Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 22 (Metasploit Introduction)

Published byRuby Hunter Modified over 6 years ago

Similar presentations

Presentation on theme: "Module 22 (Metasploit Introduction)"— Presentation transcript:

1 Module 22 (Metasploit Introduction)
At the end of this module, you should know what Metasploit and the Metasploit Framework are. You should know how to update and run metasploit. You should know how to find an exploit for a vulnerability (that you may have found in a vulnerability scan), select a payload, and set the options of the exploit and payload, and also execute the exploit and fire-off the appropriate payload. Module 22

2 Metasploit – What is it, Really?
Metasploit is an open-source project that has at its center, the metasploit framework which is used for exploiting security vulnerabilities on host machines. The core of the framework are two types of packages: Exploitation Payloads Module 22

3 First Things First Almost every tool we use will be changing and improving over time. Always, always, always update (except when it's a bad idea). With metasploit it's a good idea. To update metasploit, run msfupdate in a terminal window in kali. It may take 10 minutes or more. Module 22

4 Running msf You run the metasploit framework at the console by executing the command msfconsole It takes a while to start up (especially the first time). Some people swear by the utility of the magic cow powers. (Seems to be required in any presentation on metasploit.) Module 22

5 Running msfconsole Module 22

6 Accessing the Magic Cow Powers
Module 22

7 Selecting an exploit Given 1186 exploits, it might be hard to determine which one to select. The show exploits command will list them all. Recent versions of msfconsole support command line grep. Consider how we might see if metasploit can exploit the vsftpd vulnerability identified by openVAS: mfs> grep vsftpd show exploits Module 22

8 Lots of exploits. Don't look for them this way!
Module 22

9 Use the grep, Luke. Module 22

10 Metasploit Exploitation Plan
Find a vulnerability. use an exploit that exploits it. use unix/ftp/vsftpd_234_backdoor Set options for the exploit show options set RHOST Determine what payload to use show payloads displays only applicable payloads. Set PAYLOAD set PAYLIAD cmd/unix/interact Module 22

11 Metasploit: use exploit
Module 22

12 Metasploit: show options set OPTION
Module 22

13 Metasploit: show payloads
Module 22

14 Metasploit: set PAYLOAD
Module 22

15 Metasploit: Final steps to exploit
Check for extra payload options show options (again) Run the exploit! exploit This is a unix machine, what's the first thing you want to do? Module 22

16 Metasploit: show options (once more for PAYLOAD)
Module 22

17 Metasploit: exploit Module 22

18 Metasploit: Even More Success!
Module 22

Download ppt "Module 22 (Metasploit Introduction)"

Similar presentations

ITR3 lecture 7: more introduction to UNIX Thomas Krichel 2002-11-05.

ITR3 lecture 7: more introduction to UNIX Thomas Krichel
By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Armitage and Metasploit Penetration Testing Lab

Armitage and Metasploit Penetration Testing Lab
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
METASPLOIT.

METASPLOIT.
Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas.

Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas.
MIS 5212.001 Week 3 Site:

MIS Week 3 Site:
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room 345 05/11/10.

4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room /11/10.
MIS 5212.001 Week 5 Site:

MIS Week 5 Site:
MIS 5212.001 Week 2 Site:

MIS Week 2 Site:
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.

EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
MIS 5212.001 Week 1 Site:

MIS Week 1 Site:
Setting up Cygwin Computer Organization I 1 May 2010 ©2010 McQuain Cygwin: getting the setup tool Free, almost complete UNIX environment emulation.

Setting up Cygwin Computer Organization I 1 May 2010 ©2010 McQuain Cygwin: getting the setup tool Free, almost complete UNIX environment emulation.
Penetration Testing 101 (Boot-camp)

Penetration Testing 101 (Boot-camp)

Similar presentations

Ads by Google