Armitage and Metasploit Penetration Testing Lab Raphael Mudge [email protected] [email protected]...
-
Upload
everett-giffen -
Category
Documents
-
view
239 -
download
1
Transcript of Armitage and Metasploit Penetration Testing Lab Raphael Mudge [email protected] [email protected]...
![Page 2: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/2.jpg)
Penetration Testing
Armitage and Metasploit Penetration Testing Lab
![Page 3: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/3.jpg)
Overview
Personal Introduction Penetration Testing Process Course Overview
![Page 4: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/4.jpg)
Introduction – R. Mudge
Previous Experiences Penetration Tester Regional CCDC Red Team x 5 USAF Security Researcher Armitage for Metasploit
Other Experiences WordPress Grammar Checker Programming Language
![Page 5: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/5.jpg)
Penetration Testing
What? Test security by doing what bad guys might do
![Page 6: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/6.jpg)
Penetration Testing
Why? Motivate desire to make changes to improve security
![Page 7: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/7.jpg)
Penetration Testing
How? Demonstrate risk
![Page 8: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/8.jpg)
Types of Penetration Tests Open Source Research Network Social Engineering Wireless Web Applications Mobile
![Page 9: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/9.jpg)
Penetration Testing Process Information Gathering Reconnaissance Access Post-Exploitation
![Page 10: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/10.jpg)
Network Attack Process
![Page 11: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/11.jpg)
Motivation
![Page 12: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/12.jpg)
Motivation
![Page 13: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/13.jpg)
Course overview
1.Penetration Testing2.Metasploit 3.Getting Access4.Post Exploitation5.Maneuver
![Page 14: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/14.jpg)
Goals
• Install Metasploit• Get Access to Hosts• Post-exploitation
![Page 15: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/15.jpg)
Learning Check
Who is Raphael Mudge?
Why Penetration Test?What are we doing today?
![Page 16: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/16.jpg)
Metasploit
Armitage and Metasploit Penetration Testing Lab
![Page 17: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/17.jpg)
Overview
What is Metasploit? Modules Metasploit Console Armitage
![Page 18: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/18.jpg)
What is Metasploit?
![Page 19: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/19.jpg)
What is Metasploit?
Metasploit Linux Modules
Programs msfconsole
/bin/bash RPC Daemon sshd
![Page 20: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/20.jpg)
Modules
![Page 21: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/21.jpg)
Modules
![Page 22: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/22.jpg)
Modules and Magic the Gathering
© 1995-2011 Wizards of the Coast
![Page 23: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/23.jpg)
Module Organization
![Page 24: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/24.jpg)
Metasploit Command Sets
Metasploit Console Manage Database Manage Sessions Configure and Launch Modules
Meterpreter Post-exploitation activities
![Page 25: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/25.jpg)
Console Cheat Sheet
use module - start configuring module
show options - show configurable options
set varname value - set optionexploit - launch
exploit modulerun - launch
non-exploit
sessions –i n - interact with a session
help command - get help for a command
![Page 26: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/26.jpg)
msfconsole
Open ended Works in many places One task / host at a time
![Page 27: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/27.jpg)
What is Armitage? A GUI for Metasploit Goal: Avoid this…
![Page 28: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/28.jpg)
Armitage
![Page 29: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/29.jpg)
Armitage Sightings…
![Page 30: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/30.jpg)
Console Demo
![Page 31: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/31.jpg)
Learning Check
What is a session?What is a payload?What do exploits do?
![Page 32: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/32.jpg)
Getting Access
Armitage and Metasploit Penetration Testing Lab
![Page 33: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/33.jpg)
Overview
Remote Exploits Exploit-free Attack Client-side Exploits
![Page 34: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/34.jpg)
Network Attack Process
![Page 35: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/35.jpg)
Remote Attack
1. NMap Scan2. Analyze Scan Data3. Choose an Exploit4. Select a Payload5. Launch Exploit!
![Page 36: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/36.jpg)
Which exploit do I use? Answer: These.
Name Where
ms08_067_netapi Windows XP/2003 era
ms09_050_smb2_negot..
Windows Vista SP1/SP2
ms03_026_dcom Windows 2000
![Page 37: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/37.jpg)
Why did my exploit fail?
Firewall Non-vulnerable software Service is hung The universe is taunting you Non-reliable exploit Bad day Mis-configured exploit Could not establish session
![Page 38: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/38.jpg)
Exploit-free Attack
1. Choose a payload2. Generate executable3. Set up a multi/handler
![Page 39: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/39.jpg)
PayloadsName Note
windows/meterpreter/reverse_tcp Connects to one port
windows/meterpreter/reverse_tcp_allports
Tries every ports in sequence
windows/meterpreter/reverse_https Speaks HTTPS (!!!!)
java/meterpreter/reverse_tcp Any platform with Java
linux/x86//shell_reverse_tcp
osx/x86/shell_reverse_tcp
![Page 40: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/40.jpg)
Client-side Attack
1. Fingerprint sample of victims2. Choose an Exploit3. Launch Expoit 4. Spam victims (or wait for them)!
![Page 41: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/41.jpg)
Which exploit do I use? Answer: These.Name Where
java_signed_applet Social engineering; any where Java applets run
ms11_003_ie_css_import
Internet Explorer 7/8 (requires .NET)
ie_createobject Internet Explorer 6
![Page 42: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/42.jpg)
Learning Check
Which module listens for a connection from a payload?
Which exploit works against Windows XP SP2, port 445?
![Page 43: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/43.jpg)
Post-Exploitation
Armitage and Metasploit Penetration Testing Lab
![Page 44: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/44.jpg)
Overview
Command Shell Privilege Escalation Spying on the User File Management Process Management Post Modules and Loot
![Page 45: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/45.jpg)
Network Attack Process
![Page 46: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/46.jpg)
Demo Demo Demo
![Page 47: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/47.jpg)
Learning Check
Which Meterpreter command takes a screenshot?
Which Meterpreter command is most useful to you?
![Page 48: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/48.jpg)
Maneuver
Armitage and Metasploit Penetration Testing Lab
![Page 49: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/49.jpg)
Overview
Pivoting Scanning Attacking
![Page 50: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/50.jpg)
Network Attack Process
![Page 51: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/51.jpg)
Demo Demo Demo
![Page 52: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/52.jpg)
Learning Check
Which module gives a session on a Windows host using credentials or hashes?
Which scan should you do before setting up a pivot?
![Page 53: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/53.jpg)
Network Attack Process
![Page 54: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/54.jpg)
Resources
Armitage and Metasploit Penetration Testing Lab
![Page 55: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/55.jpg)
Free Metasploit Course
http://www.offensive-security.com/metasploit-unleashed
![Page 56: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/56.jpg)
Metasploit Homepage
http://www.metasploit.com
![Page 57: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/57.jpg)
Armitage Homepage
http://www.fastandeasyhacking.com
![Page 58: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/58.jpg)
BackTrack Linux
http://www.backtrack-linux.org/
![Page 59: Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com rsmudge@gmail.com Twitter: @armitagehacker.](https://reader035.fdocuments.us/reader035/viewer/2022081504/56649c9a5503460f94956f8e/html5/thumbnails/59.jpg)
Pen Test & Vuln Analysis Course @ NYU
http://pentest.cryptocity.net