Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com...

Armitage and Metasploit Penetration Testing Lab

Raphael Mudgersmudge@gmail.comTwitter: @armitagehacker

Penetration Testing

Overview

Personal Introduction Penetration Testing Process Course Overview

Introduction – R. Mudge

Previous Experiences Penetration Tester Regional CCDC Red Team x 5 USAF Security Researcher Armitage for Metasploit

Other Experiences WordPress Grammar Checker Programming Language

Penetration Testing

What? Test security by doing what bad guys might do

Penetration Testing

Why? Motivate desire to make changes to improve security

Penetration Testing

How? Demonstrate risk

Types of Penetration Tests Open Source Research Network Social Engineering Wireless Web Applications Mobile

Penetration Testing Process Information Gathering Reconnaissance Access Post-Exploitation

Network Attack Process

Motivation

Course overview

1.Penetration Testing2.Metasploit 3.Getting Access4.Post Exploitation5.Maneuver

• Install Metasploit• Get Access to Hosts• Post-exploitation

Learning Check

Who is Raphael Mudge?

Why Penetration Test?What are we doing today?

Metasploit

Overview

What is Metasploit? Modules Metasploit Console Armitage

What is Metasploit?

Metasploit Linux Modules

Programs msfconsole

/bin/bash RPC Daemon sshd

Modules

Modules and Magic the Gathering

Module Organization

Metasploit Command Sets

Metasploit Console Manage Database Manage Sessions Configure and Launch Modules

Meterpreter Post-exploitation activities

Console Cheat Sheet

use module - start configuring module

show options - show configurable options

set varname value - set optionexploit - launch

exploit modulerun - launch

non-exploit

sessions –i n - interact with a session

help command - get help for a command

msfconsole

Open ended Works in many places One task / host at a time

What is Armitage? A GUI for Metasploit Goal: Avoid this…

Armitage

Armitage Sightings…

Console Demo

Learning Check

What is a session?What is a payload?What do exploits do?

Getting Access

Overview

Remote Exploits Exploit-free Attack Client-side Exploits

Remote Attack

1. NMap Scan2. Analyze Scan Data3. Choose an Exploit4. Select a Payload5. Launch Exploit!

Which exploit do I use? Answer: These.

Name Where

ms08_067_netapi Windows XP/2003 era

ms09_050_smb2_negot..

Windows Vista SP1/SP2

ms03_026_dcom Windows 2000

Why did my exploit fail?

Firewall Non-vulnerable software Service is hung The universe is taunting you Non-reliable exploit Bad day Mis-configured exploit Could not establish session

Exploit-free Attack

1. Choose a payload2. Generate executable3. Set up a multi/handler

PayloadsName Note

windows/meterpreter/reverse_tcp Connects to one port

windows/meterpreter/reverse_tcp_allports

Tries every ports in sequence

windows/meterpreter/reverse_https Speaks HTTPS (!!!!)

java/meterpreter/reverse_tcp Any platform with Java

linux/x86//shell_reverse_tcp

osx/x86/shell_reverse_tcp

Client-side Attack

1. Fingerprint sample of victims2. Choose an Exploit3. Launch Expoit 4. Spam victims (or wait for them)!

Which exploit do I use? Answer: These.Name Where

java_signed_applet Social engineering; any where Java applets run

ms11_003_ie_css_import

Internet Explorer 7/8 (requires .NET)

ie_createobject Internet Explorer 6

Learning Check

Which module listens for a connection from a payload?

Which exploit works against Windows XP SP2, port 445?

Post-Exploitation

Overview

Command Shell Privilege Escalation Spying on the User File Management Process Management Post Modules and Loot

Demo Demo Demo

Learning Check

Which Meterpreter command takes a screenshot?

Which Meterpreter command is most useful to you?

Maneuver

Overview

Pivoting Scanning Attacking

Demo Demo Demo

Learning Check

Which module gives a session on a Windows host using credentials or hashes?

Which scan should you do before setting up a pivot?

Resources

Free Metasploit Course

http://www.offensive-security.com/metasploit-unleashed

Metasploit Homepage

http://www.metasploit.com

Armitage Homepage

http://www.fastandeasyhacking.com

BackTrack Linux

http://www.backtrack-linux.org/

Pen Test & Vuln Analysis Course @ NYU

http://pentest.cryptocity.net

Raphael Mudgersmudge@gmail.comTwitter: @armitagehacker

Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com...

Documents

Transcript of Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com...

Mudge&Chen SociologyOfParties

: Quinsam & Cape Mudge

Mudge Glazing Catalog 2013

Mudge aka Peiter Mudge Zatko

Metasploit Basics

Metasploit Completo

Neoliberalism, Mudge

3 henry and mudge

Curso Metasploit

Henry and mudge

Nethemba metasploit

Henry and Mudge Maze - Ready · Henry and Mudge Maze Mudge went for a walk without Henry again. Can you help Henry find Mudge? Simon & Schuster Children’s Publishing H A CBS COMPANY

Metasploit Framework Unleashed beyond Metasploit · PDF fileMetasploit Framework Unleashed –beyond Metasploit ... MSF Bind Payload

Henry & Mudge

CENTRAL UNIVERSITY OF PUNJAB BATHINDA CBS.pdfIntroduction to Metasploit: Metasploit framework, Metasploit Console, Payloads, Metrpreter, Introduction to Armitage, Installing and using

Storytown Grade 2 Lesson 3...Then he found Mudge. Mudge had floppy ears, not pointed. And Mudge had straight fur, not curly. But Mudge was short. “Because he’s a puppy,” Henry

Mudge Mpsoc

Exploitation with Metasploit - Nethemba · PDF file Prologue Metasploit Project Metasploit Framework – open­source platform for exploit developing, testing and using exploit

Metasploit Demo

Comly Summer Reading Assignments - School District of ......5. Henry got Mudge when Mudge was a puppy. true false 6. Mudge grew out of seven collars in a row. true false 7. Mudge loved

Exploitation with Metasploit - Nethemba · PDF file Prologue Metasploit Project Metasploit Framework – opensource platform for exploit developing, testing and using exploit