SlideShare une entreprise Scribd logo

Finalppt metasploit

Télécharger en tant que PPTX, PDF
D
devilback
1  sur  57
By- RAHUL BHUTKAR (B/5) NIKHIL BIRARI(B/6)
What is Metasploit? • A collaboration between the open source community and Rapid7, Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments, providing true security risk intelligence. • Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. • Teams can collaborate in Metasploit and present their findings in consolidated reports. • Metasploit editions range from a free edition to professional enterprise editions, all based on the Metasploit Framework, an open source software development kit with the world's largest, public collection of quality-assured exploits.
Metasploit is a hacking framework written in ruby. It is designed to help make writing and executing exploits as simple as possible.
History of the Metasploit Project •MetasploitProject –HD Moore & Friends –A community-driven project since 2003 •Rapid7 –Maker of NeXposeVulnerability Management –Purchase the Project from HD •MetasploitFramework –The original open-source exploit framework
Metasploit Versions •1.0 released in 2003 (Perl) •2.0 released in 2004 (Better Perl) –2.7 released in late 2006 •3.0 released in 2007 (Ruby) –3.2 released in late 2008 –3.3 released in late 2009 –3.4 released in early 2010 –3.4.1 is the most recent release •Metasploitnow has 567 exploits and 283 auxiliary modules (up from 551 and 261 in v3.4)
Metasploit Framework Overview Open source tool Used for Penetration testing IDS Signature Development Exploit Research Consists of Web server Console Signatures
Runs on any operating system Source code for Linux/Unix/MacOS X Portable to Windows via CYGWIN Allows anyone to exploit & usually “root” certain machines with only an IP address and a basic background of the system Requires no knowledge of the software bug, or exploit machine code
Metasploit Framework Overview Versions Open source tool Used for Penetration testing IDS Signature Development Exploit Research Consists of Web server Console Signatures
Penetration Testing Overview Active evaluation of a system or network of systems Assume the role of a black hat hacker or “bad guy” Often uses the same tools as hackers
Metasploit brings together many of the tools and techniques used by hackers
What is penetration testing? Penetration testing, often called “pentesting”,“pen testing”, or “security testing”, is the practice of attacking your own or your clients’ IT systems in the same way a hacker would to identify security holes. Of course, you do this without actually harming the network. The person carrying out a penetration test is called a penetration tester or pentester. Let’s make one thing crystal clear: Penetration testing requires that you get permission from the person who owns the system. Otherwise, you would be hacking the system, which is illegal in most countries – and trust me, you don’t look good in an orange jump suit.
You can become a penetration tester at home by testing your own server and later make a career out of it. At Rapid7, we have a team of professionals that pentest government and enterprise IT systems for a living. And let me tell you, they enjoy their job! To better understand penetration testing, you first need to understand the basic security concepts of vulnerabilities, exploits, and payloads.
What is a vulnerability? • A vulnerability is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system. A vulnerability can be as simple as weak passwords or as complex as buffer overflows or SQL injection vulnerabilities. • To test if you have any vulnerabilities in your systems, you typically use a vulnerability management solution, also known as a vulnerability scanner or vulnerability assessment solution. If you would like to get your hands on a free vulnerability scanner, try NeXpose Community Edition, one of Metasploit’s sister projects. • Vulnerability Scanning • Vulnerability scanning will allow you to quickly scan a target IP range looking for known vulnerabilities, giving a penetration tester a quick idea of what attacks might be worth conducting. When used properly, this is a great asset to a pen tester, yet it is not without it's draw backs. Vulnerability scanning is well known for a high false positive and false negative rate. This has to be kept in mind when working with any vulnerability scanning software. • Lets look through some of the vulnerability scanning capabilities that the Metasploit Framework can provide.
What is security research? • Vulnerabilities are typically found by security researchers, which is a posh term for smart people who like to find flaws in systems and break them. At Rapid7, we have a team of vulnerability researchers that do nothing else all day. Trust us, this can be a lot of fun. • Like penetration testing, security research can be used for good and evil. Some countries don’t make the distinction and outlaw security research completely, so make sure you check your country’s legislation before you start researching and especially before you publish any research.
What is an exploit? • To take advantage of a vulnerability, you often need an exploit, a small and highly specialized computer program whose only reason of being is to take advantage of a specific vulnerability and to provide access to a computer system. Exploits often deliver a payload to the target system to grant the attacker access to the system. • The Metasploit Project host the world’s largest public database of quality-assured exploits. Have a look at our exploit database – it’s right here on the site. • Even the name Metasploit comes from the term “exploit”. Metasploit was the first software to provide a common framework for a large selection of exploits. Think of it as an abstraction layer (“Meta”) for exploits (abbreviated “sploits”). Get it?
WARNINGS :  Metasploit is very powerful, and very dangerous  This is a briefing of a demo I did on my own systems & network, not a “live” demo  I used VMWare to isolate the operating system from other systems and the internet  Use of this an any unauthorized way will get you fired/arrested/deported/smited by God, etc...
Installation Installed on both Windows and Linux with same results/ease of use Uses a web server as interface Signature updates downloaded automatically Started the web server & logged in
Web Interface
Demo  System 1 – Linux  Used Redhat 8 – Released Sept 2002, still in wide use  Running services – samba (file sharing), and SSH
Linux system - Port scan
Linux system - Port scan  Nmap reveals several things  Services – SSH, rpcbind, filesharing  Operating System – Linux, kernel version – 2.4.6 – 2.4.26, or 2.4.9, 2.6.5 – 2.6.11  Doesn’t tell us the distribution, but we can guess
Demo  Select “linux” from exploit filters
Demo  Filesharing (port 139) is running on a linux machine  Assume samba is running  Choose “samba trans2open” from list of exploits
What is a payload? • A payload is the piece of software that lets you control a computer system after it’s been exploited. The payload is typically attached to and delivered by the exploit. Just imagine an exploit that carries the payload in its backpack when it breaks into the system and then leaves the backpack there. Yes, it’s a corny description, but you get the picture. • Metasploit’s most popular payload is called Meterpreter, which enables you to do all sorts of funky stuff on the target system. For example, you can upload and download files from the system, take screenshots, and collect password hashes. You can even take over the screen, mouse, and keyboard to fully control the computer. If you’re feeling particularly bad-ass, you can even turn on a laptop’s webcam and be a fly on the wall.
Demo  Payloads  Add User  Bind – shell  Exec – execute one command  And many more  Chose “linux_ia32_bind”
Demo  I had little success with “check” option.  Most of the time, metasploit would say it was not vulnerable, however, it was  Run Exploit
Demo  Shell access opens up the doors to any other service  Steal passwords  Add/delete users  Alter/disrupt services  Download files  Change files  Change logs  Full access to any other privilege services on other machines
Summary  Metasploit is very easy to use, and very powerful  Web interface allows the scans to be run from any system, on any operating system  Evidence may or may not be left behind on the system  IDS/IPS will sense these exploits  Only contains old & well known exploits
Bibliography : www.metasploit.com www.wikipedia.com www.rapid7.com

Recommandé

Metaploit
MetaploitMetaploit
MetaploitAjinkya Pathak
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminarhenelpj
 
Metasploit
MetasploitMetasploit
MetasploitLalith Sai
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framworkDeepanshu Gajbhiye
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitGTU
 
Metasploit
MetasploitMetasploit
MetasploitInstitute of Information Security (IIS)
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 

Recommandé

Metaploit
MetaploitMetaploit
MetaploitAjinkya Pathak
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminarhenelpj
 
Metasploit
MetasploitMetasploit
MetasploitLalith Sai
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framworkDeepanshu Gajbhiye
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitGTU
 
Metasploit
MetasploitMetasploit
MetasploitInstitute of Information Security (IIS)
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 
Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitAnurag Srivastava
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploitAashish R
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with MetasploitM.Syarifudin, ST, OSCP, OSWP
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with MetasploitMohammed Danish Amber
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For BeginnersRamnath Shenoy
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android DemoArpit Agarwal
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitHossein Yavari
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Metasploit
MetasploitMetasploit
MetasploitParth Sahu
 
mimikatz @ phdays
mimikatz @ phdaysmimikatz @ phdays
mimikatz @ phdaysBenjamin Delpy
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorialVarun Kakumani
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
OpenVAS
OpenVASOpenVAS
OpenVASsvm
 
Introduction to metasploit
Introduction to metasploitIntroduction to metasploit
Introduction to metasploitGTU
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linuxHammad Ahmed Khawaja
 

Contenu connexe

Tendances

Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitAnurag Srivastava
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploitAashish R
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For BeginnersRamnath Shenoy
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android DemoArpit Agarwal
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitHossein Yavari
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
OpenVAS
OpenVASOpenVAS
OpenVASsvm
 

Tendances (20)

Metasploit
MetasploitMetasploit
Metasploit
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploit
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
 
Pen-Testing with Metasploit
Pen-Testing with MetasploitPen-Testing with Metasploit
Pen-Testing with Metasploit
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android Demo
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Metasploit
MetasploitMetasploit
Metasploit
 
mimikatz @ phdays
mimikatz @ phdaysmimikatz @ phdays
mimikatz @ phdays
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorial
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
OpenVAS
OpenVASOpenVAS
OpenVAS
 

Similaire à Finalppt metasploit

Introduction to metasploit
Introduction to metasploitIntroduction to metasploit
Introduction to metasploitGTU
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing toolmedoelkang600
 
Eliz seminar
Eliz seminar Eliz seminar
Eliz seminar henelpj
 
24 33 -_metasploit
24 33 -_metasploit24 33 -_metasploit
24 33 -_metasploitwozgeass
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Setia Juli Irzal Ismail
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdfBeratAkit
 
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxAmardeepKumar621436
 

Similaire à Finalppt metasploit (20)

Introduction to metasploit
Introduction to metasploitIntroduction to metasploit
Introduction to metasploit
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
 
Eliz seminar
Eliz seminar Eliz seminar
Eliz seminar
 
24 33 -_metasploit
24 33 -_metasploit24 33 -_metasploit
24 33 -_metasploit
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
 
App locker
App lockerApp locker
App locker
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdf
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
 
soctool.pdf
soctool.pdfsoctool.pdf
soctool.pdf
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
Metaploit
MetaploitMetaploit
Metaploit
 

Finalppt metasploit

  • 1. By- RAHUL BHUTKAR (B/5) NIKHIL BIRARI(B/6)
  • 2. What is Metasploit? • A collaboration between the open source community and Rapid7, Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments, providing true security risk intelligence. • Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. • Teams can collaborate in Metasploit and present their findings in consolidated reports. • Metasploit editions range from a free edition to professional enterprise editions, all based on the Metasploit Framework, an open source software development kit with the world's largest, public collection of quality-assured exploits.
  • 3. Metasploit is a hacking framework written in ruby. It is designed to help make writing and executing exploits as simple as possible.
  • 4. History of the Metasploit Project •MetasploitProject –HD Moore & Friends –A community-driven project since 2003 •Rapid7 –Maker of NeXposeVulnerability Management –Purchase the Project from HD •MetasploitFramework –The original open-source exploit framework
  • 5. Metasploit Versions •1.0 released in 2003 (Perl) •2.0 released in 2004 (Better Perl) –2.7 released in late 2006 •3.0 released in 2007 (Ruby) –3.2 released in late 2008 –3.3 released in late 2009 –3.4 released in early 2010 –3.4.1 is the most recent release •Metasploitnow has 567 exploits and 283 auxiliary modules (up from 551 and 261 in v3.4)
  • 6. Metasploit Framework Overview Open source tool Used for Penetration testing IDS Signature Development Exploit Research Consists of Web server Console Signatures
  • 7. Runs on any operating system Source code for Linux/Unix/MacOS X Portable to Windows via CYGWIN Allows anyone to exploit & usually “root” certain machines with only an IP address and a basic background of the system Requires no knowledge of the software bug, or exploit machine code
  • 8.
  • 9. Metasploit Framework Overview Versions Open source tool Used for Penetration testing IDS Signature Development Exploit Research Consists of Web server Console Signatures
  • 10. Penetration Testing Overview Active evaluation of a system or network of systems Assume the role of a black hat hacker or “bad guy” Often uses the same tools as hackers
  • 11. Metasploit brings together many of the tools and techniques used by hackers
  • 12. What is penetration testing? Penetration testing, often called “pentesting”,“pen testing”, or “security testing”, is the practice of attacking your own or your clients’ IT systems in the same way a hacker would to identify security holes. Of course, you do this without actually harming the network. The person carrying out a penetration test is called a penetration tester or pentester. Let’s make one thing crystal clear: Penetration testing requires that you get permission from the person who owns the system. Otherwise, you would be hacking the system, which is illegal in most countries – and trust me, you don’t look good in an orange jump suit.
  • 13. You can become a penetration tester at home by testing your own server and later make a career out of it. At Rapid7, we have a team of professionals that pentest government and enterprise IT systems for a living. And let me tell you, they enjoy their job! To better understand penetration testing, you first need to understand the basic security concepts of vulnerabilities, exploits, and payloads.
  • 14. What is a vulnerability? • A vulnerability is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system. A vulnerability can be as simple as weak passwords or as complex as buffer overflows or SQL injection vulnerabilities. • To test if you have any vulnerabilities in your systems, you typically use a vulnerability management solution, also known as a vulnerability scanner or vulnerability assessment solution. If you would like to get your hands on a free vulnerability scanner, try NeXpose Community Edition, one of Metasploit’s sister projects. • Vulnerability Scanning • Vulnerability scanning will allow you to quickly scan a target IP range looking for known vulnerabilities, giving a penetration tester a quick idea of what attacks might be worth conducting. When used properly, this is a great asset to a pen tester, yet it is not without it's draw backs. Vulnerability scanning is well known for a high false positive and false negative rate. This has to be kept in mind when working with any vulnerability scanning software. • Lets look through some of the vulnerability scanning capabilities that the Metasploit Framework can provide.
  • 15. What is security research? • Vulnerabilities are typically found by security researchers, which is a posh term for smart people who like to find flaws in systems and break them. At Rapid7, we have a team of vulnerability researchers that do nothing else all day. Trust us, this can be a lot of fun. • Like penetration testing, security research can be used for good and evil. Some countries don’t make the distinction and outlaw security research completely, so make sure you check your country’s legislation before you start researching and especially before you publish any research.
  • 16. What is an exploit? • To take advantage of a vulnerability, you often need an exploit, a small and highly specialized computer program whose only reason of being is to take advantage of a specific vulnerability and to provide access to a computer system. Exploits often deliver a payload to the target system to grant the attacker access to the system. • The Metasploit Project host the world’s largest public database of quality-assured exploits. Have a look at our exploit database – it’s right here on the site. • Even the name Metasploit comes from the term “exploit”. Metasploit was the first software to provide a common framework for a large selection of exploits. Think of it as an abstraction layer (“Meta”) for exploits (abbreviated “sploits”). Get it?
  • 17. WARNINGS :  Metasploit is very powerful, and very dangerous  This is a briefing of a demo I did on my own systems & network, not a “live” demo  I used VMWare to isolate the operating system from other systems and the internet  Use of this an any unauthorized way will get you fired/arrested/deported/smited by God, etc...
  • 18. Installation Installed on both Windows and Linux with same results/ease of use Uses a web server as interface Signature updates downloaded automatically Started the web server & logged in
  • 20.
  • 21.
  • 22.
  • 23. Demo  System 1 – Linux  Used Redhat 8 – Released Sept 2002, still in wide use  Running services – samba (file sharing), and SSH
  • 24. Linux system - Port scan
  • 25. Linux system - Port scan  Nmap reveals several things  Services – SSH, rpcbind, filesharing  Operating System – Linux, kernel version – 2.4.6 – 2.4.26, or 2.4.9, 2.6.5 – 2.6.11  Doesn’t tell us the distribution, but we can guess
  • 26. Demo  Select “linux” from exploit filters
  • 27.
  • 28. Demo  Filesharing (port 139) is running on a linux machine  Assume samba is running  Choose “samba trans2open” from list of exploits
  • 29.
  • 30.
  • 31.
  • 32.
  • 33. What is a payload? • A payload is the piece of software that lets you control a computer system after it’s been exploited. The payload is typically attached to and delivered by the exploit. Just imagine an exploit that carries the payload in its backpack when it breaks into the system and then leaves the backpack there. Yes, it’s a corny description, but you get the picture. • Metasploit’s most popular payload is called Meterpreter, which enables you to do all sorts of funky stuff on the target system. For example, you can upload and download files from the system, take screenshots, and collect password hashes. You can even take over the screen, mouse, and keyboard to fully control the computer. If you’re feeling particularly bad-ass, you can even turn on a laptop’s webcam and be a fly on the wall.
  • 34.
  • 35. Demo  Payloads  Add User  Bind – shell  Exec – execute one command  And many more  Chose “linux_ia32_bind”
  • 36.
  • 37.
  • 38.
  • 39.
  • 40. Demo  I had little success with “check” option.  Most of the time, metasploit would say it was not vulnerable, however, it was  Run Exploit
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55. Demo  Shell access opens up the doors to any other service  Steal passwords  Add/delete users  Alter/disrupt services  Download files  Change files  Change logs  Full access to any other privilege services on other machines
  • 56. Summary  Metasploit is very easy to use, and very powerful  Web interface allows the scans to be run from any system, on any operating system  Evidence may or may not be left behind on the system  IDS/IPS will sense these exploits  Only contains old & well known exploits