Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro to Ethical Hacking

Published byErin Warren Modified over 7 years ago

Similar presentations

Presentation on theme: "Intro to Ethical Hacking"— Presentation transcript:

1 Intro to Ethical Hacking
MIS Week 3 Site:

2 Tonight's Plan Introduction In the news
Metasploit Database Issues Solved Live Demonstrations Social Engineering Toolkit SQL Injection Karmetasploit Building Modules in Metasploit Creating Exploits Next Week MIS

3 Metasploit Database Issues Solved
Recall Symptoms And MIS

4 Metasploit Database Issues Solved
What is actually happening The msfconsole command is only starting the console. The command is not starting the underlying services required by the Metasploit Framework Also, the install of Metasploit did not place the required services in the ”rc.d” file which is the configuration file that tells Linux what services to launch at startup. MIS

5 Fixing The Issue 1st method Manually launch the services Result
MIS

6 Fixing The Issue Add the services to the Kali configuration file to auto start services on startup Reboot and launch msfconsole MIS

7 Third Option Always use Icon to launch Icon runs services at launch
MIS

8 Result With any of these solutions, the database service is available and works reliably MIS

9 Tips and Tricks A couple of issues brought up in previous classes. Some may have already figured these out, but just in case. IceWeasel not connecting. Recall last semester we did some work with the intercepting proxy. You will need to change the Browser’s network settings to “No Proxy” when not running a proxy Screen size Kali defaults to 600x480 or 800x600 which gives a very small screen Go to System Tools -> Preferences -> System Settings and then select “Displays” and select a larger screen size. I was able to use 1680x1050 on my system. MIS

10 Live Demos MIS

11 Note on “Hands On” The tools covered (Kali, nmap, and Metasploit) along with what will be covered (WebGoat with Interception proxy) allow each student to work through all examples and many more in a safe environment within VMWare This gives you the best chance of getting comfortable with these tools To get the best value out of the material you need to “play” with them, try things, see what works and what doesn’t. MIS

12 Social Engineer Toolkit
Social Engineering Toolkit or SET was developed by the same group that built Metasploit SET provides a suite of tools specifically for performing social engineering attacks including: Spear Phishing Infectious Media And More It is pre-installed on Kali

13 Finding SET in Kali

14 Exploring SET Many feature of SET are turned off by default
To activate desired feature you will need to manually edit the set_config file found under /usr/share/set/config To Launch: Kali Linux -> Exploitation Tools -> Social Engineering Toolkit -> setoolkit The first time you launch SET you will see this:

15 Updating SET To get the latest update of set, enter the following from a terminal in Kali: This removes all files and folder associated with SET and replaces them with a fresh copy. Executed correctly should give the following:

16 More on Updating You can also get “bleeding Edge” updates with the following Note: This may cause some instabilities and may force you to “Troubleshoot” some of the software. Hint: Take a snapshot first.

17 Initial Options If you have not edited the set_config file you will see the following options:

18 Drilling Down Under “Social-Engineering Attacks”

19 Drilling Down Under “Fast-Track Penetration Testing “

20 Drilling Down Under “Third Party Modules

21 Walk Through of Attack We will start back at the main menu for SET

22 Walk Through of Attack Select Option 1 for Spear-Phishing

23 Walk Through of Attack Select Option 1 for a Mass Attack

24 Walk Through of Attack Select Option 12 for PDF embedded EXE

25 Walk Through of Attack Select Option 2 for Built-in PDF

26 Walk Through of Attack Select Payload 1

27 Walk Through of Attack Add an IP Address to listen on

28 Walk Through of Attack Select a port (Defaults to 443)

29 Walk Through of Attack Select Option 1 to keep file name

30 Walk Through of Attack Select Option 1 for a single address

31 Walk Through of Attack Select Option 1 for a Pre-Defined template

32 Walk Through of Attack Select Option 1 for the first template

33 Walk Through of Attack Enter an Address (Mine)

34 Walk Through of Attack Select Option 2 for my own server

35 Walk Through of Attack Enter a “From” address

36 Walk Through of Attack Enter a Name

37 Walk Through of Attack Enter Mail server information (Consolidated)

38 Walk Through of Attack Launch Metasploit and setup listener

39 Walk Through of Attack Will look like this for a bit

40 Walk Through of Attack Eventually

41 Walk Through of Attack At this point, Metasploit is listening for the packet coming from your victim once the attempt to open the attachment

42 Other Choices You could clone a web site and set up your own copy hosting malicious attacks You could clone a web site and just harvest credentials from unsuspecting visitors You could use the mass er to “invite” victims to visit your freshly cloned site You could build a link that shows a legitimate url when the mouse hovers over the link, but replaces the page with yours once clicked MIS

43 Fast-Track If you have the Metasploit book, you may see reference to a separate tool called Fast-Track Fast-Track was rolled in to SET under “Fast-Track Penetration Testing “ MIS

44 Wrapping Up SET Be careful. You could easily escape the boundary of your test systems I covered this area so you would see what was available and how it interfaces to Metasploit MIS

45 Karmetasploit The Basics
Metasploit’s implementation of basic wireless attacks Require installation of a DHCP server Require update of Metasploit to include the Karma exploits – They are not installed in the default Once set up you can launch your own fake AP serving up a wireless connection that responds to any request to connect We will cover this in more detail in the last section of the course when we talk about wireless in detail MIS

46 Next Week Building Modules in Metasploit Creating Exploits
Porting Exploits Scripting Simulating Penetration Testing MIS

47 Questions ? MIS

Download ppt "Intro to Ethical Hacking"

Similar presentations

WebDT Content Manager 6.0 Pro

WebDT Content Manager 6.0 Pro
Www.planet.com.tw Application Guide For Mesh AP – MAP-3120 How to setup the Mesh APs for Central Management? How to start up the Management Software for.

Application Guide For Mesh AP – MAP-3120 How to setup the Mesh APs for Central Management? How to start up the Management Software for.
Application Guide For Mesh AP – MAP-3120

Application Guide For Mesh AP – MAP-3120
©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
Network Printing. Printer sharing Saves money by only needing one printer Increases efficiency of managing resources.

Network Printing. Printer sharing Saves money by only needing one printer Increases efficiency of managing resources.
MIS 5212.001 Week 3 Site:

MIS Week 3 Site:
A+ Guide to Software, 4e Chapter 11 Supporting Printers and Scanners.

A+ Guide to Software, 4e Chapter 11 Supporting Printers and Scanners.
Thick v Thin Access Points Lab Last Update 2014.07.12 1.0.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Thick v Thin Access Points Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Linux Operations and Administration

Linux Operations and Administration
Hosted Exchange 2007. The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
MIS 5212.001 Week 5 Site:

MIS Week 5 Site:
MIS 5212.001 Week 2 Site:

MIS Week 2 Site:
XP New Perspectives on Browser and E-mail Basics Tutorial 1 1 Browser and E-mail Basics Tutorial 1.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Copyright 2000 eMation SECURITY - Controlling Data Access with

Copyright 2000 eMation SECURITY - Controlling Data Access with
MIS 5211.001 Week 6 Site:

MIS Week 6 Site:
Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.

Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.
QuikTrac 5.5, a validated Motorola Software Solution, allows you to take your Host ERP screens and extend them out to fixed or mobile devices including.

QuikTrac 5.5, a validated Motorola Software Solution, allows you to take your Host ERP screens and extend them out to fixed or mobile devices including.

Similar presentations

Ads by Google