Auxiliaries

The Metasploit framework is equipped with hundreds of auxiliaries that can be used to perform different tasks. These modules can be considered as small tools that do not exploit anything but aid us in the exploitation process. To view a list of all the auxiliaries, we can use the following command:

show auxiliary

We will look at an example of running an auxiliary that runs a version scan on the SMB service and tells us the OS that is installed on the system we ran the auxiliary on. To choose the auxiliary, we type in the following command:

use auxiliary/scanner/smb/smb_ms17_101  

We can see more information about what this auxiliary does by typing the following:

show info

Now we can see the options to check all the requirements of this auxiliary by inputting the following:

show options 

Here, we can see that this auxiliary requires the value of the remote host of RHOSTS and the number of threads. This can be increased if we plan to use this across a subnet. We set the value of RHOSTS by using the following command:

 set RHOSTS <IP HERE>

We then run the auxiliary and this will show us whether the system is vulnerable to Eternal Blue and Eternal Romance, as well as whether it is already backdoored: