Which exploit and which payload use?

Question

Hi everyone and sorry for my bad English.

I'm learning penetration testing.

After reconnaissance and scanning of my target, I have enough information to pass to next phase.

Some info I have is open ports with related running services, names of the services, service's versions, operative system of the device, firewalls used, etc.)

I launched the mfs console.

I should find the correct exploit and payload, based on the information collected to gain access. I've read the Metasploit Unleashed guide on offensive-security. I've learned the Metasploit Fundamentals and the use of mfs console.

But I don't understand the way to start all of this. Assuming that my target has 20 ports open, I want test the vulnerability using an exploit payload that do not require user interaction. The possibilities of which exploit and payloads to use are now reduced, but are always too. Searching and testing all exploit and payloads for each ports isn't good! So, if i don't know the vulnerability of the target, how do I proceed?

I would like to be aware of what I do. and do not try without understanding.

Answer 1

Couple of things:

We have a stack exchange for security! Check it out at https://security.stackexchange.com/

For an answer: you want to look for "remote exploits", as those do not require user interaction. you can find a curated list of exploits here: https://www.exploit-db.com/remote/

You can search the services on this page for something that matches the same service/version as your attack vector.