Once both systems are up and running you need to find the victim. What IP does it have so you can start your exploits against it?
This easiest method to find out this info would be to login to Metasploitable with the given creds (msfadmin/msfadmin) and run ‘ifconfig’ but in the interests of this experiment, how would we find the victim if we didn’t actually have access to the system in question?
The answer….. Nmap.
Well actually there are numerous methods you could use but Nmap is my choice.
Note: From here on in, we are not going to touch our Metasploitable box directly – we are going to use the Kali box throughout. As you use the environment over a period of days/weeks you will likely have to run through the below again and again as your IP’s will not necessarily remain the same.
High level steps:
- Find out the IP of your Kali box
- Use this info to determine the range to scan with Nmap.
- Scan with Nmap – find your target
Find your Kali IP
Open a terminal and run ‘ifconfig’:
So in the above screenshot I know my IP is 192.168.168.135. This means (if both systems are in host only mode) that the IP of the Metasploitable system will be in in the range 192.168.168.1-254
So lets run Nmap to find out which IP it has:
-sP = Ping scan
The results show the live IP addresses found by nmap. We know the .135 address is the Kali box. The .1 is the default gateway. So it would be fair to assume that the 192.168.168.134 address is the Metasploitable box.
So now we know which system to target lets start some recon.