pentesting with metasploit
Post on 05-Dec-2014
1.743 Views
Preview:
DESCRIPTION
TRANSCRIPT
PenTesting with Metasploit FrameworkPresented by –
Sudarshan Pawar
Prakashchandra Suthar
Information Security is our Forte…
Phone: +91-20-24333311
Email: beaconedutech@gmail.com
Web: http://beaconedutech.com
Address: 303, Renata Chambers,
2145, Sadashiv Peth,
Pune, Maharashtra, India – 411030
“From 2008 Backtrack started giving machine guns to monkeys “
Information Security is our Forte…
Agenda
• What is PenTesting?
• Why PenTesting?
• Traditional Methodologies
• Metasploit
• Metasploit Terminologies
• Demo
• Is Metasploit the ans.?
12
/7/2
01
3B
eaco
n E
du
tech
2
Getting Started
• What is PenTesting?
• Art or approach in an attempt to break-in into authorised digital environment.
• Why PenTesting?
• Explore your security & trying to patch them
• Find vulnerabilities before others(bad guys) do
• …
12
/7/2
01
3B
eaco
n E
du
tech
3
Need of Pentesting
• Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches.
• Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs.
-Metasploit –The Penetration Tester’s Guide by HD Moore
12
/7/2
01
3B
eaco
n E
du
tech
4
Pentesting Phases
12
/7/2
01
3B
eaco
n E
du
tech
5
Reconnaissance
Vulnerability Assessment & Analysis
Exploitation
Post Exploitation
Reporting
Traditional Pentesting
12
/7/2
01
3B
eaco
n E
du
tech
6
Traditional Pentesting
12
/7/2
01
3B
eaco
n E
du
tech
7
Public Exploit Gathering
Change Offset
Replace Shellcode
What is Metasploit?
• Not just a tool, but an entire framework
• An Open source platform for writing security tools and exploits
• Easily build attack vectors to add its exploits, payloads, encoders,
• Create and execute more advanced attack
• Built in RUBY
12
/7/2
01
3B
eaco
n E
du
tech
8
Architecture
12
/7/2
01
3B
eaco
n E
du
tech
9
Why use Metasploit?
• Easy to Use
• 600+ Exploits
• 200+ payloads
• 25+ encoders
• 300+ auxiliary
12
/7/2
01
3B
eaco
n E
du
tech
10
Traditional Pentest Vs Metasploit
12
/7/2
01
3B
eaco
n E
du
tech
11
Traditional Pentest Vs Metasploit
12
/7/2
01
3B
eaco
n E
du
tech
12
Load Metasploit
Choose the target OS
Use exploit
SET Payload
Execute
Public Exploit Gathering
Change Offset
Replace Shellcode
Metasploit Interface
• MSFconsole
• MSFcli
• Msfweb, msfgui ( discontinued)
• Metasploit Pro
• Armitage
12
/7/2
01
3B
eaco
n E
du
tech
13
Metasploit Terminologies• Exploit : The means by which a Pentester takes an
advantages of a flaw within system, application, or service
• Payload : Code that we want the target system to execute on our command
• Shellcode : Set of instructions used as payload when exploitation occurs
• Module : Support software that can be used by Metasploit
• Listener : A component for waiting an incoming connection
12
/7/2
01
3B
eaco
n E
du
tech
14
Netapi exploit 12
/7/2
01
3B
eaco
n E
du
tech
15
Vulnerability : NetAPI32.dll file that allows remote code executionProcess name: Microsoft LAN Manager DLL Application using this process: Microsoft network
Meterpreter
• A.k.a Meta Interpreter
• Post exploitation payload(tool)
• Uses in-memory DLL injection
• Can be extended over the run time
• Encrypted communication
12
/7/2
01
3B
eaco
n E
du
tech
16
What can be done• Command execution
• File Upload/Download
• Process migration
• Log Deletion
• Privilege escalation
• Registry modification
• Deleting logs and killing antivirus
• Backdoors and Rootkits
• Pivoting
• …..etc.
12
/7/2
01
3B
eaco
n E
du
tech
17
Demo Meterpreter
12
/7/2
01
3B
eaco
n E
du
tech
18
Thanks To…
• BackTrack and Kali Linux
• Metasploit Team (HD Moore & Rapid7)
• Offensive Security
12
/7/2
01
3B
eaco
n E
du
tech
19
References• http://docs.kali.org/
• http://www.metasploit.com
• http://www.offensive-security.com/metasploit-unleashed/
• http://www.processlibrary.com/en/directory/files/netapi32/21334/
• http://support.microsoft.com/kb/958644
12
/7/2
01
3B
eaco
n E
du
tech
20
Discussion …
12
/7/2
01
3B
eaco
n E
du
tech
21
RULES…
• Group Discussion about
“Pentesting with Metasploit –Yes/No ”
• Rules
• Don’t Hesitate to raise a point (We all are learners)
• No Rocket Science required.
• Its not a debate, so chill.
12
/7/2
01
3B
eaco
n E
du
tech
22
top related