[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
-
Upload
prajwal-panchmahalkar -
Category
Education
-
view
1.204 -
download
1
description
Transcript of [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
![Page 1: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/1.jpg)
Now Pwn at a pufff….Now Pwn at a pufff….
![Page 2: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/2.jpg)
![Page 3: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/3.jpg)
![Page 4: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/4.jpg)
• Metasploit Framework• metaPwn• FastTrackFastTrack• Armitage – The new and easy
convention.• SET
![Page 5: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/5.jpg)
• Metasploit - The single most powerful tool available today for the Penetration testers.
• Used for Developing and executing exploit code against any target machine.
• An open source ruby framework, moved from perl.
![Page 6: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/6.jpg)
• Lib: the ‘meat’ of the framework code base.
• Data: editable files used by Metasploit
• Tools: useful commandline utilities
• Modules: the Framework modules.
• Payloads• Scripts• External
![Page 7: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/7.jpg)
![Page 8: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/8.jpg)
![Page 9: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/9.jpg)
![Page 10: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/10.jpg)
![Page 11: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/11.jpg)
• The most popular and best way to use Metasploit Framework.
• Efficient and wide access to all the options.
• Execution of external commands is possible
![Page 12: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/12.jpg)
• It is very importand that you analyze your target
• The scan results (generally by nmap) are very useful.
• Know the services running on the Target machine from the scan results.
• Determine the vulnerabilities.
![Page 13: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/13.jpg)
• Search • Tab Completion.• Check• load• Connect• Irb• route• run/exploit and more …. Follow the
demos >>
![Page 14: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/14.jpg)
![Page 15: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/15.jpg)
![Page 16: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/16.jpg)
1. Know the target2. Scan for the suspected
vulnerabilities3. Find the pertaining payloads.4. Launch payloads to exploit
(Attack)5. Post Exploitation.
![Page 17: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/17.jpg)
• Scan and Create a database• Import them to metasploit
• And “autopwn.autopwn.““
![Page 18: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/18.jpg)
![Page 19: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/19.jpg)
![Page 20: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/20.jpg)
• Fast-Track is one more automated penetration suite.
• Fast-Track has 3 modes of operation – Interactive mode– GUI mode – Console mode (obsolete)
![Page 21: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/21.jpg)
• Fast-Track comes with a good interface and support
• Tutorials available• Automates the exploitation• Dependent on Metasploit , so have it
updated.
![Page 22: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/22.jpg)
![Page 23: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/23.jpg)
• Social Engineering Tool kit• Comes with 10 major functions.– Spear-phishing Attack Vectors– Website attack vectors– Infection media generator– Create a payload and listener– Mass mailer attack– Teensy USB HID attack vector– SMS spoofing attack vector
![Page 24: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/24.jpg)
• All the above listed attacks make the major attacks on the contemporary sytems.
• Lets have a detailed glimpse at all these services from SET….
![Page 25: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/25.jpg)
• A very well Mapped GUI for penetration testing
• Provides a very good GUI and a map of the target machines
• Armitage also uses Metasploit framework to test on the target
• “Little is to be said and rest is the action”
![Page 26: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/26.jpg)
![Page 28: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/28.jpg)
Source :http://telegraph.co.uk
![Page 29: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/29.jpg)
Source :http://telegraph.co.uk
![Page 30: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/30.jpg)
![Page 31: [null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar](https://reader035.fdocuments.in/reader035/viewer/2022062617/54b888264a7959050f8b4582/html5/thumbnails/31.jpg)