SlideShare uma empresa Scribd logo

DefCamp 2013 - MSF Into The Worm Hole

Transferir como PPTX, PDF
DefCamp
DefCamp
Tecnologia
1 de 56
Who Is This Ugly Dude In Front of Me? Kizz MyAnthia Senior Penetration Tester HP Fortify – ShadowLabs @Kizz_My_Anthia www.KizzMyAnthia.com
Who Is This Ugly Dude In Front of Me? • Background: • Penetration Tester for 13 years • Network Engineer for 15 years • In IT for 18 years • Regulatory Technology Tester for 5 years • Specializes in mobile technologies and communications • Social Engineering • Physical Security
• Introduction • PWN Bones • Metasploit Framework Parts • Metasploit for Web PenTesting • Direct Exploits • Browser Exploits • HeySexxyLady.pwnme • Client-side Attacks • Wrap Up
PWN Bones
The PWN Bone is connected to the ‘sploit bone • Metasploit is a Framework built like a skeletal structure • Each part builds on the others • • • • • • • • Exploit Payload Shellcode Modules Listeners Auxiliary Modules Plugins Utilities
PWN Bones • Exploit • The means by which an attacker, or pen tester, takes advantage of a flaw within a system, application, or service. • Common eploits include: • Buffer Overflows • SQL Injections • Configuration Errors
PWN Bones • Payload • Code that is executed within an exploit • These are selected and delivered by the Metasploit Framework • Reverse Shell • The payload creates a connection from the target machine back to the attacker • Bind Shell • “Binds” a command prompt to a listening port on the target machine that the attacker can connect to
PWN Bones • Shellcode • A set of instructions used as a payload when exploitation occurs
PWN Bones • Modules • Whereas Metasploit is concerned, Modules are the pieces of software used by the framework to perform a specific task • Exploit Modules • Auxiliary Modules
PWN Bones • Listeners • A Metasploit Framework component • Waits for incoming connections or Reverse Payloads • Handles the remote connection
PWN Bones • Auxiliary Modules • • • • Reconnaissance Brute-force Fuzzers Custom
PWN Bones • Plugins • Applications that leverage the Metasploit Framework for exploitation • SET • Social Engineers Toolkit • WMAP • Web Application Scanner • Fast-track • Open source Python based tool to help perform advanced penetration testing techniques
PWN Bones • Utilities • MSFPayload • MSFEncode • MSFVenom
PWN Bones – WMAP • WMAP • Web Application “Scanner” • Focuses on utilizing the MSF Web Scanning & Data Collection Modules • Not a “Real” scanner
PWN Bones - SET • SET – Social Engineers Toolkit – Social-Engineer.org • Conceived by Chris Hadnagy (loganWHD) • Written by David Kennedy • Used to perform attacks against human weaknesses exploiting curiosity, credibility, avarice and human stupidity
Metasploit For Web PenTesting
Metasploit For Web PenTesting • Direct Exploits • Host/Server Exploits • Service Exploits • “Feature” Exploits • Browser Exploits • MS10-002 “Aurora” • Tab Nabbing • Browser AutoPWN
Metasploit For Web PenTesting • Direct Exploits • will exploit a specific host, run until completion, and then exit
Metasploit For Web PenTesting • Passive exploits wait for incoming hosts and exploit them as they connect. Passive exploits almost always focus on clients such as web browsers, FTP clients, etc. • They can also be used in conjunction with email exploits, waiting for connections. • Passive exploits report shells as they happen can be enumerated by passing '-l' to the sessions command. Passing '-i' will interact with a shell.
Metasploit For Web PenTesting • So how does this help me? • This sounds cool, but your full of shit….. Metasploit only works on NetPen tests
Metasploit For Web PenTesting
Metasploit For Web PenTesting • MSFPayload • a command-line instance of Metasploit that is used to generate and output all of the various types of shellcode that are available in Metasploit.
Metasploit For Web PenTesting
Metasploit For Web PenTesting
Metasploit For Web PenTesting • Start the Metasploit Listener • Use exploit/multi/handler
Metasploit For Web PenTesting
Metasploit For Web PenTesting
OSINT – Information Gathering
OSINT – Information Gathering • Information Gathering or Intelligence Gathering • Create a plan of attack • Gain an in-depth knowledge of the target • Record information for later use
OSINT – Information Gathering • Metasploit & Nmap • Uses Metasploit DB Connection • Stores Target information • • • • Ports Version Banners Scan Details
OSINT – Information Gathering • We need to create a Metasploit Framework DB and DB Connection • First we need to start the DB • service postgressql start
OSINT – Information Gathering • Launch MSFConsole and Connect to the DB • msfconsole
OSINT – Information Gathering • Connect to newly created DB • db_connect msfdev1:Password1@localhost:5432/msfdev2
OSINT – Information Gathering • Closer than Bert and Ernie • Metasploit Framework and Nmap
OSINT – Information Gathering • Calling Nmap from Metasploit Framework • nmap –PN –vvv ….. • Nmap can be called from within MSF and run natively • db_nmap –PN –vvv ….. • db_nmap will store the returned Nmap data to the MSF DB for use later
OSINT – Information Gathering • Metasploit Framework has many other Information Gathering Auxiliary Modules available • • • • • SMB scanning SQL scanning SSH scanning FTP scanning SNMP scanning
HeySexxyLady.pwnme
HeySexxyLady.pwnme • Metasploit Client-side Attacks • Browser Attacks • Buffer Overflow • Code Injection • Heap Spraying
HeySexxyLady.pwnme • Browser Based Exploits • Heap Spraying • “Heap” • Memory that is unallocated and used by the application as needed for the duration of the program’s runtime • NOP • No-Operation Instructions • Assembly Instruction to do Nothing until the next instruction • NOP Slide • Multiple NOP instructions in succession
HeySexxyLady.pwnme • NOP Slide
HeySexxyLady.pwnme • Create Payload • msfpayload windows/shell/bind_tcp LPORT=443 C
HeySexxyLady.pwnme • Copy the “Stage 1” Binary code
HeySexxyLady.pwnme • Copy & Edit the Binary Payload • Remove all un-needed characters • “ • x • Add “90”s to create NOP Slide
HeySexxyLady.pwnme • Load IE In Immunity Debugger
HeySexxyLady.pwnme • Paste the Binary Payload Into the Debugger
HeySexxyLady.pwnme • When Internet Explorer is run within Immunity Debugger the code will be executed
HeySexxyLady.pwnme • Does this work in the real world?
HeySexxyLady.pwnme • MS10-002 “Aurora”
HeySexxyLady.pwnme • Aurora In The Browser
HeySexxyLady.pwnme
HeySexxyLady.pwnme
HeySexxyLady.pwnme
HeySexxyLady.pwnme
Wrap Up Metasploit = Power
Wrap Up • Where can I get more information? • http://www.offensive-security.com/metasploit-unleashed/Introduction • Metasploit: The Penetration Tester's Guide • http://www.amazon.com/Metasploit-The-Penetration-Testers-Guide/dp/159327288X • www.KizzMyAnthia.com

Recomendados

Python for pentesters
Python for pentestersPython for pentesters
Python for pentestersRashid feroz
 
Reverse engineering with python
Reverse engineering with pythonReverse engineering with python
Reverse engineering with pythonn|u - The Open Security Community
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1tAmit Serper
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attackssecurityxploded
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Un) fucking forensics
Un) fucking forensicsUn) fucking forensics
Un) fucking forensicsShane Macaulay
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerShellmates
 
Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationTamas K Lengyel
 

Recomendados

Python for pentesters
Python for pentestersPython for pentesters
Python for pentestersRashid feroz
 
Reverse engineering with python
Reverse engineering with pythonReverse engineering with python
Reverse engineering with pythonn|u - The Open Security Community
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1tAmit Serper
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attackssecurityxploded
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Un) fucking forensics
Un) fucking forensicsUn) fucking forensics
Un) fucking forensicsShane Macaulay
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerShellmates
 
Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationTamas K Lengyel
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tatSensePost
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed OverviewSensePost
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingSteve Phillips
 
Docker Security
Docker SecurityDocker Security
Docker Securityantitree
 
CheckPlease - Payload-Agnostic Implant Security
CheckPlease - Payload-Agnostic Implant SecurityCheckPlease - Payload-Agnostic Implant Security
CheckPlease - Payload-Agnostic Implant SecurityBrandon Arvanaghi
 
Kasza smashing the_jars
Kasza smashing the_jarsKasza smashing the_jars
Kasza smashing the_jarsPacSecJP
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web HackerHeadLightSecurity
 
CheckPlease: Payload-Agnostic Targeted Malware
CheckPlease: Payload-Agnostic Targeted MalwareCheckPlease: Payload-Agnostic Targeted Malware
CheckPlease: Payload-Agnostic Targeted MalwareBrandon Arvanaghi
 
MIPS-X
MIPS-XMIPS-X
MIPS-XZoltan Balazs
 
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...JosephTesta9
 
Fuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsFuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsPawel Rzepa
 
The state of wireless security
The state of wireless security The state of wireless security
The state of wireless security Filip Waeytens
 
Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
pwnd.sh
pwnd.shpwnd.sh
pwnd.shChandrapal Badshah
 
DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?Rob Gillen
 
I believe in rust
I believe in rustI believe in rust
I believe in rustReidar Sollid
 
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow
 
CNIT 124: Ch 9: Password Attacks
CNIT 124: Ch 9: Password AttacksCNIT 124: Ch 9: Password Attacks
CNIT 124: Ch 9: Password AttacksSam Bowne
 
Hacking the Gateways
Hacking the GatewaysHacking the Gateways
Hacking the GatewaysOnur Alanbel
 
Black Holes
Black HolesBlack Holes
Black HolesJohn
 
Analysis: The Black Hole
Analysis: The Black HoleAnalysis: The Black Hole
Analysis: The Black Holekiggundm2613
 

Mais conteúdo relacionado

Mais procurados

Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tatSensePost
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed OverviewSensePost
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingSteve Phillips
 
Docker Security
Docker SecurityDocker Security
Docker Securityantitree
 
CheckPlease - Payload-Agnostic Implant Security
CheckPlease - Payload-Agnostic Implant SecurityCheckPlease - Payload-Agnostic Implant Security
CheckPlease - Payload-Agnostic Implant SecurityBrandon Arvanaghi
 
Kasza smashing the_jars
Kasza smashing the_jarsKasza smashing the_jars
Kasza smashing the_jarsPacSecJP
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web HackerHeadLightSecurity
 
CheckPlease: Payload-Agnostic Targeted Malware
CheckPlease: Payload-Agnostic Targeted MalwareCheckPlease: Payload-Agnostic Targeted Malware
CheckPlease: Payload-Agnostic Targeted MalwareBrandon Arvanaghi
 
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...JosephTesta9
 
Fuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsFuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsPawel Rzepa
 
The state of wireless security
The state of wireless security The state of wireless security
The state of wireless security Filip Waeytens
 
DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?Rob Gillen
 
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow
 
CNIT 124: Ch 9: Password Attacks
CNIT 124: Ch 9: Password AttacksCNIT 124: Ch 9: Password Attacks
CNIT 124: Ch 9: Password AttacksSam Bowne
 
Hacking the Gateways
Hacking the GatewaysHacking the Gateways
Hacking the GatewaysOnur Alanbel
 

Mais procurados (20)

Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed Overview
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration Testing
 
Docker Security
Docker SecurityDocker Security
Docker Security
 
CheckPlease - Payload-Agnostic Implant Security
CheckPlease - Payload-Agnostic Implant SecurityCheckPlease - Payload-Agnostic Implant Security
CheckPlease - Payload-Agnostic Implant Security
 
Kasza smashing the_jars
Kasza smashing the_jarsKasza smashing the_jars
Kasza smashing the_jars
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web Hacker
 
CheckPlease: Payload-Agnostic Targeted Malware
CheckPlease: Payload-Agnostic Targeted MalwareCheckPlease: Payload-Agnostic Targeted Malware
CheckPlease: Payload-Agnostic Targeted Malware
 
MIPS-X
MIPS-XMIPS-X
MIPS-X
 
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
 
Fuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugsFuzzing underestimated method of finding hidden bugs
Fuzzing underestimated method of finding hidden bugs
 
The state of wireless security
The state of wireless security The state of wireless security
The state of wireless security
 
Kali presentation
Kali presentationKali presentation
Kali presentation
 
pwnd.sh
pwnd.shpwnd.sh
pwnd.sh
 
DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?
 
I believe in rust
I believe in rustI believe in rust
I believe in rust
 
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"
 
CNIT 124: Ch 9: Password Attacks
CNIT 124: Ch 9: Password AttacksCNIT 124: Ch 9: Password Attacks
CNIT 124: Ch 9: Password Attacks
 
Hacking the Gateways
Hacking the GatewaysHacking the Gateways
Hacking the Gateways
 

Destaque

Black Holes
Black HolesBlack Holes
Black HolesJohn
 
Analysis: The Black Hole
Analysis: The Black HoleAnalysis: The Black Hole
Analysis: The Black Holekiggundm2613
 
The Black Hole In Science And Quran Ver1
The Black Hole In Science And Quran Ver1The Black Hole In Science And Quran Ver1
The Black Hole In Science And Quran Ver1greatest man
 
Black Hole By Pranita & Priyanka
Black Hole By Pranita & PriyankaBlack Hole By Pranita & Priyanka
Black Hole By Pranita & Priyankasubzero64
 
Black hole presentation
Black hole presentationBlack hole presentation
Black hole presentationGareth Jenkins
 
Sarita chauhan seminar on black hole
Sarita chauhan seminar on black holeSarita chauhan seminar on black hole
Sarita chauhan seminar on black holevishakhasarita
 
Black hole ppt
Black hole pptBlack hole ppt
Black hole ppttodipuja1
 

Destaque (10)

Black Holes
Black HolesBlack Holes
Black Holes
 
Analysis: The Black Hole
Analysis: The Black HoleAnalysis: The Black Hole
Analysis: The Black Hole
 
Supernova
SupernovaSupernova
Supernova
 
The Black Hole In Science And Quran Ver1
The Black Hole In Science And Quran Ver1The Black Hole In Science And Quran Ver1
The Black Hole In Science And Quran Ver1
 
Black Hole By Pranita & Priyanka
Black Hole By Pranita & PriyankaBlack Hole By Pranita & Priyanka
Black Hole By Pranita & Priyanka
 
Black hole presentation
Black hole presentationBlack hole presentation
Black hole presentation
 
Sarita chauhan seminar on black hole
Sarita chauhan seminar on black holeSarita chauhan seminar on black hole
Sarita chauhan seminar on black hole
 
Black holes
Black holesBlack holes
Black holes
 
Black hole ppt
Black hole pptBlack hole ppt
Black hole ppt
 
Black holes
Black holesBlack holes
Black holes
 

Semelhante a DefCamp 2013 - MSF Into The Worm Hole

Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitAnurag Srivastava
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber WeaponryJoshua L. Davis
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For BeginnersRamnath Shenoy
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing toolmedoelkang600
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
Introduction to metasploit
Introduction to metasploitIntroduction to metasploit
Introduction to metasploitGTU
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitGTU
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSecurity Scope
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploitTiago Henriques
 
JavaOne 2014 Security Testing for Developers using OWASP ZAP
JavaOne 2014 Security Testing for Developers using OWASP ZAPJavaOne 2014 Security Testing for Developers using OWASP ZAP
JavaOne 2014 Security Testing for Developers using OWASP ZAPSimon Bennetts
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 

Semelhante a DefCamp 2013 - MSF Into The Worm Hole (20)

Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber Weaponry
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
 
Metasploit
MetasploitMetasploit
Metasploit
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
Introduction to metasploit
Introduction to metasploitIntroduction to metasploit
Introduction to metasploit
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming Operation
 
SSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course SyllabusSSMF (Security Scope Metasploit Framework) - Course Syllabus
SSMF (Security Scope Metasploit Framework) - Course Syllabus
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
 
JavaOne 2014 Security Testing for Developers using OWASP ZAP
JavaOne 2014 Security Testing for Developers using OWASP ZAPJavaOne 2014 Security Testing for Developers using OWASP ZAP
JavaOne 2014 Security Testing for Developers using OWASP ZAP
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 

Mais de DefCamp

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht HackingDefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!DefCamp
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?DefCamp
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXDefCamp
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...DefCamp
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)DefCamp
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFADefCamp
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationDefCamp
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money downDefCamp
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...DefCamp
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochDefCamp
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareDefCamp
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?DefCamp
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured DefCamp
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.DefCamp
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber SecurityDefCamp
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering holeDefCamp
 

Mais de DefCamp (20)

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Último (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

DefCamp 2013 - MSF Into The Worm Hole

  • 1.
  • 2. Who Is This Ugly Dude In Front of Me? Kizz MyAnthia Senior Penetration Tester HP Fortify – ShadowLabs @Kizz_My_Anthia www.KizzMyAnthia.com
  • 3. Who Is This Ugly Dude In Front of Me? • Background: • Penetration Tester for 13 years • Network Engineer for 15 years • In IT for 18 years • Regulatory Technology Tester for 5 years • Specializes in mobile technologies and communications • Social Engineering • Physical Security
  • 4. • Introduction • PWN Bones • Metasploit Framework Parts • Metasploit for Web PenTesting • Direct Exploits • Browser Exploits • HeySexxyLady.pwnme • Client-side Attacks • Wrap Up
  • 6. The PWN Bone is connected to the ‘sploit bone • Metasploit is a Framework built like a skeletal structure • Each part builds on the others • • • • • • • • Exploit Payload Shellcode Modules Listeners Auxiliary Modules Plugins Utilities
  • 7. PWN Bones • Exploit • The means by which an attacker, or pen tester, takes advantage of a flaw within a system, application, or service. • Common eploits include: • Buffer Overflows • SQL Injections • Configuration Errors
  • 8. PWN Bones • Payload • Code that is executed within an exploit • These are selected and delivered by the Metasploit Framework • Reverse Shell • The payload creates a connection from the target machine back to the attacker • Bind Shell • “Binds” a command prompt to a listening port on the target machine that the attacker can connect to
  • 9. PWN Bones • Shellcode • A set of instructions used as a payload when exploitation occurs
  • 10. PWN Bones • Modules • Whereas Metasploit is concerned, Modules are the pieces of software used by the framework to perform a specific task • Exploit Modules • Auxiliary Modules
  • 11. PWN Bones • Listeners • A Metasploit Framework component • Waits for incoming connections or Reverse Payloads • Handles the remote connection
  • 12. PWN Bones • Auxiliary Modules • • • • Reconnaissance Brute-force Fuzzers Custom
  • 13. PWN Bones • Plugins • Applications that leverage the Metasploit Framework for exploitation • SET • Social Engineers Toolkit • WMAP • Web Application Scanner • Fast-track • Open source Python based tool to help perform advanced penetration testing techniques
  • 14. PWN Bones • Utilities • MSFPayload • MSFEncode • MSFVenom
  • 15. PWN Bones – WMAP • WMAP • Web Application “Scanner” • Focuses on utilizing the MSF Web Scanning & Data Collection Modules • Not a “Real” scanner
  • 16. PWN Bones - SET • SET – Social Engineers Toolkit – Social-Engineer.org • Conceived by Chris Hadnagy (loganWHD) • Written by David Kennedy • Used to perform attacks against human weaknesses exploiting curiosity, credibility, avarice and human stupidity
  • 17. Metasploit For Web PenTesting
  • 18. Metasploit For Web PenTesting • Direct Exploits • Host/Server Exploits • Service Exploits • “Feature” Exploits • Browser Exploits • MS10-002 “Aurora” • Tab Nabbing • Browser AutoPWN
  • 19. Metasploit For Web PenTesting • Direct Exploits • will exploit a specific host, run until completion, and then exit
  • 20. Metasploit For Web PenTesting • Passive exploits wait for incoming hosts and exploit them as they connect. Passive exploits almost always focus on clients such as web browsers, FTP clients, etc. • They can also be used in conjunction with email exploits, waiting for connections. • Passive exploits report shells as they happen can be enumerated by passing '-l' to the sessions command. Passing '-i' will interact with a shell.
  • 21. Metasploit For Web PenTesting • So how does this help me? • This sounds cool, but your full of shit….. Metasploit only works on NetPen tests
  • 22. Metasploit For Web PenTesting
  • 23. Metasploit For Web PenTesting • MSFPayload • a command-line instance of Metasploit that is used to generate and output all of the various types of shellcode that are available in Metasploit.
  • 24. Metasploit For Web PenTesting
  • 25. Metasploit For Web PenTesting
  • 26. Metasploit For Web PenTesting • Start the Metasploit Listener • Use exploit/multi/handler
  • 27. Metasploit For Web PenTesting
  • 28. Metasploit For Web PenTesting
  • 30. OSINT – Information Gathering • Information Gathering or Intelligence Gathering • Create a plan of attack • Gain an in-depth knowledge of the target • Record information for later use
  • 31. OSINT – Information Gathering • Metasploit & Nmap • Uses Metasploit DB Connection • Stores Target information • • • • Ports Version Banners Scan Details
  • 32. OSINT – Information Gathering • We need to create a Metasploit Framework DB and DB Connection • First we need to start the DB • service postgressql start
  • 33. OSINT – Information Gathering • Launch MSFConsole and Connect to the DB • msfconsole
  • 34. OSINT – Information Gathering • Connect to newly created DB • db_connect msfdev1:Password1@localhost:5432/msfdev2
  • 35. OSINT – Information Gathering • Closer than Bert and Ernie • Metasploit Framework and Nmap
  • 36. OSINT – Information Gathering • Calling Nmap from Metasploit Framework • nmap –PN –vvv ….. • Nmap can be called from within MSF and run natively • db_nmap –PN –vvv ….. • db_nmap will store the returned Nmap data to the MSF DB for use later
  • 37. OSINT – Information Gathering • Metasploit Framework has many other Information Gathering Auxiliary Modules available • • • • • SMB scanning SQL scanning SSH scanning FTP scanning SNMP scanning
  • 39. HeySexxyLady.pwnme • Metasploit Client-side Attacks • Browser Attacks • Buffer Overflow • Code Injection • Heap Spraying
  • 40. HeySexxyLady.pwnme • Browser Based Exploits • Heap Spraying • “Heap” • Memory that is unallocated and used by the application as needed for the duration of the program’s runtime • NOP • No-Operation Instructions • Assembly Instruction to do Nothing until the next instruction • NOP Slide • Multiple NOP instructions in succession
  • 42. HeySexxyLady.pwnme • Create Payload • msfpayload windows/shell/bind_tcp LPORT=443 C
  • 43. HeySexxyLady.pwnme • Copy the “Stage 1” Binary code
  • 44. HeySexxyLady.pwnme • Copy & Edit the Binary Payload • Remove all un-needed characters • “ • x • Add “90”s to create NOP Slide
  • 45. HeySexxyLady.pwnme • Load IE In Immunity Debugger
  • 46. HeySexxyLady.pwnme • Paste the Binary Payload Into the Debugger
  • 47. HeySexxyLady.pwnme • When Internet Explorer is run within Immunity Debugger the code will be executed
  • 48. HeySexxyLady.pwnme • Does this work in the real world?
  • 56. Wrap Up • Where can I get more information? • http://www.offensive-security.com/metasploit-unleashed/Introduction • Metasploit: The Penetration Tester's Guide • http://www.amazon.com/Metasploit-The-Penetration-Testers-Guide/dp/159327288X • www.KizzMyAnthia.com