SlideShare a Scribd company logo

Metasploit for information gathering

Download as PPTX, PDF
Chris Harrington
Chris Harrington

Usage guide on using Metasploit auxiliary modules for information gathering. Some modules are used as examples to show functionality. The need for cyber investigators are booming and the tools available to perform investigations already exist, in most circumstances. While the majority of tools are open source, paid applications exist as well.

Technology
1 of 17
Auxiliary modules For cybercrime investigations Usage guide Created by Chris Harrington
 There are several interfaces ◦ gui ◦ console ◦ web  Auxiliary modules are in 3 categories ◦ Admin ◦ Scanner ◦ Server
 Using Kali Linux ◦ Start Postgresql  Metasploit uses postgresql to speed up searching /etc/init.d/postgresql start ◦ Start metasploit /etc/init.d/metasploit start
 Run command: msfconsole  Inside Metasploit console
 Ensure Metasploit is connected to the postgresql database ◦ This speeds up search significantly Command: db_status
 Searching the auxiliary database Command: search auxiliary ◦ All auxiliary modules are shown  Filter search and search for mysql Command: search mysql  More refined search only for auxiliary
 Selecting module for information gathering
 Use the probe module Command: use auxiliary/scanner/mysql/mysql_version  Show options that can be set Command: show options
 Required options must be set list of options that can be set using set command currently assigned value to option required or not required option to set description of option
 Set required parameters set command to set parameters option to set called RHOSTS host of suspect running mysql Command: set <OPTION> <VALUE>  Set RPORT if default port is different  Threads can be changed for multiple hosts
 Command: run  Suspect host running MySQL 5.1.73-community
 Metasploit comes with several scanners ◦ identifying open ports ◦ Service identification ◦ and more Command: search auxiliary/scanner
 Use arp_sweep module to discovery other hosts on the same network Command: use auxiliary/scanner/discovery/arp_sweep  Show options and set required values
 Use tcp portscan module to identify open ports on the suspect’s machine Command: use auxiliary/scanner/portscan/tcp  Show options and set required values
 Set RHOSTS and other options  Run the scan
 Contains many tools and modules ◦ Auxiliary ◦ Exploits ◦ Payloads  Easy to use and multiple interfaces  Cost and time saving  Remember to set OPTIONS appropriate to your situation  Other tools exist for port and service identification  Know what you are doing. Don’t get compromised
 My contact details  C.k.harrington@gmail.com

Recommended

XSS Magic tricks
XSS Magic tricksXSS Magic tricks
XSS Magic tricksGarethHeyes
 
Cours d'introduction aux HTML5 & CSS3
Cours d'introduction aux HTML5 & CSS3Cours d'introduction aux HTML5 & CSS3
Cours d'introduction aux HTML5 & CSS3Abel LIFAEFI MBULA
 
Introduction to Drupal Basics
Introduction to Drupal BasicsIntroduction to Drupal Basics
Introduction to Drupal BasicsJuha Niemi
 
An Introduction to Drupal
An Introduction to DrupalAn Introduction to Drupal
An Introduction to DrupalTobias Ratschiller
 
jQuery
jQueryjQuery
jQueryMostafa Bayomi
 
Introduction à Angular
Introduction à AngularIntroduction à Angular
Introduction à AngularAbdoulaye Dieng
 
Html & Css presentation
Html & Css presentation Html & Css presentation
Html & Css presentation joilrahat
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 

Recommended

XSS Magic tricks
XSS Magic tricksXSS Magic tricks
XSS Magic tricksGarethHeyes
 
Cours d'introduction aux HTML5 & CSS3
Cours d'introduction aux HTML5 & CSS3Cours d'introduction aux HTML5 & CSS3
Cours d'introduction aux HTML5 & CSS3Abel LIFAEFI MBULA
 
Introduction to Drupal Basics
Introduction to Drupal BasicsIntroduction to Drupal Basics
Introduction to Drupal BasicsJuha Niemi
 
An Introduction to Drupal
An Introduction to DrupalAn Introduction to Drupal
An Introduction to DrupalTobias Ratschiller
 
jQuery
jQueryjQuery
jQueryMostafa Bayomi
 
Introduction à Angular
Introduction à AngularIntroduction à Angular
Introduction à AngularAbdoulaye Dieng
 
Html & Css presentation
Html & Css presentation Html & Css presentation
Html & Css presentation joilrahat
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
Introduction au développement Web
Introduction au développement Web Introduction au développement Web
Introduction au développement Web Romain Willmann
 
XSS
XSSXSS
XSSHrishikesh Mishra
 
Django Best Practices
Django Best PracticesDjango Best Practices
Django Best PracticesAbdullah Çetin ÇAVDAR
 
Process injection - Malware style
Process injection - Malware styleProcess injection - Malware style
Process injection - Malware styleSander Demeester
 
Introduction au Framework AngularJs
Introduction au Framework AngularJsIntroduction au Framework AngularJs
Introduction au Framework AngularJsRadhoueneRouached
 
Jquery
JqueryJquery
JqueryGirish Srivastava
 
Bootstrap
BootstrapBootstrap
BootstrapAvinashChunduri2
 
Build web applications using google flutter
Build web applications using google flutterBuild web applications using google flutter
Build web applications using google flutterAhmed Abu Eldahab
 
Temel HTML Etiketleri - Text, Image, Link, List, Image
Temel HTML Etiketleri - Text, Image, Link, List, ImageTemel HTML Etiketleri - Text, Image, Link, List, Image
Temel HTML Etiketleri - Text, Image, Link, List, Imagecmkandemir
 
Front-end development introduction (HTML, CSS). Part 1
Front-end development introduction (HTML, CSS). Part 1Front-end development introduction (HTML, CSS). Part 1
Front-end development introduction (HTML, CSS). Part 1Oleksii Prohonnyi
 
WebKit and GStreamer
WebKit and GStreamerWebKit and GStreamer
WebKit and GStreamercalvaris
 
Overview of PHP and MYSQL
Overview of PHP and MYSQLOverview of PHP and MYSQL
Overview of PHP and MYSQLDeblina Chowdhury
 
2 ModéLe Mvc
2 ModéLe Mvc2 ModéLe Mvc
2 ModéLe MvcDghaies Jihed , PSM I Ⓡ
 
Initiation à Express js
Initiation à Express jsInitiation à Express js
Initiation à Express jsAbdoulaye Dieng
 
CSS Grid vs. Flexbox
CSS Grid vs. FlexboxCSS Grid vs. Flexbox
CSS Grid vs. FlexboxEcaterina Moraru (Valica)
 
Angular.pdf
Angular.pdfAngular.pdf
Angular.pdfJaouad Assabbour
 
Lecture 5: Client Side Programming 1
Lecture 5: Client Side Programming 1Lecture 5: Client Side Programming 1
Lecture 5: Client Side Programming 1Artificial Intelligence Institute at UofSC
 
Beginners Guide to Drupal
Beginners Guide to DrupalBeginners Guide to Drupal
Beginners Guide to DrupalGerald Villorente
 
Sécurité des Applications WEB -LEVEL1
Sécurité des Applications WEB -LEVEL1 Sécurité des Applications WEB -LEVEL1
Sécurité des Applications WEB -LEVEL1Tarek MOHAMED
 
HTML Semantic Tags
HTML Semantic TagsHTML Semantic Tags
HTML Semantic TagsBruce Kyle
 
Tranning-2
Tranning-2Tranning-2
Tranning-2Ali Hussain
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerShellmates
 

More Related Content

What's hot

Introduction au développement Web
Introduction au développement Web Introduction au développement Web
Introduction au développement Web Romain Willmann
 
Process injection - Malware style
Process injection - Malware styleProcess injection - Malware style
Process injection - Malware styleSander Demeester
 
Introduction au Framework AngularJs
Introduction au Framework AngularJsIntroduction au Framework AngularJs
Introduction au Framework AngularJsRadhoueneRouached
 
Build web applications using google flutter
Build web applications using google flutterBuild web applications using google flutter
Build web applications using google flutterAhmed Abu Eldahab
 
Temel HTML Etiketleri - Text, Image, Link, List, Image
Temel HTML Etiketleri - Text, Image, Link, List, ImageTemel HTML Etiketleri - Text, Image, Link, List, Image
Temel HTML Etiketleri - Text, Image, Link, List, Imagecmkandemir
 
Front-end development introduction (HTML, CSS). Part 1
Front-end development introduction (HTML, CSS). Part 1Front-end development introduction (HTML, CSS). Part 1
Front-end development introduction (HTML, CSS). Part 1Oleksii Prohonnyi
 
WebKit and GStreamer
WebKit and GStreamerWebKit and GStreamer
WebKit and GStreamercalvaris
 
Initiation à Express js
Initiation à Express jsInitiation à Express js
Initiation à Express jsAbdoulaye Dieng
 
Sécurité des Applications WEB -LEVEL1
Sécurité des Applications WEB -LEVEL1 Sécurité des Applications WEB -LEVEL1
Sécurité des Applications WEB -LEVEL1Tarek MOHAMED
 
HTML Semantic Tags
HTML Semantic TagsHTML Semantic Tags
HTML Semantic TagsBruce Kyle
 

What's hot (20)

Introduction au développement Web
Introduction au développement Web Introduction au développement Web
Introduction au développement Web
 
XSS
XSSXSS
XSS
 
Django Best Practices
Django Best PracticesDjango Best Practices
Django Best Practices
 
Process injection - Malware style
Process injection - Malware styleProcess injection - Malware style
Process injection - Malware style
 
Introduction au Framework AngularJs
Introduction au Framework AngularJsIntroduction au Framework AngularJs
Introduction au Framework AngularJs
 
Jquery
JqueryJquery
Jquery
 
Bootstrap
BootstrapBootstrap
Bootstrap
 
Build web applications using google flutter
Build web applications using google flutterBuild web applications using google flutter
Build web applications using google flutter
 
Temel HTML Etiketleri - Text, Image, Link, List, Image
Temel HTML Etiketleri - Text, Image, Link, List, ImageTemel HTML Etiketleri - Text, Image, Link, List, Image
Temel HTML Etiketleri - Text, Image, Link, List, Image
 
Front-end development introduction (HTML, CSS). Part 1
Front-end development introduction (HTML, CSS). Part 1Front-end development introduction (HTML, CSS). Part 1
Front-end development introduction (HTML, CSS). Part 1
 
WebKit and GStreamer
WebKit and GStreamerWebKit and GStreamer
WebKit and GStreamer
 
Overview of PHP and MYSQL
Overview of PHP and MYSQLOverview of PHP and MYSQL
Overview of PHP and MYSQL
 
2 ModéLe Mvc
2 ModéLe Mvc2 ModéLe Mvc
2 ModéLe Mvc
 
Initiation à Express js
Initiation à Express jsInitiation à Express js
Initiation à Express js
 
CSS Grid vs. Flexbox
CSS Grid vs. FlexboxCSS Grid vs. Flexbox
CSS Grid vs. Flexbox
 
Angular.pdf
Angular.pdfAngular.pdf
Angular.pdf
 
Lecture 5: Client Side Programming 1
Lecture 5: Client Side Programming 1Lecture 5: Client Side Programming 1
Lecture 5: Client Side Programming 1
 
Beginners Guide to Drupal
Beginners Guide to DrupalBeginners Guide to Drupal
Beginners Guide to Drupal
 
Sécurité des Applications WEB -LEVEL1
Sécurité des Applications WEB -LEVEL1 Sécurité des Applications WEB -LEVEL1
Sécurité des Applications WEB -LEVEL1
 
HTML Semantic Tags
HTML Semantic TagsHTML Semantic Tags
HTML Semantic Tags
 

Viewers also liked

BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerShellmates
 
The Perfect Man of Islam
The Perfect Man of IslamThe Perfect Man of Islam
The Perfect Man of IslamCrossMuslims
 
Informationssicherheit im Übersetzungsprozess
Informationssicherheit im ÜbersetzungsprozessInformationssicherheit im Übersetzungsprozess
Informationssicherheit im ÜbersetzungsprozessHans Pich
 
Metasploit-TOI-Ebryx-PVT-Ltd
Metasploit-TOI-Ebryx-PVT-LtdMetasploit-TOI-Ebryx-PVT-Ltd
Metasploit-TOI-Ebryx-PVT-LtdAli Hussain
 
Static PIE, How and Why - Metasploit's new POSIX payload: Mettle
Static PIE, How and Why - Metasploit's new POSIX payload: MettleStatic PIE, How and Why - Metasploit's new POSIX payload: Mettle
Static PIE, How and Why - Metasploit's new POSIX payload: MettleBrent Cook
 
Slide Palestra "Metasploit Framework"
Slide Palestra "Metasploit Framework"Slide Palestra "Metasploit Framework"
Slide Palestra "Metasploit Framework"Roberto Soares
 
Scrum Überblick Teil 1
Scrum Überblick Teil 1Scrum Überblick Teil 1
Scrum Überblick Teil 1Christof Zahn
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet AnalysisAmmar WK
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Pluginsamiable_indian
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksGreg Foss
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 

Viewers also liked (20)

Tranning-2
Tranning-2Tranning-2
Tranning-2
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
 
Metasploit Humla for Beginner
Metasploit Humla for BeginnerMetasploit Humla for Beginner
Metasploit Humla for Beginner
 
Metasploit
MetasploitMetasploit
Metasploit
 
Guida google hacking
Guida google hacking Guida google hacking
Guida google hacking
 
The Perfect Man of Islam
The Perfect Man of IslamThe Perfect Man of Islam
The Perfect Man of Islam
 
Informationssicherheit im Übersetzungsprozess
Informationssicherheit im ÜbersetzungsprozessInformationssicherheit im Übersetzungsprozess
Informationssicherheit im Übersetzungsprozess
 
Penetration test
Penetration testPenetration test
Penetration test
 
Metasploit-TOI-Ebryx-PVT-Ltd
Metasploit-TOI-Ebryx-PVT-LtdMetasploit-TOI-Ebryx-PVT-Ltd
Metasploit-TOI-Ebryx-PVT-Ltd
 
Static PIE, How and Why - Metasploit's new POSIX payload: Mettle
Static PIE, How and Why - Metasploit's new POSIX payload: MettleStatic PIE, How and Why - Metasploit's new POSIX payload: Mettle
Static PIE, How and Why - Metasploit's new POSIX payload: Mettle
 
Webinar Metasploit Framework - Academia Clavis
Webinar Metasploit Framework - Academia ClavisWebinar Metasploit Framework - Academia Clavis
Webinar Metasploit Framework - Academia Clavis
 
Slide Palestra "Metasploit Framework"
Slide Palestra "Metasploit Framework"Slide Palestra "Metasploit Framework"
Slide Palestra "Metasploit Framework"
 
Scrum Überblick Teil 1
Scrum Überblick Teil 1Scrum Überblick Teil 1
Scrum Überblick Teil 1
 
Oscp preparation
Oscp preparationOscp preparation
Oscp preparation
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet Analysis
 
Writing Metasploit Plugins
Writing Metasploit PluginsWriting Metasploit Plugins
Writing Metasploit Plugins
 
Metasploit Basics
Metasploit BasicsMetasploit Basics
Metasploit Basics
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot Attacks
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 

Similar to Metasploit for information gathering

Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitationprimeteacher32
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
Introduction to Laravel Framework (5.2)
Introduction to Laravel Framework (5.2)Introduction to Laravel Framework (5.2)
Introduction to Laravel Framework (5.2)Viral Solani
 
Hadoop cluster performance profiler
Hadoop cluster performance profilerHadoop cluster performance profiler
Hadoop cluster performance profilerIhor Bobak
 
Black hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slidesBlack hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slidesBakry3
 
Metasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesMetasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesTrowalts
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 
ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016Derek Downey
 
Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3ManageEngine, Zoho Corporation
 
OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.ManageEngine, Zoho Corporation
 
Getting Started with Consul
Getting Started with ConsulGetting Started with Consul
Getting Started with ConsulRamit Surana
 
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...Puppet
 
Puppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachPuppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachAlessandro Franceschi
 
Scaling Up Logging and Metrics
Scaling Up Logging and MetricsScaling Up Logging and Metrics
Scaling Up Logging and MetricsRicardo Lourenço
 
How to create a multi tenancy for an interactive data analysis with jupyter h...
How to create a multi tenancy for an interactive data analysis with jupyter h...How to create a multi tenancy for an interactive data analysis with jupyter h...
How to create a multi tenancy for an interactive data analysis with jupyter h...Tiago Simões
 
Orchestrated Functional Testing with Puppet-spec and Mspectator
Orchestrated Functional Testing with Puppet-spec and MspectatorOrchestrated Functional Testing with Puppet-spec and Mspectator
Orchestrated Functional Testing with Puppet-spec and MspectatorRaphaël PINSON
 
Orchestrated Functional Testing with Puppet-spec and Mspectator - PuppetConf ...
Orchestrated Functional Testing with Puppet-spec and Mspectator - PuppetConf ...Orchestrated Functional Testing with Puppet-spec and Mspectator - PuppetConf ...
Orchestrated Functional Testing with Puppet-spec and Mspectator - PuppetConf ...Puppet
 

Similar to Metasploit for information gathering (20)

linux installation.pdf
linux installation.pdflinux installation.pdf
linux installation.pdf
 
Cheatsheet: Metasploit
Cheatsheet: MetasploitCheatsheet: Metasploit
Cheatsheet: Metasploit
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitation
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
 
Introduction to Laravel Framework (5.2)
Introduction to Laravel Framework (5.2)Introduction to Laravel Framework (5.2)
Introduction to Laravel Framework (5.2)
 
Hadoop cluster performance profiler
Hadoop cluster performance profilerHadoop cluster performance profiler
Hadoop cluster performance profiler
 
Black hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slidesBlack hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slides
 
Metasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesMetasploit: Pwnage and Ponies
Metasploit: Pwnage and Ponies
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
 
ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016ProxySQL Tutorial - PLAM 2016
ProxySQL Tutorial - PLAM 2016
 
Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3Free OpManager training Part1- Discovery and classification season#3
Free OpManager training Part1- Discovery and classification season#3
 
OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.
 
Getting Started with Consul
Getting Started with ConsulGetting Started with Consul
Getting Started with Consul
 
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
 
Puppet modules: An Holistic Approach
Puppet modules: An Holistic ApproachPuppet modules: An Holistic Approach
Puppet modules: An Holistic Approach
 
Scaling Up Logging and Metrics
Scaling Up Logging and MetricsScaling Up Logging and Metrics
Scaling Up Logging and Metrics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
How to create a multi tenancy for an interactive data analysis with jupyter h...
How to create a multi tenancy for an interactive data analysis with jupyter h...How to create a multi tenancy for an interactive data analysis with jupyter h...
How to create a multi tenancy for an interactive data analysis with jupyter h...
 
Orchestrated Functional Testing with Puppet-spec and Mspectator
Orchestrated Functional Testing with Puppet-spec and MspectatorOrchestrated Functional Testing with Puppet-spec and Mspectator
Orchestrated Functional Testing with Puppet-spec and Mspectator
 
Orchestrated Functional Testing with Puppet-spec and Mspectator - PuppetConf ...
Orchestrated Functional Testing with Puppet-spec and Mspectator - PuppetConf ...Orchestrated Functional Testing with Puppet-spec and Mspectator - PuppetConf ...
Orchestrated Functional Testing with Puppet-spec and Mspectator - PuppetConf ...
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Metasploit for information gathering

  • 1. Auxiliary modules For cybercrime investigations Usage guide Created by Chris Harrington
  • 2.  There are several interfaces ◦ gui ◦ console ◦ web  Auxiliary modules are in 3 categories ◦ Admin ◦ Scanner ◦ Server
  • 3.  Using Kali Linux ◦ Start Postgresql  Metasploit uses postgresql to speed up searching /etc/init.d/postgresql start ◦ Start metasploit /etc/init.d/metasploit start
  • 4.  Run command: msfconsole  Inside Metasploit console
  • 5.  Ensure Metasploit is connected to the postgresql database ◦ This speeds up search significantly Command: db_status
  • 6.  Searching the auxiliary database Command: search auxiliary ◦ All auxiliary modules are shown  Filter search and search for mysql Command: search mysql  More refined search only for auxiliary
  • 7.  Selecting module for information gathering
  • 8.  Use the probe module Command: use auxiliary/scanner/mysql/mysql_version  Show options that can be set Command: show options
  • 9.  Required options must be set list of options that can be set using set command currently assigned value to option required or not required option to set description of option
  • 10.  Set required parameters set command to set parameters option to set called RHOSTS host of suspect running mysql Command: set <OPTION> <VALUE>  Set RPORT if default port is different  Threads can be changed for multiple hosts
  • 11.  Command: run  Suspect host running MySQL 5.1.73-community
  • 12.  Metasploit comes with several scanners ◦ identifying open ports ◦ Service identification ◦ and more Command: search auxiliary/scanner
  • 13.  Use arp_sweep module to discovery other hosts on the same network Command: use auxiliary/scanner/discovery/arp_sweep  Show options and set required values
  • 14.  Use tcp portscan module to identify open ports on the suspect’s machine Command: use auxiliary/scanner/portscan/tcp  Show options and set required values
  • 15.  Set RHOSTS and other options  Run the scan
  • 16.  Contains many tools and modules ◦ Auxiliary ◦ Exploits ◦ Payloads  Easy to use and multiple interfaces  Cost and time saving  Remember to set OPTIONS appropriate to your situation  Other tools exist for port and service identification  Know what you are doing. Don’t get compromised
  • 17.  My contact details  C.k.harrington@gmail.com