metasploit intermediate -...
TRANSCRIPT
![Page 1: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/1.jpg)
Intermediate Metasploit
d4rkm4tter
![Page 2: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/2.jpg)
BS in Computer Science from SUU
I hack stuff and sometimes get paid for it
I hang out with #dc801
Long history with *nix systems
Regularly compete in CTF competitions
(Defcon’s Qualifier starts May 16th @ 6:00 pm)
whoami
![Page 3: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/3.jpg)
Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evilYes these tools can do real damage, don’t be dumbDon’t blame me because you are giving up your rights by listening to meAny names or things referenced in this presentation are fiction and not any real person or thing
Disclaimer
![Page 4: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/4.jpg)
Most exploits works by crashing threads or processes.Bad things will happen so expect this behavior, or don’t exploit.
More Warnings
![Page 5: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/5.jpg)
How to get help? msf> help [command]More help? msf> [command] -hAutocomplete is your friend! <TAB> everything!MSF Directory on Kali - /usr/share/metasploit-framework
Some MSF Basics
![Page 6: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/6.jpg)
msf> db_statusKali doesn’t start MSF nor Postgresql on boot# service postgresql start && service metasploit startmsf> db_rebuild_cache
More Basics
![Page 7: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/7.jpg)
Directory Structure: auxiliary/[type]/[application]/[name]encoder/[architecture]/[name]exploits/[OS]/[type]/[exploit_name]payload/[OS]/[architecture]/[meterpreter||shell_name]nop/[architecture]/[name]post/[OS]/[type]/[name]
More More Basics
![Page 8: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/8.jpg)
Example usage: msf> use auxiliary/scanner/discovery/udp_probe msf> use encoder/x86/alpha_uppermsf> use exploit/windows/smb/ms08_067_netapimsf> set PAYLOAD windows/meterpreter/reverse_tcp
Less More Basics
![Page 9: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/9.jpg)
msf> workspacemsf> search [keywords]msf> use [module]msf> set [variable/option] [value]msf> show [all/options/modules/exploits]msf> session -lmsf> session -i 1
Less Basics
![Page 10: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/10.jpg)
ReconReconRecon
ReconRecon
Recon
Methodology
Recon Send Exploits Pivot Persistence
Internal Network
PWN’d
![Page 11: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/11.jpg)
You are a hackerTarget: lulzsec Motive: They are suspected of taking a copy of your bosses’ “special video”Objective: Gain access to their internal servers and find evidence they accessed your servers and took the data.
Setting the Scene
![Page 12: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/12.jpg)
msf>
TO THE CONSOLE!
![Page 13: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/13.jpg)
OMG IT CRASHED!!
![Page 14: Metasploit Intermediate - PalShackpalshack.org/wp-content/uploads/2014/05/OpenWest-2014-Intermedi… · Don’t do stuff you’re not supposta Don’t be chaotic evil, be lawful evil](https://reader034.vdocuments.mx/reader034/viewer/2022051512/603811a7cd64a00d4842a343/html5/thumbnails/14.jpg)
Questions?
Follow me: @d4rkm4tterBlog: palshack.orgIRC: #DC801Some Vidz: http://bit.ly/QhWNL2
Finally, its over!