SlideShare uma empresa Scribd logo

Metasploit framwork

Transferir como PPTX, PDF
Deepanshu Gajbhiye
Deepanshu Gajbhiye

Metasploit framwork is one of the most used framework used for penetration testing. With over 1500+ modules it is the first choice of every pentester.

Tecnologia
1 de 42
-Deepanshu d78ui98 GETTING STARTED WITH METASPLOIT FRAMEWORK
OUR AGENDA What is metasploit? Its history Basic terminologies Architecture of metasploit Modules Few demos Conclusion
WHAT IS METASPLOIT FRAMEWORK?
METASPLOIT FRAMEWORK • Its an open source exploitation framework. • It is not just a single tool but collection of several. • Used mostly for Penetration Testing, Research, Creating and Testing new exploits. • It provides infrastructure to automate mundane and complex tasks.
LIL BIT HISTORY  Created by HD Moore in 2003 in perl  Follow up project came in 2004 Metasploit 2.0  Metasploit 3.0 released in 2007  In 2009 Metasploit was acquired by Rapid 7  Then Metasploit pro and Metasploit Express were devloped
BASIC TERMINOLOGIES #Vulnerability Weakness in a system, a bug which is to be exploited
#Exploit • Basically a piece of code to take advantage of a Vulnerability
#PAYLOAD • Another piece of code that is executed through given exploit. • lets us control a computer system after it’s been exploited
ARCHITECTURE OF METASPLOIT • It is kind of Important to understand the basic structure of metasploit how is it designed. We should not directly start with the exploiting targets.
MODULES Exploits Payloads Encoders Nops Auxiliary
#ENCODERS • Encoders are used to evade the anti- virus Softwares and firewall • However it has no effect on the functionality of out exploit • Popular encoders are – 1. shikata_ga_nai 2. base64 3. powershell_base64
#NOPS • NOP is short for No OPeration • NOPs keep the payload sizes consistent ensuring that validly executable by the processor.. Basically makes payload stable
#AUXILIARY • Provides additional functionality like scanning, fuzzing, Information gathering
#PAYLOADS  Singles Usually standalone. Fire and forget type.  Stagers Payload is divided into stages.  Stages Components of stager module.
• In case of bind tcp an exploit opens a vulnerable port in victim machine. And then it waits for connection from attacker BIND TCP SHELL
• In case of bind reverse tcp the target machine communicate back to attacker machine. Attacker machine has listening port open on which it receives connection. BIND REVERSE TCP
NOW WE KNOW ENOUGH THEORY TO TRY OUT METASPLOIT FRAMEWORK
3 INITIAL STEPS 1. Start the postgresql service 2. Then make sure that msf database is running 3. Launch the metasploit framework by typing in msfconsole
SOME COMMANDS  Show exploits  Search  Show info  Show options  Set
 Rhost  Lhost  Exploit or run  Show advanced  Back
DEMO 1 Using tcp scanner auxiliary
LETS START EXPLOITING
DEMO 2 Getting shell on Metasploitable VM
A SIMPLE COMMAND SHELL FROM ATTACKER TO VICTIM
#MSFVENOM • It is a standalone payload generator and encoder • Msfvenom replaced msfpayload and msfencoder in 2015. • It allows use to create playloads in c, exe, python, java formats. • Basically allow us to create mallicious files.
MSFVENOM STEPS • Create a malicious file. • Start the payload handler. • Get victim to run the malicious file.
DEMO 3 Meterpreter shell on windows 7 machine via msfvenom
ARMITAGE Armitage is an attack manager tool that automates Metasploit in a graphical way. Created by Raphael Mudge Written in java
THIS IS HOW IT LOOKS LIKE
THIS IS HOW IT CAN LOOK LIKE AFTER ATTACK
DEMO 4 Internet explorer css exploit to get meterpreter shell
PIVOTING • Pivoting is a technique that allows attackers to use a compromised system to attack other machines in the same network • Basically hack another machine through already compromised machine
DEMO 5 Pivoting an actual target
WAYS TO PREVENT THESE ATTACKS Don’t download files from unknown sources. Always run the latest version of software or Operating system. Don’t click on Random links on the internet. Lastly, Be smart don’t get social engineered by someone.
CONSLUSION These were some of the basic metasploit attacks. The point was not only to teach you that something like happens but also about how to prevent it.
Go ahead. Ask away QUESTIONS AND ANSWERS
Hope you all had same amount of fun as I had while making this presentation THANK YOU FOR JOINING
SRC • https://github.com/rapid7/metasploit-framework/wiki • https://www.offensive-security.com/metasploit-unleashed/ • https://www.slideshare.net/nullhyd/metasploit-42992322 • https://www.corelan.be/ • https://www.phillips321.co.uk/ • https://pentestn00b.wordpress.com/ • https://community.rapid7.com/community/metasploit • http://www.hackingtutorials.org/metasploit-tutorials/ • http://metasploited.blogspot.in/2012/01/metasploit-tutorial-basics.html • https://www.kali.org/ • https://developer.microsoft.com/en-us/microsoft-edge
IGNORE THE LAST SLIDE • REX-- Handles almost all core functions such as setting up sockets, connections, formatting, and all other raw functions MSF CORE-- Provides the basic API and the actual core that describes the framework MSF BASE-- Provides friendly API support to modules • run event_manger –c • Pivoting refers to accessing the restricted system from the attacker's system through the compromised system • netstat -anp|grep "port_number" •

Recomendados

Metasploit
MetasploitMetasploit
MetasploitLalith Sai
 
Metasploit
MetasploitMetasploit
MetasploitInstitute of Information Security (IIS)
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitGTU
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Metaploit
MetaploitMetaploit
MetaploitAjinkya Pathak
 
Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with MetasploitM.Syarifudin, ST, OSCP, OSWP
 

Recomendados

Metasploit
MetasploitMetasploit
MetasploitLalith Sai
 
Metasploit
MetasploitMetasploit
MetasploitInstitute of Information Security (IIS)
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitGTU
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Metaploit
MetaploitMetaploit
MetaploitAjinkya Pathak
 
Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with MetasploitM.Syarifudin, ST, OSCP, OSWP
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitAnurag Srivastava
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminarhenelpj
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaRaghunath G
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsn|u - The Open Security Community
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basicsamiable_indian
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
Netcat
NetcatNetcat
Netcatpenetration Tester
 
OpenVAS
OpenVASOpenVAS
OpenVASsvm
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware AnalysisAlbert Hui
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisSam Bowne
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Networking basics by rahul at Null Mumbai
Networking basics by rahul at Null MumbaiNetworking basics by rahul at Null Mumbai
Networking basics by rahul at Null MumbaiAvkash Kathiriya
 
Basics of Cryptography
Basics of CryptographyBasics of Cryptography
Basics of CryptographySunil Kumar
 

Mais conteúdo relacionado

Mais procurados

Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitAnurag Srivastava
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminarhenelpj
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaRaghunath G
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
OpenVAS
OpenVASOpenVAS
OpenVASsvm
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware AnalysisAlbert Hui
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisSam Bowne
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 

Mais procurados (20)

Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beema
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Netcat
NetcatNetcat
Netcat
 
OpenVAS
OpenVASOpenVAS
OpenVAS
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
NMAP
NMAPNMAP
NMAP
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 

Destaque

Networking basics by rahul at Null Mumbai
Networking basics by rahul at Null MumbaiNetworking basics by rahul at Null Mumbai
Networking basics by rahul at Null MumbaiAvkash Kathiriya
 
Basics of Cryptography
Basics of CryptographyBasics of Cryptography
Basics of CryptographySunil Kumar
 
Yet another talk on bug bounty
Yet another talk on bug bountyYet another talk on bug bounty
Yet another talk on bug bountyvinoth kumar
 
A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)Deepam Kanjani
 
API Security - Null meet
API Security - Null meetAPI Security - Null meet
API Security - Null meetvinoth kumar
 

Destaque (7)

Networking basics by rahul at Null Mumbai
Networking basics by rahul at Null MumbaiNetworking basics by rahul at Null Mumbai
Networking basics by rahul at Null Mumbai
 
Basics of Cryptography
Basics of CryptographyBasics of Cryptography
Basics of Cryptography
 
Yet another talk on bug bounty
Yet another talk on bug bountyYet another talk on bug bounty
Yet another talk on bug bounty
 
Bit squatting
Bit squattingBit squatting
Bit squatting
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
 
A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)
 
API Security - Null meet
API Security - Null meetAPI Security - Null meet
API Security - Null meet
 

Semelhante a Metasploit framwork

Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing toolmedoelkang600
 
Introduction to metasploit
Introduction to metasploitIntroduction to metasploit
Introduction to metasploitGTU
 
24 33 -_metasploit
24 33 -_metasploit24 33 -_metasploit
24 33 -_metasploitwozgeass
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerShellmates
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For BeginnersRamnath Shenoy
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android DemoArpit Agarwal
 
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
[null]Metapwn - Pwn at a puff by Prajwal PanchmahalkarPrajwal Panchmahalkar
 
DefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm HoleDefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm HoleDefCamp
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 
Mocking vtcc3 - en
Mocking vtcc3 - enMocking vtcc3 - en
Mocking vtcc3 - envgrondin
 
Online Sync meetup: Metasploit 101 slides
Online Sync meetup: Metasploit 101 slidesOnline Sync meetup: Metasploit 101 slides
Online Sync meetup: Metasploit 101 slidescyberforgeacademy
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
Lifnaaaaaa e
Lifnaaaaaa eLifnaaaaaa e
Lifnaaaaaa ehenelpj
 

Semelhante a Metasploit framwork (20)

Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
 
Introduction to metasploit
Introduction to metasploitIntroduction to metasploit
Introduction to metasploit
 
24 33 -_metasploit
24 33 -_metasploit24 33 -_metasploit
24 33 -_metasploit
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
 
Metasploit
MetasploitMetasploit
Metasploit
 
Metasploit
MetasploitMetasploit
Metasploit
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android Demo
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
 
Metapwn
MetapwnMetapwn
Metapwn
 
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
 
DefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm HoleDefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm Hole
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
 
Mocking vtcc3 - en
Mocking vtcc3 - enMocking vtcc3 - en
Mocking vtcc3 - en
 
Online Sync meetup: Metasploit 101 slides
Online Sync meetup: Metasploit 101 slidesOnline Sync meetup: Metasploit 101 slides
Online Sync meetup: Metasploit 101 slides
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Lifnaaaaaa e
Lifnaaaaaa eLifnaaaaaa e
Lifnaaaaaa e
 

Último

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Último (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Metasploit framwork

  • 2. OUR AGENDA What is metasploit? Its history Basic terminologies Architecture of metasploit Modules Few demos Conclusion
  • 3. WHAT IS METASPLOIT FRAMEWORK?
  • 4. METASPLOIT FRAMEWORK • Its an open source exploitation framework. • It is not just a single tool but collection of several. • Used mostly for Penetration Testing, Research, Creating and Testing new exploits. • It provides infrastructure to automate mundane and complex tasks.
  • 5. LIL BIT HISTORY  Created by HD Moore in 2003 in perl  Follow up project came in 2004 Metasploit 2.0  Metasploit 3.0 released in 2007  In 2009 Metasploit was acquired by Rapid 7  Then Metasploit pro and Metasploit Express were devloped
  • 6. BASIC TERMINOLOGIES #Vulnerability Weakness in a system, a bug which is to be exploited
  • 7. #Exploit • Basically a piece of code to take advantage of a Vulnerability
  • 8. #PAYLOAD • Another piece of code that is executed through given exploit. • lets us control a computer system after it’s been exploited
  • 9. ARCHITECTURE OF METASPLOIT • It is kind of Important to understand the basic structure of metasploit how is it designed. We should not directly start with the exploiting targets.
  • 10.
  • 12. #ENCODERS • Encoders are used to evade the anti- virus Softwares and firewall • However it has no effect on the functionality of out exploit • Popular encoders are – 1. shikata_ga_nai 2. base64 3. powershell_base64
  • 13. #NOPS • NOP is short for No OPeration • NOPs keep the payload sizes consistent ensuring that validly executable by the processor.. Basically makes payload stable
  • 14. #AUXILIARY • Provides additional functionality like scanning, fuzzing, Information gathering
  • 15. #PAYLOADS  Singles Usually standalone. Fire and forget type.  Stagers Payload is divided into stages.  Stages Components of stager module.
  • 16. • In case of bind tcp an exploit opens a vulnerable port in victim machine. And then it waits for connection from attacker BIND TCP SHELL
  • 17. • In case of bind reverse tcp the target machine communicate back to attacker machine. Attacker machine has listening port open on which it receives connection. BIND REVERSE TCP
  • 18. NOW WE KNOW ENOUGH THEORY TO TRY OUT METASPLOIT FRAMEWORK
  • 19. 3 INITIAL STEPS 1. Start the postgresql service 2. Then make sure that msf database is running 3. Launch the metasploit framework by typing in msfconsole
  • 20.
  • 21. SOME COMMANDS  Show exploits  Search  Show info  Show options  Set
  • 22.  Rhost  Lhost  Exploit or run  Show advanced  Back
  • 23. DEMO 1 Using tcp scanner auxiliary
  • 25. DEMO 2 Getting shell on Metasploitable VM
  • 26. A SIMPLE COMMAND SHELL FROM ATTACKER TO VICTIM
  • 27. #MSFVENOM • It is a standalone payload generator and encoder • Msfvenom replaced msfpayload and msfencoder in 2015. • It allows use to create playloads in c, exe, python, java formats. • Basically allow us to create mallicious files.
  • 28. MSFVENOM STEPS • Create a malicious file. • Start the payload handler. • Get victim to run the malicious file.
  • 29. DEMO 3 Meterpreter shell on windows 7 machine via msfvenom
  • 30. ARMITAGE Armitage is an attack manager tool that automates Metasploit in a graphical way. Created by Raphael Mudge Written in java
  • 31. THIS IS HOW IT LOOKS LIKE
  • 32. THIS IS HOW IT CAN LOOK LIKE AFTER ATTACK
  • 33. DEMO 4 Internet explorer css exploit to get meterpreter shell
  • 34.
  • 35. PIVOTING • Pivoting is a technique that allows attackers to use a compromised system to attack other machines in the same network • Basically hack another machine through already compromised machine
  • 36. DEMO 5 Pivoting an actual target
  • 37. WAYS TO PREVENT THESE ATTACKS Don’t download files from unknown sources. Always run the latest version of software or Operating system. Don’t click on Random links on the internet. Lastly, Be smart don’t get social engineered by someone.
  • 38. CONSLUSION These were some of the basic metasploit attacks. The point was not only to teach you that something like happens but also about how to prevent it.
  • 39. Go ahead. Ask away QUESTIONS AND ANSWERS
  • 40. Hope you all had same amount of fun as I had while making this presentation THANK YOU FOR JOINING
  • 41. SRC • https://github.com/rapid7/metasploit-framework/wiki • https://www.offensive-security.com/metasploit-unleashed/ • https://www.slideshare.net/nullhyd/metasploit-42992322 • https://www.corelan.be/ • https://www.phillips321.co.uk/ • https://pentestn00b.wordpress.com/ • https://community.rapid7.com/community/metasploit • http://www.hackingtutorials.org/metasploit-tutorials/ • http://metasploited.blogspot.in/2012/01/metasploit-tutorial-basics.html • https://www.kali.org/ • https://developer.microsoft.com/en-us/microsoft-edge
  • 42. IGNORE THE LAST SLIDE • REX-- Handles almost all core functions such as setting up sockets, connections, formatting, and all other raw functions MSF CORE-- Provides the basic API and the actual core that describes the framework MSF BASE-- Provides friendly API support to modules • run event_manger –c • Pivoting refers to accessing the restricted system from the attacker's system through the compromised system • netstat -anp|grep "port_number" •