configuring metasploit (cli) and nmap to run at the same time (i.e. simplify my reconnaissance and vuln checking at the same time). What do I mean? My bosses task me with project of looking for weak passwords on our network. So I scan a subnet range 10.xx.xx.xx/20 using nmap (i.e. nmap -sS –A –O <subnet range> -xO SubnetRange.xml) that can take few hours, then uploaded in to metasploit database, look for smb services (i.e. Services -p 445 –R) and put them in to temp memory. Once that is done I use the smb_login metasploit module, use local administrator account with list of passwords to test.
What I am wanting to do is combine the nmap process and smb_login scan together to automait the process…. Can this be done? If so, what is the process to complete it?
I need some help configuring metasploit (cli) and nmap to run at the same time (i.e. simplify my reconnaissance and vuln checking at the same time). What do I mean? My bosses task me with project of looking for weak passwords on our network. So I scan a subnet range 10.xx.xx.xx/20 using nmap (i.e. nmap -sS –A –O <subnet range> -xO SubnetRange.xml) that can take few hours, then uploaded in to metasploit database, look for smb services (i.e. Services -p 445 –R) and put them in to temp memory. Once that is done I use the smb_login metasploit module, use local administrator account with list of passwords to test.
What I am wanting to do is combine the nmap process and smb_login scan together to automait the process…. Can this be done? If so, what is the process to complete it?
Network SecurityNetwork AnalysisVulnerabilities
Last Comment
Mike
ASKER
I attempting to take from black box approach. and see if I can escalate to privilege account using mimkatz to get the Domain user account.
My bosses task me with project of looking for weak passwords on our network.
Your approach will not accomplish your stated goal. Finding one account with a weak password is not sufficient, if the goal is to audit the passwords on your network/domain.
Best of luck to you.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
the 2nd link was able to give me the info I needed....
Typically, one would download the SAM database and then run L0ftcrack or similar against it. This assumes you have the admin privileges and authorization to do so.