Your SlideShare is downloading. ×
0
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!

525

Published on

There's nothing like creating a worm while drinking wine and dancing in front of your multi-monitor-rig. Everyone knows that!! …

There's nothing like creating a worm while drinking wine and dancing in front of your multi-monitor-rig. Everyone knows that!!

Finally, after more than 10 years this document uncovers the secrets on how to achieve this...

You know about computers and stuff. You replaced some characters from your password so it reads 'Sw0rdf1sh' now. You know there are hundreds of tools out there, but you only have one lifetime to explore them all…

This is where the Metasploit Framework comes in. One framework to rule them all...

During this practical workshop session you will learn about the various stages of a pentest, and how the various puzzle pieces fit together. By using a centralised tool like the Metasploit Framework we can concentrate on results rather than effort. By the end of this workshop, you will have an understanding of the Metasploit Framework, how it can aid you in increasing your overall security and last but not least; You will be more bitter, but much wiser!

Many thanks to Warner Bros. Pictures for visual support.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
525
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
30
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Metasploit: You can look like Hugh Jackman too! BSides London 2014 BSides London 2014
  • 2. Subjects • What is the Metasploit Framework (MSF)? • How can I use MSF to my advantage? • Why would I want to use MSF? • Last but not least: How DO I actually use MSF?
  • 3. Terminology • MSF • Vulnerabilities • Exploits • Payloads
  • 4. Metasploit trough the ages • Started out as a ncruses based network game written in Perl • 2003: MSF 1.0 released (11 exploits) • Somewhere along the way.. v3.0 written in Ruby • 2014: MSF 4.9 (1292 exploits)
  • 5. Inside the box • +1200 exploits • 700 auxiliary modules • +200 post modules • +300 payloads • +30 encoders • 8 nops
  • 6. Sounds AMAZING Mike! How do I get it? • rapid7.com • github.com/rapid7 • kali.org
  • 7. And now for something completely different…
  • 8. Running the Metasploit Framework From Kali Linux
  • 9. binary.hybrid3.iso • md5: 058226e666c98e9e094318247ddb5e2c • sha1: 40ebcbe6487d567f55747a219b426b4e62b4995c • 32-bits • Kali 1.0.6 • Metasploit 4.9.2-2014042301 • root/toor
  • 10. metasploitable-linux-2.0.0.zip • md5: 058226e666c98e9e094318247ddb5e2c • sha1: 8825f2509a9b9a58ec66bd65ef83167f • msfadmin/msfadmin
  • 11. Virtualbox Configuration
  • 12. Interacting with MSF • # msfcli • # msfconsole ! • out-of-scope: msfweb/msfgui • out-of-scope: Armitage • out-of-scope: Cobalt Strike
  • 13. Starting MSF from Kali
  • 14. msfconsole 101 • msf > version • msf > banner • msf > db_status • msf > help (!!)
  • 15. msfconsole basics • msf > search -h • msf > info searchresult • msf > use searchresult • msf auxiliary(searchresult) > show actions • msf exploit(searchresult) > show options • msf auxiliary(totallynotwhereIwanttobe) > back
  • 16. <3
  • 17. And now.. for something completely different! • Open Source Security Testing Methodology Manual (OSSTM) • Information Systems Security Assessment Framework (ISSAF) • Penetration Testing Execution Standard (PTES) • Open Web Application Security Project (OWASP top 10) • SANS (20 Critical Controls)
  • 18. Penetration Testing stages • Information gathering • Identifying threats • Identifying vulnerabilities • Exploiting vulnerabilities • Post exploitation
  • 19. Let’s get to it..
  • 20. msfconsole 102 • msf > info exploit/multi/handler • msf > use exploit/multi/handler • msf exploit(handler) > info • msf exploit(handler) > show options • msf exploit(handler) > set variable
  • 21. msfconsole 10..3? • variables are set with set • variables can be removed with unset • global variables can be set with setg • variabelen can be saved to ~/.msf4/config with save
  • 22. MSF Jobs & Sessions • Exploits = jobs • Payloads = sessions • msf > help sessions
  • 23. MSF Jobs & Sessions • use back to navigate back to the framework • use background to suspend a meterpreter session • msf > jobs -l (list all currently active jobs) • msf > jobs -i x (interact with job nr. x)
  • 24. Attack Vectors • Server-side • Client-side
  • 25. Server-side • msf > db_nmap target-ip • msf > hosts • msf > services
  • 26. metasploitable2 • msf > info exploit/multi/samba/usermap_script • msf > use exploit/multi/samba/usermap_script • exploit (usermap_script) > show options • exploit (usermap_script) > set RHOST 172.x.x.x • exploit (usermap_script) > set RPORT 445 • exploit (usermap_script) > check (not all exploits support this feature (yet)) • exploit (usermap_script) > exploit
  • 27. Metasploitable2
  • 28. Ok, great! What now? • msf > search post/linux
  • 29. msfpayload
  • 30. msfpayload
  • 31. Why?
  • 32. notepad++ + meterpreter
  • 33. notepad++ + meterpreter + 99 iterations
  • 34. notepad++ + meterpreter + 999 iterations
  • 35. VB… what?!
  • 36. pwnage
  • 37. Notepad++ + meterpreter + VBS
  • 38. Recap • What is the Metasploit Framework (MSF)? • How can I use MSF to my advantage? • Why would I want to use MSF?
  • 39. Victory Dance
  • 40. Questions?
  • 41. Ok, not bad.. How can I continue?! • http://blog.ctf365.com/metasploitable-in-the-cloud/ • http://r-7.co/Metasploitable2 • http://vulnhub.com • Be aware of browser exploits! • Be aware of QR codes!! • Be aware of ALL THE THINGS!!!
  • 42. Thank you all and until next year!

×