Pentesting with Metasploit
-
Upload
prakashchandra-suthar -
Category
Education
-
view
1.730 -
download
6
description
Transcript of Pentesting with Metasploit
![Page 1: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/1.jpg)
PenTesting with Metasploit FrameworkPresented by –
Sudarshan Pawar
Prakashchandra Suthar
Information Security is our Forte…
Phone: +91-20-24333311
Email: [email protected]
Web: http://beaconedutech.com
Address: 303, Renata Chambers,
2145, Sadashiv Peth,
Pune, Maharashtra, India – 411030
![Page 2: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/2.jpg)
“From 2008 Backtrack started giving machine guns to monkeys “
Information Security is our Forte…
![Page 3: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/3.jpg)
Agenda
• What is PenTesting?
• Why PenTesting?
• Traditional Methodologies
• Metasploit
• Metasploit Terminologies
• Demo
• Is Metasploit the ans.?
12
/7/2
01
3B
eaco
n E
du
tech
2
![Page 4: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/4.jpg)
Getting Started
• What is PenTesting?
• Art or approach in an attempt to break-in into authorised digital environment.
• Why PenTesting?
• Explore your security & trying to patch them
• Find vulnerabilities before others(bad guys) do
• …
12
/7/2
01
3B
eaco
n E
du
tech
3
![Page 5: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/5.jpg)
Need of Pentesting
• Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches.
• Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs.
-Metasploit –The Penetration Tester’s Guide by HD Moore
12
/7/2
01
3B
eaco
n E
du
tech
4
![Page 6: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/6.jpg)
Pentesting Phases
12
/7/2
01
3B
eaco
n E
du
tech
5
Reconnaissance
Vulnerability Assessment & Analysis
Exploitation
Post Exploitation
Reporting
![Page 7: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/7.jpg)
Traditional Pentesting
12
/7/2
01
3B
eaco
n E
du
tech
6
![Page 8: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/8.jpg)
Traditional Pentesting
12
/7/2
01
3B
eaco
n E
du
tech
7
Public Exploit Gathering
Change Offset
Replace Shellcode
![Page 9: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/9.jpg)
What is Metasploit?
• Not just a tool, but an entire framework
• An Open source platform for writing security tools and exploits
• Easily build attack vectors to add its exploits, payloads, encoders,
• Create and execute more advanced attack
• Built in RUBY
12
/7/2
01
3B
eaco
n E
du
tech
8
![Page 10: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/10.jpg)
Architecture
12
/7/2
01
3B
eaco
n E
du
tech
9
![Page 11: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/11.jpg)
Why use Metasploit?
• Easy to Use
• 600+ Exploits
• 200+ payloads
• 25+ encoders
• 300+ auxiliary
12
/7/2
01
3B
eaco
n E
du
tech
10
![Page 12: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/12.jpg)
Traditional Pentest Vs Metasploit
12
/7/2
01
3B
eaco
n E
du
tech
11
![Page 13: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/13.jpg)
Traditional Pentest Vs Metasploit
12
/7/2
01
3B
eaco
n E
du
tech
12
Load Metasploit
Choose the target OS
Use exploit
SET Payload
Execute
Public Exploit Gathering
Change Offset
Replace Shellcode
![Page 14: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/14.jpg)
Metasploit Interface
• MSFconsole
• MSFcli
• Msfweb, msfgui ( discontinued)
• Metasploit Pro
• Armitage
12
/7/2
01
3B
eaco
n E
du
tech
13
![Page 15: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/15.jpg)
Metasploit Terminologies• Exploit : The means by which a Pentester takes an
advantages of a flaw within system, application, or service
• Payload : Code that we want the target system to execute on our command
• Shellcode : Set of instructions used as payload when exploitation occurs
• Module : Support software that can be used by Metasploit
• Listener : A component for waiting an incoming connection
12
/7/2
01
3B
eaco
n E
du
tech
14
![Page 16: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/16.jpg)
Netapi exploit 12
/7/2
01
3B
eaco
n E
du
tech
15
Vulnerability : NetAPI32.dll file that allows remote code executionProcess name: Microsoft LAN Manager DLL Application using this process: Microsoft network
![Page 17: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/17.jpg)
Meterpreter
• A.k.a Meta Interpreter
• Post exploitation payload(tool)
• Uses in-memory DLL injection
• Can be extended over the run time
• Encrypted communication
12
/7/2
01
3B
eaco
n E
du
tech
16
![Page 18: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/18.jpg)
What can be done• Command execution
• File Upload/Download
• Process migration
• Log Deletion
• Privilege escalation
• Registry modification
• Deleting logs and killing antivirus
• Backdoors and Rootkits
• Pivoting
• …..etc.
12
/7/2
01
3B
eaco
n E
du
tech
17
![Page 19: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/19.jpg)
Demo Meterpreter
12
/7/2
01
3B
eaco
n E
du
tech
18
![Page 20: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/20.jpg)
Thanks To…
• BackTrack and Kali Linux
• Metasploit Team (HD Moore & Rapid7)
• Offensive Security
12
/7/2
01
3B
eaco
n E
du
tech
19
![Page 21: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/21.jpg)
References• http://docs.kali.org/
• http://www.metasploit.com
• http://www.offensive-security.com/metasploit-unleashed/
• http://www.processlibrary.com/en/directory/files/netapi32/21334/
• http://support.microsoft.com/kb/958644
12
/7/2
01
3B
eaco
n E
du
tech
20
![Page 22: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/22.jpg)
Discussion …
12
/7/2
01
3B
eaco
n E
du
tech
21
![Page 23: Pentesting with Metasploit](https://reader034.fdocuments.in/reader034/viewer/2022042500/54834b01b4af9f960d8b49ac/html5/thumbnails/23.jpg)
RULES…
• Group Discussion about
“Pentesting with Metasploit –Yes/No ”
• Rules
• Don’t Hesitate to raise a point (We all are learners)
• No Rocket Science required.
• Its not a debate, so chill.
12
/7/2
01
3B
eaco
n E
du
tech
22