Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
METASPLOIT and the
WEB…
By: Nipun Jaswal, Director of Cyber Security,
Lucrypt Limited UK
msf(about_me)>
 Author of Mastering Metasploit
 6+ Years of Experience
 Expertise: Wireless, Exploit Writing, Malware D...
Do You Expect NETAPI Today? Ms_08_067?
Familiar With Metasploit?
Familiar With Metasploit?
Metasploit for Web
 SQL Injections
 Scanner
 Login Brute Forcers
 RCE Injection
 And Many More
 WMAP Integration
 I...
Metasploit for Web Advantages
 Support Variety of Functions and In Built Modules for Web
 Can work over Large Ranges
 I...
Heart of Metasploit: Its Library
Metasploit and HTTP
https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/http/client_request.rb
Let’s Write an Example Module to Check
Wordpress Version
.HTML
Tools of the Trade
Conventionally:
 1. Intercept the Request/Response
 2. Find out Version From Readme.html Page
 3. Print on Screen
Conventionally:
Conventionally:
The MSF Way:
The MSF Way:
The MSF Way:
The MSF Way Admin Check:
The MSF Way Admin Check:
The MSF Way Admin Check:
Exploiting SQL Injections with MSF
RCE Based Backdoor Using MSF
DEMOTwit:@nipunjaswal
FB: nipun.jaswal
Upcoming SlideShare
Loading in …5
×

Ground Zero Training- Metasploit For Web

727 views

Published on

Metasploit for Web Applications is covered in the slides. Please refer to http://www.github.com/nipunjaswal for more

Published in: Engineering
  • Writing a good research paper isn't easy and it's the fruit of hard work. For help you can check writing expert. Check out, please ⇒ www.HelpWriting.net ⇐ I think they are the best
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • If you are one of those students who prefer to order a well-written essay online instead of doing it individually, I can suggest you using this writing company HelpWriting.net ! Try using this service once and you will see how useful it can be for you!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Ground Zero Training- Metasploit For Web

  1. 1. METASPLOIT and the WEB… By: Nipun Jaswal, Director of Cyber Security, Lucrypt Limited UK
  2. 2. msf(about_me)>  Author of Mastering Metasploit  6+ Years of Experience  Expertise: Wireless, Exploit Writing, Malware Dev  Expertise: Radio Frequencies, Surveillance Products  15+ Hall of Fames  Director of Cyber Security, Lucrypt Ltd. UK  Worked with Elite LEAs throughout the World  More at: nipunjaswal.com, nipunjaswal.info
  3. 3. Do You Expect NETAPI Today? Ms_08_067?
  4. 4. Familiar With Metasploit?
  5. 5. Familiar With Metasploit?
  6. 6. Metasploit for Web  SQL Injections  Scanner  Login Brute Forcers  RCE Injection  And Many More  WMAP Integration  In Built Support for Many CMS and Variety of HTTP Functions
  7. 7. Metasploit for Web Advantages  Support Variety of Functions and In Built Modules for Web  Can work over Large Ranges  Integration to Report Database and Reporting Features  Extensible Support and Wide Community of Developers  Easy to Code
  8. 8. Heart of Metasploit: Its Library
  9. 9. Metasploit and HTTP https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/http/client_request.rb
  10. 10. Let’s Write an Example Module to Check Wordpress Version .HTML
  11. 11. Tools of the Trade
  12. 12. Conventionally:  1. Intercept the Request/Response  2. Find out Version From Readme.html Page  3. Print on Screen
  13. 13. Conventionally:
  14. 14. Conventionally:
  15. 15. The MSF Way:
  16. 16. The MSF Way:
  17. 17. The MSF Way:
  18. 18. The MSF Way Admin Check:
  19. 19. The MSF Way Admin Check:
  20. 20. The MSF Way Admin Check:
  21. 21. Exploiting SQL Injections with MSF
  22. 22. RCE Based Backdoor Using MSF
  23. 23. DEMOTwit:@nipunjaswal FB: nipun.jaswal

×