Forum Thread: How Do I Hack VPS with Metasploit?

Hello Null-byte, i want to know if it is possible to Hack VPS IP through metasploit, and how can i do it if possible.

18 Responses

hacking a VPS is just like hacking a normal server. if you are looking to compromise the host of a VPS, that might be a bit trickier.

anyway, yes a VPS can be hacked. but it depends on what is running on it. exploits are specific to port numbers, operating systems, running services and applications, and sometimes even the language of the remote system!

unfortunately, there is no silver bullet that will shoot right trough your VPS. you should consider doing good reconassiance, because to slay your enemy, you must first know his weaknesses.


Basically a reconassiance is to find which exploit i can use on that server right? what should i do after i get one?
thanks for your answer btw

basically, yes. but there is more to it, but i'm not going to cover that, because it is all very well covered in the recon series here.

after you found a vulnerability, the next step is finding an exploit for that vulnerability. you should first try to find something in metasploit. if you didn't find anything in metasploit, you should go look in the exploit database. here is what you want to be looking for when you do recon:

  • open ports
  • names of services
  • versions of services

then lookup this info on the exploit database or in metasploit using the "search" command.

since you seem to be new here, I'd first of all like to welcome you to our community! and since you also seem to be new to infosec (just a wild guess), i'll link you to a few series and posts to help you allong the way:

  • How to post to Null-Byte. this is a good article written by Ghost about what is acceptable and what not on null byte.
  • how to use Null Byte. This guide, written by OTW, will tell you how you can use Null Byte to learn.
  • the legal consequences of hacking. THIS ONE IS IMPORTANT!!! you should be aware that if you work against the law with hacking, you'll have a bad time.
  • Linux Basics. As a hacker, it is important to know Linux. This series will teach you basic Linux skills.
  • Recon. I already linked this, but it is really important. we can't stress it enough!

i hope i helped you.


Thanks for the useful links!
anyway i tried the smb-check-vulns but it didn't show me any results
it just showed me the open ports and their services.

are you sure your target is in fact vulnerable?


also it takes like 5 mins to scan an IP lol
while on tutorial took 15 secs

your computer/network speeds may vary from the creators of the tutorials.

also, maybe good to know: a successful attack sometimes takes months, maybe years, of reconnaissance. you will spend 80-85% of your time recon-ing your target.


I'm not sure, thats why i used this command, but it doesn't show the output of the vulns

the smb-check-vulns Nmap script only checks for SMB vulnerabilities. there might be A LOT MORE vulnerabilities! have you scanned the webserver with nikto, for example?


SMB scan without vulnerabilities output

Nikto scan, but it seems it didn't find any vulnerability

How am i supposed to know which vulnerability this server has?
thank you

it looks like the server might be vulnerable to cross site scripting. try to exploit it. i am sure there are tutorials about it on here.


Where should i start, if i want to hack servers?

Well im new to this to be honest,and i don't know how to exploit the cross site scripting, i just want to learn how to hack and entering servers, but all the IPs i tried i couldn't find a vulnerability with recon tutorial.I'm not sure how i will do this, i need help please

Sorry for bothering you

no problem. you just need to study a lot. while recon is important, it is not the only thing. you can't just hope to enter a server by just executing a single command.

but you've come to the right place to begin learning!


I'm still needing help in this, how can i hack vps with metasploit?

can someone help me in this please?

Share Your Thoughts

  • Hot
  • Active