23
PenTesting with Metasploit Framework Presented by Sudarshan Pawar Prakashchandra Suthar Information Security is our Forte… Phone: +91-20-24333311 Email: [email protected] Web: http://beaconedutech.com Address: 303, Renata Chambers, 2145, Sadashiv Peth, Pune, Maharashtra, India 411030

Pentesting with Metasploit

Embed Size (px)

DESCRIPTION

Pentesting? What is Pentesting? Why Pentesting? Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches

Citation preview

Page 1: Pentesting with Metasploit

PenTesting with Metasploit FrameworkPresented by –

Sudarshan Pawar

Prakashchandra Suthar

Information Security is our Forte…

Phone: +91-20-24333311

Email: [email protected]

Web: http://beaconedutech.com

Address: 303, Renata Chambers,

2145, Sadashiv Peth,

Pune, Maharashtra, India – 411030

mailto:[email protected]
http://beaconedutech.com
Page 2: Pentesting with Metasploit

“From 2008 Backtrack started giving machine guns to monkeys “

Information Security is our Forte…

Page 3: Pentesting with Metasploit

Agenda

• What is PenTesting?

• Why PenTesting?

• Traditional Methodologies

• Metasploit

• Metasploit Terminologies

• Demo

• Is Metasploit the ans.?

12

/7/2

01

3B

eaco

n E

du

tech

2

Page 4: Pentesting with Metasploit

Getting Started

• What is PenTesting?

• Art or approach in an attempt to break-in into authorised digital environment.

• Why PenTesting?

• Explore your security & trying to patch them

• Find vulnerabilities before others(bad guys) do

• …

12

/7/2

01

3B

eaco

n E

du

tech

3

Page 5: Pentesting with Metasploit

Need of Pentesting

• Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches.

• Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs.

-Metasploit –The Penetration Tester’s Guide by HD Moore

12

/7/2

01

3B

eaco

n E

du

tech

4

Page 6: Pentesting with Metasploit

Pentesting Phases

12

/7/2

01

3B

eaco

n E

du

tech

5

Reconnaissance

Vulnerability Assessment & Analysis

Exploitation

Post Exploitation

Reporting

Page 7: Pentesting with Metasploit

Traditional Pentesting

12

/7/2

01

3B

eaco

n E

du

tech

6

Page 8: Pentesting with Metasploit

Traditional Pentesting

12

/7/2

01

3B

eaco

n E

du

tech

7

Public Exploit Gathering

Change Offset

Replace Shellcode

Page 9: Pentesting with Metasploit

What is Metasploit?

• Not just a tool, but an entire framework

• An Open source platform for writing security tools and exploits

• Easily build attack vectors to add its exploits, payloads, encoders,

• Create and execute more advanced attack

• Built in RUBY

12

/7/2

01

3B

eaco

n E

du

tech

8

Page 10: Pentesting with Metasploit

Architecture

12

/7/2

01

3B

eaco

n E

du

tech

9

Page 11: Pentesting with Metasploit

Why use Metasploit?

• Easy to Use

• 600+ Exploits

• 200+ payloads

• 25+ encoders

• 300+ auxiliary

12

/7/2

01

3B

eaco

n E

du

tech

10

Page 12: Pentesting with Metasploit

Traditional Pentest Vs Metasploit

12

/7/2

01

3B

eaco

n E

du

tech

11

Page 13: Pentesting with Metasploit

Traditional Pentest Vs Metasploit

12

/7/2

01

3B

eaco

n E

du

tech

12

Load Metasploit

Choose the target OS

Use exploit

SET Payload

Execute

Public Exploit Gathering

Change Offset

Replace Shellcode

Page 14: Pentesting with Metasploit

Metasploit Interface

• MSFconsole

• MSFcli

• Msfweb, msfgui ( discontinued)

• Metasploit Pro

• Armitage

12

/7/2

01

3B

eaco

n E

du

tech

13

Page 15: Pentesting with Metasploit

Metasploit Terminologies• Exploit : The means by which a Pentester takes an

advantages of a flaw within system, application, or service

• Payload : Code that we want the target system to execute on our command

• Shellcode : Set of instructions used as payload when exploitation occurs

• Module : Support software that can be used by Metasploit

• Listener : A component for waiting an incoming connection

12

/7/2

01

3B

eaco

n E

du

tech

14

Page 16: Pentesting with Metasploit

Netapi exploit 12

/7/2

01

3B

eaco

n E

du

tech

15

Vulnerability : NetAPI32.dll file that allows remote code executionProcess name: Microsoft LAN Manager DLL Application using this process: Microsoft network

Page 17: Pentesting with Metasploit

Meterpreter

• A.k.a Meta Interpreter

• Post exploitation payload(tool)

• Uses in-memory DLL injection

• Can be extended over the run time

• Encrypted communication

12

/7/2

01

3B

eaco

n E

du

tech

16

Page 18: Pentesting with Metasploit

What can be done• Command execution

• File Upload/Download

• Process migration

• Log Deletion

• Privilege escalation

• Registry modification

• Deleting logs and killing antivirus

• Backdoors and Rootkits

• Pivoting

• …..etc.

12

/7/2

01

3B

eaco

n E

du

tech

17

Page 19: Pentesting with Metasploit

Demo Meterpreter

12

/7/2

01

3B

eaco

n E

du

tech

18

Page 20: Pentesting with Metasploit

Thanks To…

• BackTrack and Kali Linux

• Metasploit Team (HD Moore & Rapid7)

• Offensive Security

12

/7/2

01

3B

eaco

n E

du

tech

19

Page 21: Pentesting with Metasploit

References• http://docs.kali.org/

• http://www.metasploit.com

• http://www.offensive-security.com/metasploit-unleashed/

• http://www.processlibrary.com/en/directory/files/netapi32/21334/

• http://support.microsoft.com/kb/958644

12

/7/2

01

3B

eaco

n E

du

tech

20

http://docs.kali.org/
http://www.metasploit.com/
http://www.offensive-security.com/metasploit-unleashed/
http://www.offensive-security.com/metasploit-unleashed/
http://www.offensive-security.com/metasploit-unleashed/
http://www.offensive-security.com/metasploit-unleashed/
http://www.offensive-security.com/metasploit-unleashed/
http://www.processlibrary.com/en/directory/files/netapi32/21334/
http://www.processlibrary.com/en/directory/files/netapi32/21334/
http://support.microsoft.com/kb/958644
Page 22: Pentesting with Metasploit

Discussion …

12

/7/2

01

3B

eaco

n E

du

tech

21

Page 23: Pentesting with Metasploit

RULES…

• Group Discussion about

“Pentesting with Metasploit –Yes/No ”

• Rules

• Don’t Hesitate to raise a point (We all are learners)

• No Rocket Science required.

• Its not a debate, so chill.

12

/7/2

01

3B

eaco

n E

du

tech

22


PENTESTING WITH TOOLS Network Scanning: the Basic t oolsfiles.accuvant.com/web/files/pentest_network_scanning_article.pdf · PENTESTING WITH TOOLS T his will allow the reader to have

PENTESTING WITH TOOLS Network Scanning: the Basic t oolsfiles.accuvant.com/web/files/pentest_network_scanning_article.pdf · PENTESTING WITH TOOLS T his will allow the reader to have

Documents
Seculabs eBook - Msfvenom Exploit Hacking With Metasploit

Seculabs eBook - Msfvenom Exploit Hacking With Metasploit

Documents
Abusing Windows Remote Management with Metasploit David Maloney Metasploit Software Engineer Rapid7

Abusing Windows Remote Management with Metasploit David Maloney Metasploit Software Engineer Rapid7

Documents
Pentesting Android with BackBox 4

Pentesting Android with BackBox 4

Mobile
Abusing Windows Remote Management with Metasploit

Abusing Windows Remote Management with Metasploit

Documents
Pentesting with linux

Pentesting with linux

Technology
Practical pentesting of ERP’s and businessmedia.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs... · ERPScan Pentesting Tool • ERPScan's Pentesting Tool is a freeware

Practical pentesting of ERP’s and businessmedia.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs... · ERPScan Pentesting Tool • ERPScan's Pentesting Tool is a freeware

Documents
Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with Metasploit

Louisville Infosec - Metasploit Class - Fuzzing and Exploit Development with Metasploit

Technology
Penetration Testing With Metasploit

Penetration Testing With Metasploit

Documents
Attacking Oracle Web Applications with Metasploit Oracle Web Applications with Metasploit Chris Gates -- carnal0wnage @carnal0wnage Introduction In 2009, Metasploit

Attacking Oracle Web Applications with Metasploit Oracle Web Applications with Metasploit Chris Gates -- carnal0wnage @carnal0wnage Introduction In 2009, Metasploit

Documents
Pen-Testing with Metasploit

Pen-Testing with Metasploit

Software
Offensive Security with Metasploit

Offensive Security with Metasploit

Documents
WITH MOBILE PENTESTING

WITH MOBILE PENTESTING

Documents
Module development in Metasploit for pentesting A Degree

Module development in Metasploit for pentesting A Degree

Documents
Attacking Oracle with the Metasploit Framework · Attacking Oracle with the Metasploit Framework ... Google dorks to locate Oracle systems. ... Attacking Oracle with the Metasploit

Attacking Oracle with the Metasploit Framework · Attacking Oracle with the Metasploit Framework ... Google dorks to locate Oracle systems. ... Attacking Oracle with the Metasploit

Documents
root@nmap~#whoami. - Irongeek.com · Nmap Scripting Engine Metasploit Integration AV Evasion NSE Scripts: What, Where, Why and How Using Scripts like a boss for pentesting

root@nmap~#whoami. - Irongeek.com · Nmap Scripting Engine Metasploit Integration AV Evasion NSE Scripts: What, Where, Why and How Using Scripts like a boss for pentesting

Documents
Lab 2: Penetration Testing with Metasploit

Lab 2: Penetration Testing with Metasploit

Documents
Objective: 1 Metasploit - Server Side Exploitsweb.cs.sunyit.edu/~ciullac/NCS430-Pentesting/NCS430ciullac...After running the script, Metasploit was able to capture and hold a system

Objective: 1 Metasploit - Server Side Exploitsweb.cs.sunyit.edu/~ciullac/NCS430-Pentesting/NCS430ciullac...After running the script, Metasploit was able to capture and hold a system

Documents
Hack Websites With Metasploit

Hack Websites With Metasploit

Documents
Exploit Automation with the Metasploit Framework James Lee

Exploit Automation with the Metasploit Framework James Lee

Documents
Getting Started with IoT Pentesting - IoT – reNgine

Getting Started with IoT Pentesting - IoT – reNgine

Documents
Penetration Testing with Metasploit Framework

Penetration Testing with Metasploit Framework

Documents
Metasploit (Module-1) - Getting Started With Metasploit

Metasploit (Module-1) - Getting Started With Metasploit

Presentations & Public Speaking
Pentesting embedded

Pentesting embedded

Documents
Dorking & Pentesting with Tacyt

Dorking & Pentesting with Tacyt

Technology
The Network Security Test Lab - Startseite...Metasploit 286 Armitage 287 Metasploit Console 288 Metasploit Command‐Line Interface 289 Updating Metasploit 290 BeEF 290 Core Impact

The Network Security Test Lab - Startseite...Metasploit 286 Armitage 287 Metasploit Console 288 Metasploit Command‐Line Interface 289 Updating Metasploit 290 BeEF 290 Core Impact

Documents
Offensive Go - OWASP0X01 CODING FOR PENTESTERS •Current state of the art languages for pentesting •Python (sqlmap, OWASP OWTF, pwntools, pwndbg) •Ruby (Metasploit framework,

Offensive Go - OWASP0X01 CODING FOR PENTESTERS •Current state of the art languages for pentesting •Python (sqlmap, OWASP OWTF, pwntools, pwndbg) •Ruby (Metasploit framework,

Documents
Exploiting with Metasploi Exploiting with Metasploit - hacking

Exploiting with Metasploi Exploiting with Metasploit - hacking

Documents
Pentesting With Burp Suite

Pentesting With Burp Suite

Documents
Pentesting With BT Offensive Security

Pentesting With BT Offensive Security

Documents