Discover The IP address of Metasploitable Server using NetDiscover

The first step of most hacks is identifying the machine that we want to connect to. Each machine is identified by a unique IP address. In this section, we will discover the IP address of the Metasploitable 2 server using NetDiscover.


What is NetDiscover?

Netdiscover is an active/passive ARP reconnaissance tool, initially developed to gain information about wireless networks without DHCP servers in wardriving scenarios. It can also be used on switched networks. Built on top of libnet and libpcap, it can passively detect online hosts or search for them by sending ARP requests.

Furthermore, it can be used to inspect your network's ARP traffic or find network addresses using the auto-scan mode, which will scan for common local networks.

NetDiscover comes pre-installed with the ParrotSec Operating system. Use the help command to find out more information about its usage.

┌─[mrdev@mr-dev]─[~]
└──╼ $netdiscover -h
Netdiscover 0.8 [Active/passive ARP reconnaissance tool]
Written by: Jaime Penalba <[email protected]>

Usage: netdiscover [-i device] [-r range | -l file | -p] [-m file] [-F filter] [-s time] [-c count] [-n node] [-dfPLNS]
  -i device: your network device
  -r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8
  -l file: scan the list of ranges contained into the given file
  -p passive mode: do not send anything, only sniff
  -m file: scan a list of known MACs and host names
  -F filter: customize pcap filter expression (default: "arp")
  -s time: time to sleep between each ARP request (milliseconds)
  -c count: number of times to send each ARP request (for nets with packet loss)
  -n node: last source IP octet used for scanning (from 2 to 253)
  -d ignore home config files for autoscan and fast mode
  -f enable fastmode scan, saves a lot of time, recommended for auto
  -P print results in a format suitable for parsing by another program and stop after active scan
  -L similar to -P but continue listening after the active scan is completed
  -N Do not print header. Only valid when -P or -L is enabled.
  -S enable sleep time suppression between each request (hardcore mode)

If -r, -l or -p are not enabled, netdiscover will scan for common LAN addresses.
┌─[✗]─[mrdev@mr-dev]─[~]
└──╼ $


Using NetDiscover

Follow the below instructions to find out the IP address of your target machine with the help of NetDiscover:


Step 1: Find out the interface name

To know the interface name run the ifconfig command on your terminal:

┌─[mrdev@mr-dev]─[~]
└──╼ $ifconfig
eth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether **:**:**:**:**:**  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 28  bytes 1968 (1.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 28  bytes 1968 (1.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vboxnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.56.1  netmask 255.255.255.0  broadcast 192.168.56.255
        inet6 fe80::800:27ff:fe00:0  prefixlen 64  scopeid 0x20<link>
        ether 0a:00:27:00:00:00  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9  bytes 698 (698.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet **.**.***.*  netmask 255.255.255.0  broadcast 192.168.**.***
        inet6 2409:4062:211e:adfe:3ea1:5bae:c352:c3b4  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::12a6:dc1b:25d3:9d5c  prefixlen 64  scopeid 0x20<link>
        ether 3c:95:09:fd:f1:51  txqueuelen 1000  (Ethernet)
        RX packets 47056  bytes 53323352 (50.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 33505  bytes 6023950 (5.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

┌─[mrdev@mr-dev]─[~]
└──╼ $

You can see 4 interfaces connected to your network:

  • eth0: If your network is connected through an Ethernet cable.
  • lo0: This signifies that you are connected with a local network i.e., 127.0.0.1
  • vboxnet0: If your network is within the VirtualBox.
  • wlan0: If you are connected with wifi.

Note: This may vary with your computer. In real-world hacking, it is important to know the working structure of a network. To learn more about networks to understand them in a better way.

As our Metasploitable 2 is installed within Virtualbox so the interface is vboxnet0.


Step 2: Discover the network

If you have found out your interface name then, run the following command on your terminal:

┌─[mrdev@mr-dev]─[~]
└──╼ $ sudo netdiscover -i vboxnet0

The netdiscover tool searches multiple IP addresses on your network in an attempt to discover which ones are currently being used. This tool lets you see all the machines that are currently connected to the vboxnet0:

 Currently scanning: 192.168.156.0/16   |   Screen View: Unique Hosts                                                                 
                                                                                                                                      
 2 Captured ARP Req/Rep packets, from 2 hosts.   Total size: 84                                                                       
 _____________________________________________________________________________
   IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
 -----------------------------------------------------------------------------
 192.168.56.2    08:00:27:a8:6e:59      1      42  PCS Systemtechnik GmbH                                                             
 192.168.56.3    08:00:27:52:1e:51      1      42  PCS Systemtechnik GmbH

After a couple of minutes, netdiscover should have captured 2 hosts and their IP addresses that are running within this network.

 (IMPORTANT: This IP will be different for everyone. You need to use the IP Address that is output in your terminal.)

Great now that you have the IP Addresses, but the confusion is which is the Metasploit server. You can find out your answer in the next chapter.

Tags

You may like these posts

Show more

Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.

If you have any doubts or any queries you can specify here.

#buttons=(Ok, Go it!) #days=(20)

Our website uses cookies to enhance your experience. Learn More
Ok, Go it!