KEMBAR78
01_Metasploit - The Elixir of Network Security | PDF
HC
Uploaded byHarish Chaudhary
411 views

01_Metasploit - The Elixir of Network Security

The document discusses penetration testing using Metasploit. It begins by defining penetration testing and why it is important for security. It then provides an overview of Metasploit, explaining what it is and some key terminology. The document demonstrates a sample penetration test against a virtual network, using Metasploit to exploit a Windows vulnerability. It evaluates the impact and recommends countermeasures like patching, code reviews, and periodic testing. The goal is to show how Metasploit can be used to test network security by simulating real-world attacks.

Downloaded 13 times
Metasploit – The Elixir of Network Security Harish Chowdhary |Software Quality Engineer, Aricent Technologies| Shubham Mittal |Penetration Testing Engineer, Iviz Security|
And Your Situation Would Be…
Main Goal Learn why and how to test computer networks against the most common but really serious security attacks using METASPLOITMETASPLOIT
What are we going to talk about Penetration Testing Why Bother? Testing Network with - METASPLOITTesting Network with - METASPLOIT Proof of Concept (Demonstration) (Mitigation Strategies) Conclusion
Penetration Testing A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. Wikipedia Environmental Attacks Input Attacks Logic and Data Attacks
Why Bother? Active pen-testing teaches you things that security planning will not Are your users and system administrators actually following their own policies? host that claims one thing in security plan but it totally different in reality Raises security awarenessRaises security awareness Helps identify weakness that may be leveraged by insider threat or accidental exposure. Provides Senior Management a realistic view of their security posture Great tool to advocate for more funding to mitigate flaws discovered If I can break into it, so could someone else!
How dangerous are Cyber attacks October 12, 2011 Sony has suffered a data breach involving the usernames and passwords of about 93,000 customers. Attackers were able to reuse to logon to people's PlayStation Network , or Sony Online Entertainment , or Sony Entertainment Network accounts. 6 June 2012 over six million passwords were stolen in a hack of the professional networking site linkedin.com. 10 June 2012 Anonymous attacked and brought down the website run by Computer Emergency Response Team India (CERT-In), the country's premier agency dealing with cyber security contingencies
How dangerous are Cyber attacks July 12, 2012 A Yahoo security breach exposed 450,000 usernames and passwords from a site on the huge web portal indicates that the company failed to take even basic precautions to protect the data. 2012: Latest SQL Injection Campaign Infects 1 Million Web Pages with the lilupophilupop.comPages with the lilupophilupop.com During the period December 2011 to February 2012, a total number of 112 government websites were hacked,” Minister of State for Communications and IT Sachin Pilot told the Lok Sabha. September 10, 2012 — Network World —Anonymous has claimed responsibility for knocking domain provider GoDaddy offline. Source : http://openspace.org.in
Hacked out of Business
Severity Of Cyber Attacks
Current State : Network Security
Severity Of Cyber Attacks
Severity Of Cyber Attacks
Penetration Testing • Application Security Review • Application Security Assessment Application SecurityApplication Security • Secure Network Architecture & System Integration • Network Security Managed Operations Network & System SecurityNetwork & System Security • Security Management Reviews & Risk Assessment • Security Policy & Process Development & ImplementationSecurity Governance & ComplianceSecurity Governance & Compliance • Security Policy & Process Development & Implementation • ISO27001 Consulting Security Governance & ComplianceSecurity Governance & Compliance • BCM & ITDR Consulting • BCM Compliance Services Business Continuity / Disaster Recovery Business Continuity / Disaster Recovery • Consulting & System Integration • Support & Maintenance Identity & Access ManagementIdentity & Access Management • Professional Services • Remote Security Operation Centre Managed Security ServicesManaged Security Services
Diagrammatic Representation
Process of PenTest
FocusingNetworkPenTest
Network Security Testing
What is Metasploit According to the Metasploit Team; “The Metasploit Framework is a platform for writing, testing, and using exploit code. The primary users of the Framework are professionals performing penetration testing, shellcode development, and vulnerability research. It is becoming the de facto standard for vulnerability assessment and PenTest. largest ruby project in existence Find vulnerability ->choose exploit -> check if exploit applies -> configure payload -> configure encoding to evade IDS and AV-> execute the exploit Includes an extensive shell code and opcode database with full source code.
What is Metasploit To understand the use of Metasploit we have to understand the some basic terminologies. Vulnerability “The word vulnerability, refers to a weakness in a system allowing an attacker to violate the confidentiality, integrity,allowing an attacker to violate the confidentiality, integrity, availability, access control, consistency or audit mechanisms of the system or the data and applications it hosts”. Exploits An exploit is a security attack on a vulnerability Can exploits give access to a secured system? Ans: NO
What is Metasploit Exploits have more potential They are commonly used to install system malware or gain system access or recruit client machines into an existing ‘botnet’ This is accomplished with the help of a Payload The payload is a sequence of code that is executedThe payload is a sequence of code that is executed when the vulnerability is triggered Payloads are very useful because they provide an interactive shell that can be used to completely control the system remotely To make things clear, an Exploit is really broken up into two parts, EXPLOIT = Vulnerability + Payload
Hot Spots In a network, filtering and complex rules are generally applied on the basis of these basic factors TCP or UDP Source IP addressSource IP address Source Port Number Destination IP address Destination Port Number Now we have and Metasploit at our disposal and now we also have the HOT SPOTS to target the NETWORK. I
SAMPLE PENETRATION TEST *Note: Demonstration of the Penetration Test is only for the Research Purposes DON'T BE IRRESPONSIBLE...SERIOUSLYDON'T BE IRRESPONSIBLE...SERIOUSLY USE OF THESE TOOLS ON MACHINES NOT LEGALLY OWNED BY YOU COULD END UP PUTTING A NASTY MARK ON YOUR CRIMINAL RECORD This is not a live demo or real scenario of a Network Pentest. Network is emulated which is really close to the “Real One”
The Attack To conduct a Software Exploitation Attack using Metasploit Framework against a Victim machine in order to gain system access To make things interesting, the Victim’s machine will also have AV in order to see how it reacts to thealso have AV in order to see how it reacts to the attack. We use MS08-067 exploit – Critical - CVE-2008-4250 MS08-067 is Vulnerability in Server Service Could Allow Remote Code Execution (958644) On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code
Outline of Network TopologyTo emulate the real time network we created network of three virtual machines on WIN 7 Host Machine. VICTIM -WinXP Machine with SP2 and SP3 Flavor Ip.addr = 192.168.242.132Ip.addr = 192.168.242.132 VICTIM -WinXP Machine with SP3 and AV Ip.addr = 192.168.242.133 Attacker –Back|Track 5 r3 with Metasploit Ip.addr = 192.168.242.134
Tools: Used in the PenTest Automatic tools are required to detect and exploit the vulnerabilities quickly to save crucial amount of time. You can use the following Tools: Nmap 6.01 Hyperion for Exploit /Payload EncryptionHyperion for Exploit /Payload Encryption Havij can be used to detect SQL injection on the website hosted target using network SQL Inject Me (FireFox AddOn) Acunetix Web Vulnerability Scanner
DEMO
Evaluate Impact on the Network and Reporting It reveals the information about all the existing vulnerabilities in the network. How deep a hacker can go inside the Network. How much data can be lost or altered. Report them accurately
Recommended Countermeasures Discipline Code review QA Test PlansQA Test Plans Test with an intruder’s mindset Periodic Penetration Testing
Recommended Countermeasures(Contd.) Best Practices Use principle of least-privilege Use names should be harder to guess Use aliases to provide more layers of separation between the data and the intruderand the intruder Keep up-to-date on patches Escaping all User Supplied Input Use third-party code and applications evaluation services for greater scrutiny
Conclusion
Thank You

More Related Content

PDF
RSA Anatomy of an Attack
byintegritysolutions
 
PDF
Analysis of RSA Lockheed Martin Attack
byGavin Davey
 
PPTX
Common Techniques To Identify Advanced Persistent Threat (APT)
byYuval Sinay, CISSP, C|CISO
 
PDF
Combating Advanced Persistent Threats with Flow-based Security Monitoring
byLancope, Inc.
 
PDF
Introduction to the advanced persistent threat and hactivism
byGlobal Micro Solutions
 
PPT
Security Intelligence: Advanced Persistent Threats
byPeter Wood
 
PDF
Network Vulnerability and Patching
byEmmanuel Udeagha B.
 
PDF
NTXISSACSC4 - Security for a New World
byNorth Texas Chapter of the ISSA
 
RSA Anatomy of an Attack
byintegritysolutions
 
Analysis of RSA Lockheed Martin Attack
byGavin Davey
 
Common Techniques To Identify Advanced Persistent Threat (APT)
byYuval Sinay, CISSP, C|CISO
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
byLancope, Inc.
 
Introduction to the advanced persistent threat and hactivism
byGlobal Micro Solutions
 
Security Intelligence: Advanced Persistent Threats
byPeter Wood
 
Network Vulnerability and Patching
byEmmanuel Udeagha B.
 
NTXISSACSC4 - Security for a New World
byNorth Texas Chapter of the ISSA
 

What's hot

PDF
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
byStefano Maccaglia
 
PDF
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
byAaron ND Sawmadal
 
PPT
Networking and penetration testing
byMohit Belwal
 
PPTX
Advanced persistent threat (apt)
bymmubashirkhan
 
PPTX
Chasing the Adder. A tale from the APT world...
byStefano Maccaglia
 
PDF
Intrusion_Detection_By_loay_elbasyouni
byLoay Elbasyouni
 
PDF
Penetration and hacking training brief
byBill Nelson
 
PDF
Advanced persistent threats(APT)
byNetwork Intelligence India
 
PPTX
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
byLuigi Delgrosso
 
PPTX
Security Attack Analysis for Finding and Stopping Network Attacks
bySavvius, Inc
 
PDF
NSA and PT
byRahmat Suhatman
 
PDF
Module 19 (evading ids, firewalls and honeypots)
byWail Hassan
 
PPTX
Ethical Hacking & Penetration Testing
byecmee
 
PDF
Module 20 (buffer overflows)
byWail Hassan
 
PDF
Module 18 (linux hacking)
byWail Hassan
 
PDF
IRJET- Study of Hacking and Ethical Hacking
byIRJET Journal
 
PPSX
Intrusion detection system
bygaurav koriya
 
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
byStefano Maccaglia
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
byAaron ND Sawmadal
 
Networking and penetration testing
byMohit Belwal
 
Advanced persistent threat (apt)
bymmubashirkhan
 
Chasing the Adder. A tale from the APT world...
byStefano Maccaglia
 
Intrusion_Detection_By_loay_elbasyouni
byLoay Elbasyouni
 
Penetration and hacking training brief
byBill Nelson
 
Advanced persistent threats(APT)
byNetwork Intelligence India
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
byLuigi Delgrosso
 
Security Attack Analysis for Finding and Stopping Network Attacks
bySavvius, Inc
 
NSA and PT
byRahmat Suhatman
 
Module 19 (evading ids, firewalls and honeypots)
byWail Hassan
 
Ethical Hacking & Penetration Testing
byecmee
 
Module 20 (buffer overflows)
byWail Hassan
 
Module 18 (linux hacking)
byWail Hassan
 
IRJET- Study of Hacking and Ethical Hacking
byIRJET Journal
 
Intrusion detection system
bygaurav koriya
 

Viewers also liked

PPTX
Presentacion de tributario, potestad tributaria
byINESMHA
 
PPTX
Exposicion
byINESMHA
 
PPTX
Digital Cinema
byTuomas Hauvala
 
PDF
Company Overview (condensed version)
byRoxanne Pierrus
 
PPTX
Acrogensoft :Web Service provider
bySumit Kumar
 
PPTX
Presentacion de tributario, potestad tributaria
byINESMHA
 
PPTX
Aaron School is a private K-12 special education school
byAaron School
 
PPTX
Besaran dan Satuan Dalam Fisika
byBillie Rizky
 
PPTX
Pesawat Sederhana
byBillie Rizky
 
PDF
Exceeding Guest Expectations Training
byKevin Warrene
 
PPTX
Alimentación balanceada
byUniversidad Fermín Toro
 
Presentacion de tributario, potestad tributaria
byINESMHA
 
Exposicion
byINESMHA
 
Digital Cinema
byTuomas Hauvala
 
Company Overview (condensed version)
byRoxanne Pierrus
 
Acrogensoft :Web Service provider
bySumit Kumar
 
Presentacion de tributario, potestad tributaria
byINESMHA
 
Aaron School is a private K-12 special education school
byAaron School
 
Besaran dan Satuan Dalam Fisika
byBillie Rizky
 
Pesawat Sederhana
byBillie Rizky
 
Exceeding Guest Expectations Training
byKevin Warrene
 
Alimentación balanceada
byUniversidad Fermín Toro
 

Similar to 01_Metasploit - The Elixir of Network Security

PPTX
Introduction To Ethical Hacking
byRaghav Bisht
 
PPTX
Finalppt metasploit
bydevilback
 
PPTX
Introduction To Exploitation & Metasploit
byRaghav Bisht
 
PPTX
Introduction to metasploit
byGTU
 
PPTX
Introduction to Metasploit
byGTU
 
PPTX
Introduction to penetration testing
byNezar Alazzabi
 
PPTX
Session Slide
byMuralidharan Radhakrishnan
 
PDF
Exploits Attack on Windows Vulnerabilities
byAmit Kumbhar
 
PPTX
Metaploit
byalexngchunkiat
 
PPTX
Metasploit
byLalith Sai
 
PDF
Metasploit Computer security testing tool
bymedoelkang600
 
PPTX
InOffensive Security_cybersecurity2.pptx
bywihib17507
 
PDF
DEF CON 23 - Wesley McGrew - i hunt penetration testers
byFelipe Prado
 
PPTX
NETWORK PENETRATION TESTING
byEr Vivek Rana
 
PDF
Pentesting with Metasploit
byPrakashchand Suthar
 
PPTX
Phases of penetration testing
byAbdul Rahman
 
PPTX
metaploit framework
byLe Quyen
 
PDF
Metasploitation part-1 (murtuja)
byClubHack
 
PDF
Pen-Testing with Metasploit
byMohammed Danish Amber
 
PDF
Hack Attack! An Introduction to Penetration Testing
bySteve Phillips
 
Introduction To Ethical Hacking
byRaghav Bisht
 
Finalppt metasploit
bydevilback
 
Introduction To Exploitation & Metasploit
byRaghav Bisht
 
Introduction to metasploit
byGTU
 
Introduction to Metasploit
byGTU
 
Introduction to penetration testing
byNezar Alazzabi
 
Session Slide
byMuralidharan Radhakrishnan
 
Exploits Attack on Windows Vulnerabilities
byAmit Kumbhar
 
Metaploit
byalexngchunkiat
 
Metasploit
byLalith Sai
 
Metasploit Computer security testing tool
bymedoelkang600
 
InOffensive Security_cybersecurity2.pptx
bywihib17507
 
DEF CON 23 - Wesley McGrew - i hunt penetration testers
byFelipe Prado
 
NETWORK PENETRATION TESTING
byEr Vivek Rana
 
Pentesting with Metasploit
byPrakashchand Suthar
 
Phases of penetration testing
byAbdul Rahman
 
metaploit framework
byLe Quyen
 
Metasploitation part-1 (murtuja)
byClubHack
 
Pen-Testing with Metasploit
byMohammed Danish Amber
 
Hack Attack! An Introduction to Penetration Testing
bySteve Phillips
 

01_Metasploit - The Elixir of Network Security

  • 1.
    Metasploit – TheElixir of Network Security Harish Chowdhary |Software Quality Engineer, Aricent Technologies| Shubham Mittal |Penetration Testing Engineer, Iviz Security|
  • 2.
    And Your SituationWould Be…
  • 3.
    Main Goal Learn whyand how to test computer networks against the most common but really serious security attacks using METASPLOITMETASPLOIT
  • 4.
    What are wegoing to talk about Penetration Testing Why Bother? Testing Network with - METASPLOITTesting Network with - METASPLOIT Proof of Concept (Demonstration) (Mitigation Strategies) Conclusion
  • 5.
    Penetration Testing A penetrationtest is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. Wikipedia Environmental Attacks Input Attacks Logic and Data Attacks
  • 6.
    Why Bother? Active pen-testingteaches you things that security planning will not Are your users and system administrators actually following their own policies? host that claims one thing in security plan but it totally different in reality Raises security awarenessRaises security awareness Helps identify weakness that may be leveraged by insider threat or accidental exposure. Provides Senior Management a realistic view of their security posture Great tool to advocate for more funding to mitigate flaws discovered If I can break into it, so could someone else!
  • 7.
    How dangerous areCyber attacks October 12, 2011 Sony has suffered a data breach involving the usernames and passwords of about 93,000 customers. Attackers were able to reuse to logon to people's PlayStation Network , or Sony Online Entertainment , or Sony Entertainment Network accounts. 6 June 2012 over six million passwords were stolen in a hack of the professional networking site linkedin.com. 10 June 2012 Anonymous attacked and brought down the website run by Computer Emergency Response Team India (CERT-In), the country's premier agency dealing with cyber security contingencies
  • 8.
    How dangerous areCyber attacks July 12, 2012 A Yahoo security breach exposed 450,000 usernames and passwords from a site on the huge web portal indicates that the company failed to take even basic precautions to protect the data. 2012: Latest SQL Injection Campaign Infects 1 Million Web Pages with the lilupophilupop.comPages with the lilupophilupop.com During the period December 2011 to February 2012, a total number of 112 government websites were hacked,” Minister of State for Communications and IT Sachin Pilot told the Lok Sabha. September 10, 2012 — Network World —Anonymous has claimed responsibility for knocking domain provider GoDaddy offline. Source : http://openspace.org.in
  • 9.
    Hacked out ofBusiness
  • 10.
  • 11.
    Current State :Network Security
  • 12.
  • 13.
  • 14.
    Penetration Testing • ApplicationSecurity Review • Application Security Assessment Application SecurityApplication Security • Secure Network Architecture & System Integration • Network Security Managed Operations Network & System SecurityNetwork & System Security • Security Management Reviews & Risk Assessment • Security Policy & Process Development & ImplementationSecurity Governance & ComplianceSecurity Governance & Compliance • Security Policy & Process Development & Implementation • ISO27001 Consulting Security Governance & ComplianceSecurity Governance & Compliance • BCM & ITDR Consulting • BCM Compliance Services Business Continuity / Disaster Recovery Business Continuity / Disaster Recovery • Consulting & System Integration • Support & Maintenance Identity & Access ManagementIdentity & Access Management • Professional Services • Remote Security Operation Centre Managed Security ServicesManaged Security Services
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
    What is Metasploit Accordingto the Metasploit Team; “The Metasploit Framework is a platform for writing, testing, and using exploit code. The primary users of the Framework are professionals performing penetration testing, shellcode development, and vulnerability research. It is becoming the de facto standard for vulnerability assessment and PenTest. largest ruby project in existence Find vulnerability ->choose exploit -> check if exploit applies -> configure payload -> configure encoding to evade IDS and AV-> execute the exploit Includes an extensive shell code and opcode database with full source code.
  • 20.
    What is Metasploit Tounderstand the use of Metasploit we have to understand the some basic terminologies. Vulnerability “The word vulnerability, refers to a weakness in a system allowing an attacker to violate the confidentiality, integrity,allowing an attacker to violate the confidentiality, integrity, availability, access control, consistency or audit mechanisms of the system or the data and applications it hosts”. Exploits An exploit is a security attack on a vulnerability Can exploits give access to a secured system? Ans: NO
  • 21.
    What is Metasploit Exploitshave more potential They are commonly used to install system malware or gain system access or recruit client machines into an existing ‘botnet’ This is accomplished with the help of a Payload The payload is a sequence of code that is executedThe payload is a sequence of code that is executed when the vulnerability is triggered Payloads are very useful because they provide an interactive shell that can be used to completely control the system remotely To make things clear, an Exploit is really broken up into two parts, EXPLOIT = Vulnerability + Payload
  • 22.
    Hot Spots In anetwork, filtering and complex rules are generally applied on the basis of these basic factors TCP or UDP Source IP addressSource IP address Source Port Number Destination IP address Destination Port Number Now we have and Metasploit at our disposal and now we also have the HOT SPOTS to target the NETWORK. I
  • 23.
    SAMPLE PENETRATION TEST *Note:Demonstration of the Penetration Test is only for the Research Purposes DON'T BE IRRESPONSIBLE...SERIOUSLYDON'T BE IRRESPONSIBLE...SERIOUSLY USE OF THESE TOOLS ON MACHINES NOT LEGALLY OWNED BY YOU COULD END UP PUTTING A NASTY MARK ON YOUR CRIMINAL RECORD This is not a live demo or real scenario of a Network Pentest. Network is emulated which is really close to the “Real One”
  • 24.
    The Attack To conducta Software Exploitation Attack using Metasploit Framework against a Victim machine in order to gain system access To make things interesting, the Victim’s machine will also have AV in order to see how it reacts to thealso have AV in order to see how it reacts to the attack. We use MS08-067 exploit – Critical - CVE-2008-4250 MS08-067 is Vulnerability in Server Service Could Allow Remote Code Execution (958644) On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code
  • 25.
    Outline of Network TopologyToemulate the real time network we created network of three virtual machines on WIN 7 Host Machine. VICTIM -WinXP Machine with SP2 and SP3 Flavor Ip.addr = 192.168.242.132Ip.addr = 192.168.242.132 VICTIM -WinXP Machine with SP3 and AV Ip.addr = 192.168.242.133 Attacker –Back|Track 5 r3 with Metasploit Ip.addr = 192.168.242.134
  • 26.
    Tools: Used inthe PenTest Automatic tools are required to detect and exploit the vulnerabilities quickly to save crucial amount of time. You can use the following Tools: Nmap 6.01 Hyperion for Exploit /Payload EncryptionHyperion for Exploit /Payload Encryption Havij can be used to detect SQL injection on the website hosted target using network SQL Inject Me (FireFox AddOn) Acunetix Web Vulnerability Scanner
  • 27.
  • 28.
    Evaluate Impact onthe Network and Reporting It reveals the information about all the existing vulnerabilities in the network. How deep a hacker can go inside the Network. How much data can be lost or altered. Report them accurately
  • 29.
    Recommended Countermeasures Discipline Code review QATest PlansQA Test Plans Test with an intruder’s mindset Periodic Penetration Testing
  • 30.
    Recommended Countermeasures(Contd.) Best Practices Useprinciple of least-privilege Use names should be harder to guess Use aliases to provide more layers of separation between the data and the intruderand the intruder Keep up-to-date on patches Escaping all User Supplied Input Use third-party code and applications evaluation services for greater scrutiny
  • 31.
  • 32.