RS
Uploaded byRamnath Shenoy
PPTX, PDF1,060 views

Metasploit For Beginners

This document provides an overview of Metasploit for beginners. It discusses why Metasploit is useful, how to set up a demo environment, and how to use auxiliary and exploit modules. It then demonstrates auxiliary modules for scanning and information gathering. It also demonstrates two exploit modules against ElasticSearch and Jenkins, using reverse shell payloads. The document provides a cheat sheet for navigating msfconsole and describes common commands used prior to demonstrations.

Technology
Related topics:
Information Security

Embed presentation

Downloaded 38 times
Metasploit for Beginners Ramnath
Whoami Ramnath Shenoy • Engineering @ FireEye • https://www.linkedin.com/in/ramnathshenoyk • @Ramnathsk
Metasploit for Beginners ●Why Metasploit? ●Demo Setup ●Auxiliary Module ●Exploit Module ●Payloads ●Demo 1 - Elastic Search exploit ●Demo 2 - Jenkins exploit
Why Metasploit? ● Published independently ● Different programming languages ● Targeted limited to a specific platform ● No evasion techniques ● No clear documentation ● No coding style and difficult to embed /modify
Metasploit Framework Current stable version is v4.13.X • Written in ruby, https://github.com/rapid7/metasploit-framework.git, • [ 1610 exploits, 914 auxiliary, 279 post ,471 payloads , 39 encoders , 9 nops ] Ready in kali - used in this demo. Available as windows installer. (Never really tried!..)
Metasploit Architecture Libraries Interfaces Modules nops payloads exploits Auxiliary Encoder Post msfconsole Rex MSF::Core MSF::Base Tools Plugins
Visualising an attack Target Vulnerable software PayloadExploitAuxiliary Windows/Shell Windows/add user Remote exploit Local exploit Scan and enumerate Rogue Servers Post Enum credentials Exploit suggest Exploit Payload Post msfconsole
Demo Setup! Target Windows 2008 R2 – Metasploitable3 Designed vulnerable to test payload Setup instructions https://github.com/rapid7/metasploitable3 172.28.128.4 Metasploit/kali Attacker 172.28.128.3 Victim Windows 2k8 Virtual Box
Msfconsole Navigation cheat sheet! Msfupdate - update Msfconsole – initialize metasploit >help - example: help search >search – example: search name:pcman type:exploit >show - example show info, show options and show advanced >use - example use exploit/.., use aux/.., use payload/.. >set, unset, setg & unsetg - set payload/.. set exitfunc >back,previous Exploit ,POST and Payload specifics >set RHOST : Victim IP >set RPORT: Victim port >set LHOST: Attacker IP >set LPORT: Attacker Port on Reverse Connect or Victim Port on Bind >set SESSION: The Session id of an earlier attack to attempt Local priv esc
Commands Prior Demo! • Start the PostgreSQL, initialize database for metasploit and then proceed with starting msfconsole • Setup a workspace within metasploit to store enumeration result • Initialise a scan with nmap to store its results. Results in db will be accessible via “services”
Auxiliary Module - Demo • Brute Force access tests on different protocols. • Enumerate and gather more information with limited access. • Check for misconfigured or default Web Portals. • Set up a rogue- ftp,http,smb,imap servers
Auxiliary Module - “use auxiliary/scanner/snmp/snmp_enum”
Exploit Module Searching remote exploits are typically -> exploit/Platform/protocol/Application_or_service Searching local exploits are typically -> exploit/Platform/local/Application_or_service
Payload Module Bind Shell TCP • Successful exploitation leads to a new port on Victim with shell access. Reverse Shell TCP • Successful exploitation makes to client connect to Attack and provide its shell. BindShell-Listener Reverse Shell-Listener Exploit Exploit
Exploit Module -Demo exploit/multi/elasticsearch/script_mvel_rce ElasticSearch ->1.1.1 Payload -> java/shell/reverse_tcp
Exploit Module 2 In these cases we will need to use the attacker machine as a server, servicing the delivery of the exploit. We will need 2 more options, SRVHOST and SRVPORT Meterpreter Payload ,provides an interactive environment with functionalities likes • Getsystem, clearnenv, migrate, hashdump, post, up/download,edit • Run portrecorder , load mimikatz..
Exploit Module -Demo 2 • exploit/multi/http/jenkins_script_console • windows/meterpreter/reverse_tcp
Thanks.

More Related Content

PDF
Metasploit for Penetration Testing: Beginner Class
byGeorgia Weidman
 
PPTX
Metasploit
byLalith Sai
 
PPTX
Metasploit framwork
byDeepanshu Gajbhiye
 
PPTX
Metasploit
byInstitute of Information Security (IIS)
 
PDF
Metaploit
byAjinkya Pathak
 
PDF
Pentest with Metasploit
byM.Syarifudin, ST, OSCP, OSWP
 
PPTX
Metasploit framework in Network Security
byAshok Reddy Medikonda
 
PPTX
Introduction to Metasploit
byGTU
 
Metasploit for Penetration Testing: Beginner Class
byGeorgia Weidman
 
Metasploit
byLalith Sai
 
Metasploit framwork
byDeepanshu Gajbhiye
 
Metasploit
byInstitute of Information Security (IIS)
 
Metaploit
byAjinkya Pathak
 
Pentest with Metasploit
byM.Syarifudin, ST, OSCP, OSWP
 
Metasploit framework in Network Security
byAshok Reddy Medikonda
 
Introduction to Metasploit
byGTU
 

What's hot

PPTX
Introduction To Exploitation & Metasploit
byRaghav Bisht
 
PDF
Introduction to red team operations
bySunny Neo
 
PDF
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
byJorge Orchilles
 
PPTX
Ethical Hacking PPT (CEH)
byUmesh Mahawar
 
PDF
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
PPTX
Metasploit seminar
byhenelpj
 
PDF
Cyber Threat Intelligence
bymohamed nasri
 
PDF
Global Cyber Threat Intelligence
byNTT Innovation Institute Inc.
 
PDF
ATT&CKing the Red/Blue Divide
byMITRE ATT&CK
 
PPTX
Pen Testing Explained
byRand W. Hirt
 
DOCX
Type of DDoS attacks with hping3 example
byHimani Singh
 
PPTX
Red team Engagement
byIndranil Banerjee
 
PDF
Privilege escalation from 1 to 0 Workshop
byHossam .M Hamed
 
PPTX
DDoS ATTACKS
byAnil Antony
 
PDF
Threat hunting 101 by Sandeep Singh
byOWASP Delhi
 
PDF
Windows Threat Hunting
byGIBIN JOHN
 
PPTX
Metasploit
byhenelpj
 
PDF
Red Team Framework
by👀 Joe Gray
 
PDF
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
PPTX
Purple Teaming with ATT&CK - x33fcon 2018
byChristopher Korban
 
Introduction To Exploitation & Metasploit
byRaghav Bisht
 
Introduction to red team operations
bySunny Neo
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
byJorge Orchilles
 
Ethical Hacking PPT (CEH)
byUmesh Mahawar
 
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
Metasploit seminar
byhenelpj
 
Cyber Threat Intelligence
bymohamed nasri
 
Global Cyber Threat Intelligence
byNTT Innovation Institute Inc.
 
ATT&CKing the Red/Blue Divide
byMITRE ATT&CK
 
Pen Testing Explained
byRand W. Hirt
 
Type of DDoS attacks with hping3 example
byHimani Singh
 
Red team Engagement
byIndranil Banerjee
 
Privilege escalation from 1 to 0 Workshop
byHossam .M Hamed
 
DDoS ATTACKS
byAnil Antony
 
Threat hunting 101 by Sandeep Singh
byOWASP Delhi
 
Windows Threat Hunting
byGIBIN JOHN
 
Metasploit
byhenelpj
 
Red Team Framework
by👀 Joe Gray
 
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
Purple Teaming with ATT&CK - x33fcon 2018
byChristopher Korban
 

Viewers also liked

PDF
Owasp top 10
byveerababu penugonda(Mr-IoT)
 
PPTX
An Introduction to Sysinternals
byRiyaz Walikar
 
PPTX
Netcat - A Swiss Army Tool
byChandrapal Badshah
 
PPTX
DataSploit - Tool Demo at Null Bangalore - March Meet.
byShubham Mittal
 
PPTX
Poodle
bySamit Anwer
 
PPTX
Malvertising
byAnkit Kushwaha
 
PDF
Radare2 - An Introduction by Anto Joseph
byAnthony Jose
 
PPTX
Threat intelligence - nullmeetblr 21st June 2015
byn|u - The Open Security Community
 
PPTX
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
byn|u - The Open Security Community
 
PDF
Grinder talk
byn|u - The Open Security Community
 
ODP
pwnd.sh
byChandrapal Badshah
 
PPTX
Csp july2015
byn|u - The Open Security Community
 
PPTX
IOS Security Basics - NULL/ OWASP/G4H Meet
byAnthony Jose
 
PPTX
Penetration testing using metasploit
byAashish R
 
PPTX
Inteligencia artificial
byPachaqueen2015
 
PPTX
Ethical Hacking Services
byVirtue Security
 
DOCX
Ceh certified ethical hacker
byGrowmind Solutions
 
PPTX
3Es of Ransomware
bySunil Kumar
 
PDF
Buffer overflow null
bynullowaspmumbai
 
PPTX
Http2 Security Perspective
bySunil Kumar
 
Owasp top 10
byveerababu penugonda(Mr-IoT)
 
An Introduction to Sysinternals
byRiyaz Walikar
 
Netcat - A Swiss Army Tool
byChandrapal Badshah
 
DataSploit - Tool Demo at Null Bangalore - March Meet.
byShubham Mittal
 
Poodle
bySamit Anwer
 
Malvertising
byAnkit Kushwaha
 
Radare2 - An Introduction by Anto Joseph
byAnthony Jose
 
Threat intelligence - nullmeetblr 21st June 2015
byn|u - The Open Security Community
 
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
byn|u - The Open Security Community
 
Grinder talk
byn|u - The Open Security Community
 
pwnd.sh
byChandrapal Badshah
 
Csp july2015
byn|u - The Open Security Community
 
IOS Security Basics - NULL/ OWASP/G4H Meet
byAnthony Jose
 
Penetration testing using metasploit
byAashish R
 
Inteligencia artificial
byPachaqueen2015
 
Ethical Hacking Services
byVirtue Security
 
Ceh certified ethical hacker
byGrowmind Solutions
 
3Es of Ransomware
bySunil Kumar
 
Buffer overflow null
bynullowaspmumbai
 
Http2 Security Perspective
bySunil Kumar
 

Similar to Metasploit For Beginners

PDF
Metasploit: Pwnage and Ponies
byTrowalts
 
PDF
Metasploit Computer security testing tool
bymedoelkang600
 
PPTX
Client side exploits
bynickyt8
 
DOCX
Backtrack Manual Part6
byNutan Kumar Panda
 
DOCX
Backtrack Manual Part7
byNutan Kumar Panda
 
KEY
Metasploit @ 2010 Utah Open Source Conference
byJason Wood
 
PDF
Metasploit Humla for Beginner
byn|u - The Open Security Community
 
PDF
Metasploitation part-1 (murtuja)
byClubHack
 
PPTX
Metasploit - Basic and Android Demo
byArpit Agarwal
 
DOCX
Google Hacking Lab ClassNameDate This is an introducti.docx
bywhittemorelucilla
 
PDF
iCrOSS 2013_Pentest
byM.Syarifudin, ST, OSCP, OSWP
 
PDF
Cheatsheet: Metasploit
byKasper de Waard
 
PPTX
Intro to exploits in metasploitand payloads in msfvenom
bySiddharth Krishna Kumar
 
PPTX
Metasploit
byRaghunath G
 
PPTX
Intimacy with MSF - Metasploit Framework
byAnimesh Roy
 
PDF
The Metasploit Framework Companion Guide
byfynboytinny
 
PPTX
BSides Algiers - Metasploit framework - Oussama Elhamer
byShellmates
 
PPTX
Metasploit for Web Workshop
byDennis Maldonado
 
PDF
24 33 -_metasploit
bywozgeass
 
PPTX
Finalppt metasploit
bydevilback
 
Metasploit: Pwnage and Ponies
byTrowalts
 
Metasploit Computer security testing tool
bymedoelkang600
 
Client side exploits
bynickyt8
 
Backtrack Manual Part6
byNutan Kumar Panda
 
Backtrack Manual Part7
byNutan Kumar Panda
 
Metasploit @ 2010 Utah Open Source Conference
byJason Wood
 
Metasploit Humla for Beginner
byn|u - The Open Security Community
 
Metasploitation part-1 (murtuja)
byClubHack
 
Metasploit - Basic and Android Demo
byArpit Agarwal
 
Google Hacking Lab ClassNameDate This is an introducti.docx
bywhittemorelucilla
 
iCrOSS 2013_Pentest
byM.Syarifudin, ST, OSCP, OSWP
 
Cheatsheet: Metasploit
byKasper de Waard
 
Intro to exploits in metasploitand payloads in msfvenom
bySiddharth Krishna Kumar
 
Metasploit
byRaghunath G
 
Intimacy with MSF - Metasploit Framework
byAnimesh Roy
 
The Metasploit Framework Companion Guide
byfynboytinny
 
BSides Algiers - Metasploit framework - Oussama Elhamer
byShellmates
 
Metasploit for Web Workshop
byDennis Maldonado
 
24 33 -_metasploit
bywozgeass
 
Finalppt metasploit
bydevilback
 

Recently uploaded

PDF
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
PPTX
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
PPTX
02_Extended Warehouse Management Functions and Features.pptx
byUdayakumar218983
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
PPTX
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
PPTX
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
PDF
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 
PDF
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
PDF
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
PDF
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
PPTX
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
PDF
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
PPTX
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
PDF
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
PDF
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
PPTX
JAVA Programming Lecture 1 C 4 Yourself.pptx
byyvsbglfaeahuyldzhq
 
PPTX
How Blockchain Application Development Enables Trustless Digital Ecosystems.pptx
byLisa ward
 
PDF
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
PDF
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
PPTX
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
02_Extended Warehouse Management Functions and Features.pptx
byUdayakumar218983
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
JAVA Programming Lecture 1 C 4 Yourself.pptx
byyvsbglfaeahuyldzhq
 
How Blockchain Application Development Enables Trustless Digital Ecosystems.pptx
byLisa ward
 
Requestly or Postman: What’s the Right API Tool for Your Team?
byhenrycavill30521
 
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 

Metasploit For Beginners

  • 1.
  • 2.
    Whoami Ramnath Shenoy • Engineering@ FireEye • https://www.linkedin.com/in/ramnathshenoyk • @Ramnathsk
  • 3.
    Metasploit for Beginners ●WhyMetasploit? ●Demo Setup ●Auxiliary Module ●Exploit Module ●Payloads ●Demo 1 - Elastic Search exploit ●Demo 2 - Jenkins exploit
  • 4.
    Why Metasploit? ● Publishedindependently ● Different programming languages ● Targeted limited to a specific platform ● No evasion techniques ● No clear documentation ● No coding style and difficult to embed /modify
  • 5.
    Metasploit Framework Current stableversion is v4.13.X • Written in ruby, https://github.com/rapid7/metasploit-framework.git, • [ 1610 exploits, 914 auxiliary, 279 post ,471 payloads , 39 encoders , 9 nops ] Ready in kali - used in this demo. Available as windows installer. (Never really tried!..)
  • 6.
    Metasploit Architecture Libraries Interfaces Modules nops payloadsexploits Auxiliary Encoder Post msfconsole Rex MSF::Core MSF::Base Tools Plugins
  • 7.
    Visualising an attack Target Vulnerablesoftware PayloadExploitAuxiliary Windows/Shell Windows/add user Remote exploit Local exploit Scan and enumerate Rogue Servers Post Enum credentials Exploit suggest Exploit Payload Post msfconsole
  • 8.
    Demo Setup! Target Windows2008 R2 – Metasploitable3 Designed vulnerable to test payload Setup instructions https://github.com/rapid7/metasploitable3 172.28.128.4 Metasploit/kali Attacker 172.28.128.3 Victim Windows 2k8 Virtual Box
  • 9.
    Msfconsole Navigation cheatsheet! Msfupdate - update Msfconsole – initialize metasploit >help - example: help search >search – example: search name:pcman type:exploit >show - example show info, show options and show advanced >use - example use exploit/.., use aux/.., use payload/.. >set, unset, setg & unsetg - set payload/.. set exitfunc >back,previous Exploit ,POST and Payload specifics >set RHOST : Victim IP >set RPORT: Victim port >set LHOST: Attacker IP >set LPORT: Attacker Port on Reverse Connect or Victim Port on Bind >set SESSION: The Session id of an earlier attack to attempt Local priv esc
  • 10.
    Commands Prior Demo! •Start the PostgreSQL, initialize database for metasploit and then proceed with starting msfconsole • Setup a workspace within metasploit to store enumeration result • Initialise a scan with nmap to store its results. Results in db will be accessible via “services”
  • 11.
    Auxiliary Module -Demo • Brute Force access tests on different protocols. • Enumerate and gather more information with limited access. • Check for misconfigured or default Web Portals. • Set up a rogue- ftp,http,smb,imap servers
  • 12.
    Auxiliary Module -“use auxiliary/scanner/snmp/snmp_enum”
  • 13.
    Exploit Module Searching remoteexploits are typically -> exploit/Platform/protocol/Application_or_service Searching local exploits are typically -> exploit/Platform/local/Application_or_service
  • 14.
    Payload Module Bind ShellTCP • Successful exploitation leads to a new port on Victim with shell access. Reverse Shell TCP • Successful exploitation makes to client connect to Attack and provide its shell. BindShell-Listener Reverse Shell-Listener Exploit Exploit
  • 15.
  • 16.
    Exploit Module 2 Inthese cases we will need to use the attacker machine as a server, servicing the delivery of the exploit. We will need 2 more options, SRVHOST and SRVPORT Meterpreter Payload ,provides an interactive environment with functionalities likes • Getsystem, clearnenv, migrate, hashdump, post, up/download,edit • Run portrecorder , load mimikatz..
  • 17.
    Exploit Module -Demo2 • exploit/multi/http/jenkins_script_console • windows/meterpreter/reverse_tcp
  • 18.

Editor's Notes

  • #6 Why ruby? https://dev.metasploit.com/pipermail/framework/2006-October/001325.html On ubuntu? http://www.darkoperator.com/installing-metasploit-in-ubunt/