1. Alison Buben Jay Pataky COSC 316

2.  Main purpose: Penetration Testing ◦ Evaluating the security of a computer by simulating an attack ◦ Showing where the weak points are  IMPORTANT ◦ Having good integrity checking and encryption can be lessoned or weakened if your system can be accessed ◦ It is critical to get approval before actually testing a system

3.  Vulnerabilities and Payloads ◦ Vulnerabilities are found by doing an open port scan ◦ Pick and choose a payload you want to run  The one we are using is widely used because all windows XP before service pack 2 have this port open  Remote Procedure Call

4.  Search results for exploit  Pick your exploit and it shows that it loaded  Options showed ◦ use exploit and show options for that exploit  What info is supplied and what still needs to be entered ◦ Remote host (RHOST)

5.  Set RHOST ◦ Shows all payloads that can be used  Meterpreter (more automated command prompt) ◦ "penetration tester's swiss army knife" - offensive security  Select: bind_tcp (easiest because nothing extra is needed) ◦ Set payload and look at options (Shows status of exploit and payload) ◦ Execute

6.  Fairly easy  Other tutorials help quite a bit  Your choice to pick ◦ GUI was easier ◦ Also a command line option Ease to Install  Steps ◦ Download a VM ◦ Open with VM ◦ Log in ◦ Generally easy

7.  This was our second tool ◦ 1 st tool selected we had installation problems ◦ Too many packets that it required  Overall biggest challenge ◦ Installation ◦ Finding tutorials that helped us ◦ Having a pre made VM with it already installed  QUESTIONS?