MIS Week 4 Site:
Introduction In the news Live Demonstration of Exploits Live Demonstration of SET Building Modules in Metasploit Creating Exploits Porting Exploits Scripting Simulating Penetration Testing Next Week 2MIS
Submitted er-security/the-end-for-1024bit-ssl-certificates-is- near-mozilla-kills-a-few-more.html er-security/the-end-for-1024bit-ssl-certificates-is- near-mozilla-kills-a-few-more.html magazine.com/news/china-tech-companies-source- code/ magazine.com/news/china-tech-companies-source- code/ intelligence/trend-micro-discovers-new-adobe- flash-zero-day-exploit-used-in-malvertisements/ intelligence/trend-micro-discovers-new-adobe- flash-zero-day-exploit-used-in-malvertisements/ mccarthy/five-colleges-with-data-b_b_ html mccarthy/five-colleges-with-data-b_b_ html MIS
Submitted breaches/security-budgets-going-up-thanks-to- mega-breaches/d/d-id/ breaches/security-budgets-going-up-thanks-to- mega-breaches/d/d-id/ data/2015/02/apple-building-solar-powered-data- command-center/104400/?oref=ng-HPriver data/2015/02/apple-building-solar-powered-data- command-center/104400/?oref=ng-HPriver window-to-enterprise-infection/d/d-id/ window-to-enterprise-infection/d/d-id/ MIS
What I noted hammond-terrorist-watchlist-fbi/ hammond-terrorist-watchlist-fbi/ amazon_taboola_microsoft_adplock_plus_unblock/ amazon_taboola_microsoft_adplock_plus_unblock/ _to_flush_flash_if_you_havent_already_enough_is_e nough/ _to_flush_flash_if_you_havent_already_enough_is_e nough/ ack_d_link/ ack_d_link/ arders_on_parking_lot_driveby_blitz/ arders_on_parking_lot_driveby_blitz/ MIS
Feedback from students last week indicated a preference to go through last weeks exploits live in class We will run through nmap of Metasploitable, the exploits from last week, and the Social Engineering Toolkit on my laptop MIS
Metasploit is primarily written in Ruby The book “Metasploit” also uses a lot of PowerShell in it’s examples We are not going to try and make you either Ruby or PowerShell developers here tonight Rather, we will look at some of the basic structure and steps you might go through to modify modules for you own purposes. MIS
Recall from Week 2, the Tomcat Exploit MIS
Explore Modules MIS
Here is what the start of this module looks like: MIS
The previous page has some interesting lines to consider “require ‘msf/core’” Module will include all functionality from Metasploit’s core libraries “class Metasploit3, Msf::Exploit::Remote Defines this as an “Exploit” module “include Msf::Exploit::Remote::HttpClient” Pulls in the HttpClient module that includes functionality to handle http traffic MIS
Grab a module close to what you want to do Tweak it to get the functionality you need This may involve sharpening your coding skills first MIS
Depending on the Exploit, you may need to know: MSSQL Oracle PowerShell Bash Etc… MIS
Modifying the tools is one of the distinguishing skills in top flight Consultants Lots of people can run nmap, Nessus, and Metasploit, but to distinguish yourself in the field, this needs to be your jumping off point. Please Note: I’m not saying I am any good at this, there’s a reason I’m teaching the course instead of consulting ;-) MIS
For Metasploit, scripting is basically modules for meterpreter Same concept as earlier, but specific to meterpreter sessions This is also a point where the book contains older information Scripts are no longer being accepted for Metasploit Script functionality is being ported to modules. MIS
Metasploit is constantly evolving To stay on top you may want to follow on twitter: HD Metasploit Andréz Check in on Rapid7 and DarkOperator MIS
metasploit/blog/2015/01/30/weekly- metasploit-wrapup metasploit/blog/2015/01/30/weekly- metasploit-wrapup MIS
pro pro MIS
MIS
We spent almost all of our time in the open source Metasploit Framework due to licensing Metasploit Pro looks just as good and works just as well as the commercial products just mentioned MIS
1 st Exam Covering Metasploit In the news Introduction to WebGoat MIS
? MIS