TCP, UDP, and SMB Auxiliary Modules in Metasploit#

Metasploit is a powerful exploitation tool used by security professionals all over the world. In this blog post, we’ll be taking a look at three of the Metasploit auxiliary modules: TCP, UDP, and SMB. We’ll go over what each of these modules does and how they can be used in your next penetration test. Let’s start with TCP auxiliary modules and required variable settings.

TCP: auxiliary/scanner/portscan/tcp

TCP is a connection-oriented protocol that assures the reliable transfer of packets. TCP is used by many services, including Telnet, SSH, FTP, and SMTP. This module runs a simple port scan on the target machine to determine whether TCP ports are open. Its auxiliary module name is auxiliary/scanner/portscan/tcp, and you must configure the variables as in the screenshots:

use auxiliary/scanner/portscan/tcp show options

alt img

RHOSTS: As we have already learned in previous blogs, RHOSTS is a variable that holds the IP address/range of the target system you want to scan. As you can see from the output of the show results, the target IP address is a required parameter.

PORTS: Ports variable holds the port/port range you want to scan. It is also required for auxiliary/scanner/portscan/tcp. So let’s set both of them.

set RHOSTS 10.10.124.152

Run the following command to find out the port 80’s status on 10.10.124.152.

alt img

Let’s give a port range now such as 1-1000:

set PORTS 1-1000

run

alt img

As you can see in the screenshot, Metasploit ran the auxiliary/scanner/portscan/tcp module on the target address and found the above ports open.

UDP:auxiliary/scanner/discovery/udp_sweep

In comparison to TCP, UDP is a lightweight protocol. It is, however, not as dependable as TCP. Services such as SNMP and DNS make use of UDP. This module runs a basic port scan on the target machine to determine whether UDP ports are open.

UDP auxiliary module name is auxiliary/scanner/discovery/udp_sweep. You must configure the following variables:

use auxiliary/scanner/discovery/udp_sweep

alt img

show options

alt img

set RHOSTS 10.10.124.152

run

alt img

Lastly, let’s take a look at SMB auxiliaries and required variables.

SMB: /smb_version and /smb_enumusers

SMB (Server Message Block) is an application layer protocol that is largely used for sharing files, printers, and other resources. SMB communicates over TCP port 445. Let’s have a look at some of the SMB auxiliaries:

  • Smb_version: Smb_version module probes the target to determine which SMB version is installed. Its auxiliary module name is auxiliary/scanner/smb/smb_version, and the following parameters must be configured such as the following:

    use auxiliary/scanner/smb/smb_version

    alt img

    set RHOSTS 10.10.124.152

    run

    alt img

  • smb_enumusers: This auxiliary module communicates with the target system using the SMB RPC service and identifies the system’s users. Its auxiliary module name is auxiliary/scanner/smb/smb_enumusers, and the following parameters must be configured such as the following:

    use auxiliary/scanner/smb/smb_enumusers

    show options

    alt img

    set RHOSTS 10.10.124.152 run

    alt img

Final Words#

Upon completion of this page, now you can perform a TCP, UDP, and SMB scan on a target address using Metasploit’s related auxiliary modules.

See also

Looking to expand your knowledge of penetration testing? Check out our online course, MPT - Certified Penetration Tester