From the course: Penetration Testing Essential Training
Join today to access over 25,300 courses taught by industry experts.
Information gathering with Legion - Linux Tutorial
From the course: Penetration Testing Essential Training
Information gathering with Legion
- [Instructor] Let's take a look at how we can use Kali to extract information about the services on a target system while at the same time looking for credentials to use. To do this, we can use a useful reconnaissance tool called Legion. We find this in Applications, Vulnerability Analysis. And we'll put the password kali in. And the startup's a bit messy, but we can right click on the top bar and maximize the Legion window. Let's click on the panel to add hosts and add 10.0.2.8 for our Metasploitable server, and we'll do a hard assessment. And we can submit. Legion now starts analyzing our Metasploitable server. We can see its progress in the bottom panel, and as the analysis proceeds, we can see the results in the main right panel. If we scroll down to Port 3306, we can see that the server is running MySQL 5.0.51a. We can open the MySQL tab at the top right and we can see that Legion has used Hydra to check and found valid credentials to access the SQL server. Similarly, if we…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.