Exploiting Metasploitable 2 with Metasploit in Kali-Linux 2016

Slides:



Advertisements
Similar presentations
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Advertisements

Offensive Security Part 1 Basics of Penetration Testing
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Network Security Testing Techniques Presented By:- Sachin Vador.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.
Web server security Dr Jim Briggs WEBP security1.
Computer Security and Penetration Testing
MIS Week 3 Site:
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
Browser Exploitation Framework (BeEF) Lab
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Penetration Testing Training Day Capture the Flag Training.
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.
Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
Chapter 13 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.. Investigating Computer Intrusions.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
Cracking Techniques Onno W. Purbo
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation.
Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration.
JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.
Alison Buben Jay Pataky COSC 316.  Main purpose: Penetration Testing ◦ Evaluating the security of a computer by simulating an attack ◦ Showing where.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
Final Project: Advanced Security Blade IPS and DLP blades.
Top 10 Hacking Tool Welcome TO hackaholic Kumar shubham.
Learn Hacking – Part 1 - Requirement youtube.com/studentvideotutorial - Slides are available in description box below (youtube) / my website - By : Bijay.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Introduction to Kali Linux
Penetration Testing Exploiting 2: Compromising Target by Metasploit tool CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Virtual Machine and VirtualBox
Penetration Testing Scanning
Penetration Testing Social Engineering Attack and Web-based Exploitation CIS 6395, Incident Response Technologies Fall.
Penetration Testing: Concepts,Attacks and Defence Stratagies
Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
ETHICAL HACKING WHAT EXACTLY IS ETHICAL HACKING ? By : Bijay Acharya
MySQL Exploit with Metasploit
Penetration Test Debrief
Nessus Vulnerability Scan
Penetration Testing Karen Miller.
Network Exploitation Tool
Onno W. Purbo Cracking Techniques Onno W. Purbo
Metasploit a one-stop hack shop
Remote Control and Advanced Techniques
Module 22 (Metasploit Introduction)
Common Operating System Exploits
Penetration Test Debrief
Metasploit Project For this exploit I will be using the following strategy Create backdoor exe file Upload file to website Have victim computer download.
Metasploit assignment
Exploiting Metasploitable
Analysis Report Kali Linux Metasploit
Metasploit Assignment
Web Application Penetration Testing ‘17
Metasploit Analysis Report Overview
Virtual Machine and VirtualBox
Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.
Virtual Machine and VirtualBox
Virtual Machine and VirtualBox
Metasploit assignment – Arkadiy Kantor – Mis-5212
Presentation transcript:

Exploiting Metasploitable 2 with Metasploit in Kali-Linux 2016 By Shain Amzovski

Metasploitable Intentionally vulnerable Linux Virtual Machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.

NMAP scan Ran nmap from Metasploit in Kali-Linux 2016. Detected which ports were open in Metasploitable 2. Looked for exploits to attack the Metasploitable VM.

IRC Server Port 7194 Exploit First, I ran a command execution that exploits a malicious backdoor that was added to the Unreal IRCD 3.2.8.1 download archive.  Checks if an IRC server is back doored by running a time-based command (ping) and checking how long it takes to respond. Command = exploit/unix/irc/unreal_ircd_328 1_backdoor Exploit gives hacker access to all directories.

FTP Exploit on Port 21  This command exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was introduced into the vsftpd- 2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available. This backdoor was removed on July 3rd 2011. Command = exploit/unix/ftp/vsftpd_234_ba ckdoor Gives you access to root.

PHP Exploit Port 80 When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This vulnerability leaks the source code of the application and allows remote code execution. This module can also be used to exploit the plesk 0day disclosed by kingcope and exploited in the wild on June 2013. Command = exploit/multi/http/php_cgi_arg_i njection

TCP/UDP Exploit This command exploits remote code execution vulnerabilities in dRuby. Command = exploit/linux/misc/drb_remot e_codeexec Exploit allows for root access.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.