PenTesting with Metasploit FrameworkPresented by –

Sudarshan Pawar

Prakashchandra Suthar

Information Security is our Forte…

Phone: +91-20-24333311

Email: beaconedutech@gmail.com

Web: http://beaconedutech.com

Address: 303, Renata Chambers,

2145, Sadashiv Peth,

Pune, Maharashtra, India – 411030

“From 2008 Backtrack started giving machine guns to monkeys “

Information Security is our Forte…

Agenda

• What is PenTesting?

• Why PenTesting?

• Traditional Methodologies

• Metasploit

• Metasploit Terminologies

• Demo

• Is Metasploit the ans.?

12

/7/2

01

3B

eaco

n E

du

tech

2

Getting Started

• What is PenTesting?

• Art or approach in an attempt to break-in into authorised digital environment.

• Why PenTesting?

• Explore your security & trying to patch them

• Find vulnerabilities before others(bad guys) do

• …

12

/7/2

01

3B

eaco

n E

du

tech

3

Need of Pentesting

• Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches.

• Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs.

-Metasploit –The Penetration Tester’s Guide by HD Moore

12

/7/2

01

3B

eaco

n E

du

tech

4

Pentesting Phases

12

/7/2

01

3B

eaco

n E

du

tech

5

Reconnaissance

Vulnerability Assessment & Analysis

Exploitation

Post Exploitation

Reporting

Traditional Pentesting

12

/7/2

01

3B

eaco

n E

du

tech

6

Traditional Pentesting

12

/7/2

01

3B

eaco

n E

du

tech

7

Public Exploit Gathering

Change Offset

Replace Shellcode

What is Metasploit?

• Not just a tool, but an entire framework

• An Open source platform for writing security tools and exploits

• Easily build attack vectors to add its exploits, payloads, encoders,

• Create and execute more advanced attack

• Built in RUBY

12

/7/2

01

3B

eaco

n E

du

tech

8

Architecture

12

/7/2

01

3B

eaco

n E

du

tech

9

Why use Metasploit?

• Easy to Use

• 600+ Exploits

• 200+ payloads

• 25+ encoders

• 300+ auxiliary

12

/7/2

01

3B

eaco

n E

du

tech

10

Traditional Pentest Vs Metasploit

12

/7/2

01

3B

eaco

n E

du

tech

11

Traditional Pentest Vs Metasploit

12

/7/2

01

3B

eaco

n E

du

tech

12

Load Metasploit

Choose the target OS

Use exploit

SET Payload

Execute

Public Exploit Gathering

Change Offset

Replace Shellcode

Metasploit Interface

• MSFconsole

• MSFcli

• Msfweb, msfgui ( discontinued)

• Metasploit Pro

• Armitage

12

/7/2

01

3B

eaco

n E

du

tech

13

Metasploit Terminologies• Exploit : The means by which a Pentester takes an

advantages of a flaw within system, application, or service

• Payload : Code that we want the target system to execute on our command

• Shellcode : Set of instructions used as payload when exploitation occurs

• Module : Support software that can be used by Metasploit

• Listener : A component for waiting an incoming connection

12

/7/2

01

3B

eaco

n E

du

tech

14

Netapi exploit 12

/7/2

01

3B

eaco

n E

du

tech

15

Vulnerability : NetAPI32.dll file that allows remote code executionProcess name: Microsoft LAN Manager DLL Application using this process: Microsoft network

Meterpreter

• A.k.a Meta Interpreter

• Post exploitation payload(tool)

• Uses in-memory DLL injection

• Can be extended over the run time

• Encrypted communication

12

/7/2

01

3B

eaco

n E

du

tech

16

What can be done• Command execution

• File Upload/Download

• Process migration

• Log Deletion

• Privilege escalation

• Registry modification

• Deleting logs and killing antivirus

• Backdoors and Rootkits

• Pivoting

• …..etc.

12

/7/2

01

3B

eaco

n E

du

tech

17

Demo Meterpreter

12

/7/2

01

3B

eaco

n E

du

tech

18

Thanks To…

• BackTrack and Kali Linux

• Metasploit Team (HD Moore & Rapid7)

• Offensive Security

12

/7/2

01

3B

eaco

n E

du

tech

19

References• http://docs.kali.org/

• http://www.metasploit.com

• http://www.offensive-security.com/metasploit-unleashed/

• http://www.processlibrary.com/en/directory/files/netapi32/21334/

• http://support.microsoft.com/kb/958644

12

/7/2

01

3B

eaco

n E

du

tech

20

Discussion …

12

/7/2

01

3B

eaco

n E

du

tech

21

RULES…

• Group Discussion about

“Pentesting with Metasploit –Yes/No ”

• Rules

• Don’t Hesitate to raise a point (We all are learners)

• No Rocket Science required.

• Its not a debate, so chill.

12

/7/2

01

3B

eaco

n E

du

tech

22