pentesting with metasploit
DESCRIPTION
Pentesting? What is Pentesting? Why Pentesting? Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breachesTRANSCRIPT
PenTesting with Metasploit FrameworkPresented by –
Sudarshan Pawar
Prakashchandra Suthar
Information Security is our Forte…
Phone: +91-20-24333311
Email: [email protected]
Web: http://beaconedutech.com
Address: 303, Renata Chambers,
2145, Sadashiv Peth,
Pune, Maharashtra, India – 411030
“From 2008 Backtrack started giving machine guns to monkeys “
Information Security is our Forte…
Agenda
• What is PenTesting?
• Why PenTesting?
• Traditional Methodologies
• Metasploit
• Metasploit Terminologies
• Demo
• Is Metasploit the ans.?
12
/7/2
01
3B
eaco
n E
du
tech
2
Getting Started
• What is PenTesting?
• Art or approach in an attempt to break-in into authorised digital environment.
• Why PenTesting?
• Explore your security & trying to patch them
• Find vulnerabilities before others(bad guys) do
• …
12
/7/2
01
3B
eaco
n E
du
tech
3
Need of Pentesting
• Millions of dollars have been invested in security programs to protect critical infrastructure to prevent data breaches.
• Penetration Test is one of the most effective ways to identify weaknesses and deficiencies in these programs.
-Metasploit –The Penetration Tester’s Guide by HD Moore
12
/7/2
01
3B
eaco
n E
du
tech
4
Pentesting Phases
12
/7/2
01
3B
eaco
n E
du
tech
5
Reconnaissance
Vulnerability Assessment & Analysis
Exploitation
Post Exploitation
Reporting
Traditional Pentesting
12
/7/2
01
3B
eaco
n E
du
tech
6
Traditional Pentesting
12
/7/2
01
3B
eaco
n E
du
tech
7
Public Exploit Gathering
Change Offset
Replace Shellcode
What is Metasploit?
• Not just a tool, but an entire framework
• An Open source platform for writing security tools and exploits
• Easily build attack vectors to add its exploits, payloads, encoders,
• Create and execute more advanced attack
• Built in RUBY
12
/7/2
01
3B
eaco
n E
du
tech
8
Architecture
12
/7/2
01
3B
eaco
n E
du
tech
9
Why use Metasploit?
• Easy to Use
• 600+ Exploits
• 200+ payloads
• 25+ encoders
• 300+ auxiliary
12
/7/2
01
3B
eaco
n E
du
tech
10
Traditional Pentest Vs Metasploit
12
/7/2
01
3B
eaco
n E
du
tech
11
Traditional Pentest Vs Metasploit
12
/7/2
01
3B
eaco
n E
du
tech
12
Load Metasploit
Choose the target OS
Use exploit
SET Payload
Execute
Public Exploit Gathering
Change Offset
Replace Shellcode
Metasploit Interface
• MSFconsole
• MSFcli
• Msfweb, msfgui ( discontinued)
• Metasploit Pro
• Armitage
12
/7/2
01
3B
eaco
n E
du
tech
13
Metasploit Terminologies• Exploit : The means by which a Pentester takes an
advantages of a flaw within system, application, or service
• Payload : Code that we want the target system to execute on our command
• Shellcode : Set of instructions used as payload when exploitation occurs
• Module : Support software that can be used by Metasploit
• Listener : A component for waiting an incoming connection
12
/7/2
01
3B
eaco
n E
du
tech
14
Netapi exploit 12
/7/2
01
3B
eaco
n E
du
tech
15
Vulnerability : NetAPI32.dll file that allows remote code executionProcess name: Microsoft LAN Manager DLL Application using this process: Microsoft network
Meterpreter
• A.k.a Meta Interpreter
• Post exploitation payload(tool)
• Uses in-memory DLL injection
• Can be extended over the run time
• Encrypted communication
12
/7/2
01
3B
eaco
n E
du
tech
16
What can be done• Command execution
• File Upload/Download
• Process migration
• Log Deletion
• Privilege escalation
• Registry modification
• Deleting logs and killing antivirus
• Backdoors and Rootkits
• Pivoting
• …..etc.
12
/7/2
01
3B
eaco
n E
du
tech
17
Demo Meterpreter
12
/7/2
01
3B
eaco
n E
du
tech
18
Thanks To…
• BackTrack and Kali Linux
• Metasploit Team (HD Moore & Rapid7)
• Offensive Security
12
/7/2
01
3B
eaco
n E
du
tech
19
References• http://docs.kali.org/
• http://www.metasploit.com
• http://www.offensive-security.com/metasploit-unleashed/
• http://www.processlibrary.com/en/directory/files/netapi32/21334/
• http://support.microsoft.com/kb/958644
12
/7/2
01
3B
eaco
n E
du
tech
20
Discussion …
12
/7/2
01
3B
eaco
n E
du
tech
21
RULES…
• Group Discussion about
“Pentesting with Metasploit –Yes/No ”
• Rules
• Don’t Hesitate to raise a point (We all are learners)
• No Rocket Science required.
• Its not a debate, so chill.
12
/7/2
01
3B
eaco
n E
du
tech
22