Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Metasploit Framework

advertisement 
Pentesting
using
Metasploit
Ștefan Cătălin Hanu
12.04.2014
The emerging market of stolen personal
information and company secrets pose an ever
growing strain on the IT industry. Securing ones
servers and applications is the daunting task of the
pen-testers. They must be one step ahead of the
attackers so that any vulnerabilities can be safely
patched before exposing YOUR data to the bad guys.
There is an A for everything
 Theoretical
side of things
 Definitions
 Vocab
 ISTQB
 Practical
(realistic )
side of things
 Activities and
their benefits
 Good
practices
 Things to
remember
 Lessons to
learn
 Examples
Agenda
1. Pentesting
• Pentesting vs Vulnerability Assessment
• Is it necessary?
• To the battle stations!
2. Metasploit framework
• Versions and basics
• What does it do?
• Meterpreter
3. Metasploit – practical display
• Presenting the Web UI
• Command line anyone?
4. VM Security – hands on testing
• Basic VM setting
• Basic scenario
5. Conclusions
6. Questions?
Pentesting
• In 2013 there were 4607 CVEs and 13073 vulnerabilities
• Successfully exploited vulnerabilities can affect you or your
company
• What can we do?
Pentesting
• Penetration testing (pen-testing or pentesting) is the process of
legally attacking a computer system with the purpose of finding
vulnerabilities and exploiting them
• The process includes probing for vulnerabilities as well as
providing proof of concept (PoC) attacks
• A successful testing attempt could expose confidential data and
should provide recommendations for addressing and fixing the
issues
• Types: Internal, External and Hybrid
Pentesting
Pentesting vs Vulnerability Assessment
- Vulnerability Assessment places the emphasis on identifying areas
that are vulnerable without compromising the system
- Pentesting focuses on finding vulnerabilities and exploit all the
layers: it simulates a hacker attack
Pentesting
Pentesting vs Vulnerability Assessment
Pentesting
Is it necessary?
- Identifies vulnerabilities that automated systems cannot find
- Assesses how the systems react in a real case scenario
- Gives clues to what information might leak
- Tests a company response time and ability to detect intruders
- Gives meaningful information about the vulnerabilities and how to
fix them
Pentesting
To the battle stations!
- Common tools and frameworks:
- Metasploit Framework (Nexpose);
- Burp Suite;
- Hydra;
- John the Ripper;
- Maltego;
- Nmap/Zenmap;
- The Zed Attack Proxy (ZAP) ;
- Sqlmap;
- Wireshark;
- Mitmproxy;
- W3af;
- Specialized OS distributions (Linux):
- Kali Linux;
- Backtrack – discontinued;
- Pentoo;
Metasploit Framework
- An exploitation framework written in Ruby, currently at version
4.9.1
- It’s modular
- Contains exploits, payloads, encoders and auxiliaries
- The framework is Open Source
Metasploit Framework
Versions and basics
- Metasploit Framework Edition
• The free version
- Metasploit Community Edition
• A free, web-based user interface for Metasploit
- Metasploit Express
• An open-core commercial edition for security teams who need to
verify vulnerabilities
- Metasploit Pro
• An open-core commercial Metasploit edition for penetration testers
- Armitage
• Is a graphical cyber attack management tool for the Metasploit
Project that visualizes targets and recommends exploits.
Metasploit Framework
What does it do?
- It is basically a tool for the development of exploits and the testing
of these exploits on live targets
- Can be used for penetration testing, risk assessment, vulnerability
research, and other security developmental practices such as IDS
and the intrusion prevention system ( IPS ).
Metasploit Framework
Meterpreter
- Is an advanced, dynamically extensible payload that uses inmemory DLL injection stagers and is extended over the network at
runtime
- Stealthy
- Powerful
- Extensible
- Features can be added at runtime: new features are added to
Meterpreter by loading extensions.
Metasploit
Presenting the Web UI
- To access the Metasploit Web UI, open a browser and go to
https://localhost:3790 if Metasploit Pro runs on your local
machine
- If Metasploit Pro runs on a remote machine, replace localhost
with the address of the remote machine.
Metasploit
Presenting the Web UI
Practical example - presenting the Web UI
Metasploit
Command line anyone?
- msfconsole is probably the most popular interface to the MSF
- It provides an "all-in-one" centralized console
Metasploit
Command line anyone?
Practical example – presenting the console
VM Security
Basic VM setting
- Metasploitable2 VM
• Intentionally vulnerable version of Ubuntu Linux
• Loaded with exploitable services, backdoors, web services, etc
- Kali Linux 1.0.6
• Based on Ubuntu
• Replaces the old Backtrack
• Packed with Pentesting tools
• Live CD compatible
VM Security
Basic scenario
- We have our web application running on a Linux server (in our
case, Metasploitable) and need to test for vulnerabilities
- Using the Web UI, we scan the network and find our target and
start a web scan
- Check the results and patch things up
VM Security
Basic scenario
VM Security
Basic scenario
Conclusions
• While the IT industry is evolving, every new feature, and even
every new bug fix can potentially create new vulnerabilities
• Testing software, systems or networks is time consuming and
requires a specialized team
• Large companies will have a full audit every six months and
continuous pentesting teams on site
• Ultimately, pentesting is a must, and Metasploit is the best in the
field
Resources
Pentesting vs Vulnerability Assessment
-
https://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf
Metasploit: The Penetration Tester's Guide (ISBN-13: 978-1593272883)
The Hacker Playbook: Practical Guide To Penetration Testing (ISBN-13: 978-1494932633)
https://community.rapid7.com (Metasploit Framework)
https://community.rapid7.com/docs/DOC-1875 (Metasploitable2)
http://www.offensive-security.com/metasploit-unleashed/Main_Page
http://secunia.com/?action=fetch&filename=Secunia_Vulnerability_Review_2014.pdf
http://www.tenable.com/products/nessus (Nessus Vulnerability Scanner)
http://www.portswigger.net/burp/ (Burp Suite)
https://www.thc.org/thc-hydra/ (Hydra)
http://www.openwall.com/john/ (John the Ripper)
https://www.paterva.com/web6/products/maltego.php (Maltego)
http://nmap.org/ (Nmap/Zenmap)
https://code.google.com/p/zaproxy/ (ZAP)
http://sqlmap.org/ (sqlmap)
http://www.wireshark.org/ (Wireshark)
Resources
Pentesting vs Vulnerability Assessment
-
http://mitmproxy.org/ (mitmproxy)
http://w3af.org/ (w3af)
http://www.kali.org/ (Kali Linux)
http://dev.metasploit.com/documents/meterpreter.pdf
Related documents
Collaboration Policy: CP-9 (Work together as a group, hand in... Names: _____________________ _____________________ ________________________
Collaboration Policy: CP-9 (Work together as a group, hand in... Names: _____________________ _____________________ ________________________
Security Penetration Testing and Ethical Hacking
Security Penetration Testing and Ethical Hacking
11-Metasploit
11-Metasploit
to Presentation Slides
to Presentation Slides
Scanners and Metasploit - Network Penetration and Security
Scanners and Metasploit - Network Penetration and Security
Microsoft PowerPoint - Hacker Demo2.pr\346sentation.pptx
Microsoft PowerPoint - Hacker Demo2.pr\346sentation.pptx
System Penetration with Metasploit Framework and nmap
System Penetration with Metasploit Framework and nmap
PowerPoint - Kernel Meltdown
PowerPoint - Kernel Meltdown
Metasploit Express User Guide Metasploit Express User Guide
Metasploit Express User Guide Metasploit Express User Guide
Download
advertisement