Download - Metasploit, Use at your own risk
![Page 1: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/1.jpg)
1
Meta sploitMeta sploitUse at Your Own RiskUse at Your Own RiskJasakom Seminar I, 26 Mei 2007
Poins Square, Jakarta
judul
Presented by Thomas GregoryJasakom Moderator
![Page 2: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/2.jpg)
2
sebelum mulai
■ perkenalan
■ tujuan dari seminar
■ disclaimer bukan seorang professional.
berdasarkan pembelajaran dan pemahaman.
![Page 3: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/3.jpg)
3
agenda
■ background security is fun !
apa itu metasploit
■ fungsi metasploit
■ keunggulan metasploit
■ demo
■ questions
![Page 4: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/4.jpg)
4
background
■ security is fun ! securitylife
➔ secara tidak sadar, hidup kita diselimuti security
vulnerability➔ ribuan celah keamanan tiap tahunnya
hacking➔ defacing, carding, exploit, dos,dll
hardening➔ menyusun strategi pertahanan
improving➔ meningkatkan kualitas dari kelemahan
![Page 5: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/5.jpg)
5
background
■ apa itu metasploit
■ the group professional grup
tukang riset..riset..dan riset !
mempelajari setiap bahasa pemrograman
■ the tool tool yang berguna untuk kebutuhan riset, pentest,
pencari bug
open source tool
“The Best a Haxor Can Get”
![Page 6: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/6.jpg)
6
fungsi metasploit
■ metasploit (sebenarnya) untuk riset dan penelitian eksploitasi keamanan
memahami cara kerja serangan
penetration testing
testing IPS/IDS
demo atau presentasi
legal hacking event
■ metasploit (ternyata juga) untuk ilegal hacking
![Page 7: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/7.jpg)
7
keunggulan metasploit
■ kompatibilitas
■ user interface
■ exploits
■ payloads
■ auxiliary
![Page 8: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/8.jpg)
8
kompatibilitas
■ linux, bsd, windows, mac osx, solaris, hpux, irix
■ native windows support
■ berjalan sukses di embedded linux/bsd
nokia 770, nokia N800
zaurus
![Page 9: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/9.jpg)
9
user interface
■ msfconsole tampilan konsole interaktif
■ msfweb tampilan web yang dinamis
■ msfcli eksploitasi perintah interaktif
■ msfpayload membuat executeable payload
■ msfgui (masih pengembangan) tunjuk, klak-klik, exploit
![Page 10: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/10.jpg)
10
user interface
Metasploit Framework 2.x
![Page 11: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/11.jpg)
11
user interface
Metasploit Framework 3.0
![Page 12: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/12.jpg)
12
exploits
■ ratusan orang merilis exploitnya sendiri ingin jadi yang pertama
semuanya punya “gayanya” masing-masing
semuanya merasa “gayanya” yang terbaik
■ exploit pada dasarnya konfigurasi dan membuat payload
mengirim ke aplikasi yang memiliki kelemahan
menunggu payload mengeksekusi
berinteraksi dengan payload
![Page 13: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/13.jpg)
13
exploits
■ metasploit framework 1.0 (2003-2004)
15 exploits, 1 user interface
■ metasploit framework 2.7 (2003-2006)
150+ exploits, 3 user interface
■ metasploit 3.0 (2007+)
192 (akan terus bertambah) exploits, 5 user interface
![Page 14: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/14.jpg)
14
exploits
■ links
http://www.milw0rm.com
http://securityfocus.com
http://securitydot.net/exploits.php
http://packetstormsecurity.org/
![Page 15: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/15.jpg)
15
exploits
![Page 16: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/16.jpg)
16
payloads
■ cara berkomunikasi reverse forward findtag HTTP (PassiveX)
■ tipe payload upexec shell adduser meterpreter
■ platform/payload/komunikasi windows/meterpreter/reverse_http linux/x86/shell/find_tag
![Page 17: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/17.jpg)
17
meterpreter
■ meterpreter? super payload untuk windows
gabungan perintah yang diinjeksi➔ ls, edit, upload, download
➔ ps, kill, execute, open
➔ route, ipconfig, portfwd
➔ eventlog, registry, threads
hashdump➔ meterpreter > use priv
kill antivirus, firewall, reboot, dll
![Page 18: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/18.jpg)
18
meterpreter
meterpreter hash dumpmeterpreter hash dump
![Page 19: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/19.jpg)
19
auxiliary
■ security tool --> module
■ fungsi selain exploits
scanner, info, dos, discovery
audit, brute force, fuzzing
![Page 20: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/20.jpg)
20
demo
DEMODEMO
![Page 21: Metasploit, Use at your own risk](https://reader030.vdocuments.site/reader030/viewer/2022020101/54820882b4af9f9b0d8b46ca/html5/thumbnails/21.jpg)
21
questions
Qu estio ns?Qu estio ns?