Presentation is loading. Please wait.

Presentation is loading. Please wait.

Armitage and Metasploit Penetration Testing Lab

Published byEverett Giffen Modified over 9 years ago

Similar presentations

Presentation on theme: "Armitage and Metasploit Penetration Testing Lab"— Presentation transcript:

1 Armitage and Metasploit Penetration Testing Lab
Raphael Mudge

2 Armitage and Metasploit Penetration Testing Lab

3 Overview Personal Introduction Penetration Testing Process
Course Overview

4 Introduction – R. Mudge Previous Experiences Other Experiences
Penetration Tester Regional CCDC Red Team x 5 USAF Security Researcher Armitage for Metasploit Other Experiences WordPress Grammar Checker Programming Language

5 What? Test security by doing what bad guys might do
Penetration Testing What? Test security by doing what bad guys might do

6 Why? Motivate desire to make changes to improve security
Penetration Testing Why? Motivate desire to make changes to improve security

7 Penetration Testing How? Demonstrate risk

8 Types of Penetration Tests
Open Source Research Network Social Engineering Wireless Web Applications Mobile

9 Penetration Testing Process
Information Gathering Reconnaissance Access Post-Exploitation

10 Network Attack Process

11 Motivation

12 Motivation

13 Course overview Penetration Testing Metasploit Getting Access Post Exploitation Maneuver

14 Goals Install Metasploit Get Access to Hosts Post-exploitation

15 Who is Raphael Mudge? Why Penetration Test? What are we doing today?
Learning Check Who is Raphael Mudge? Why Penetration Test? What are we doing today?

16 Armitage and Metasploit Penetration Testing Lab

17 Overview What is Metasploit? Modules Metasploit Console Armitage

18 What is Metasploit?

19 What is Metasploit? Metasploit Linux Modules Programs
msfconsole /bin/bash RPC Daemon sshd

20 Modules

21 Modules

22 Modules and Magic the Gathering
Examples: 1) Use auxiliary module to enumerate SMB and find out domain info; Use hashdump post module to gather credentials; Use psexec module to get code execution 2) Use snmp module to brute force community string; Use cisco_download_config to download router config file © Wizards of the Coast

23 Module Organization

24 Metasploit Command Sets
Metasploit Console Manage Database Manage Sessions Configure and Launch Modules Meterpreter Post-exploitation activities

25 Console Cheat Sheet use module - start configuring module show options - show configurable options set varname value - set option exploit - launch exploit module run - launch non-exploit sessions –i n - interact with a session help command - get help for a command

26 msfconsole Open ended Works in many places One task / host at a time

27 What is Armitage? A GUI for Metasploit Goal: Avoid this…

28 Armitage

29 Armitage Sightings…

30 Console Demo

31 What is a session? What is a payload? What do exploits do?
Learning Check What is a session? What is a payload? What do exploits do?

32 Armitage and Metasploit Penetration Testing Lab
Getting Access

33 Overview Remote Exploits Exploit-free Attack Client-side Exploits

34 Network Attack Process

35 Remote Attack NMap Scan Analyze Scan Data Choose an Exploit
Select a Payload Launch Exploit!

36 Which exploit do I use? Answer: These.
Name Where ms08_067_netapi Windows XP/2003 era ms09_050_smb2_negot.. Windows Vista SP1/SP2 ms03_026_dcom Windows 2000

37 Why did my exploit fail? Firewall Non-vulnerable software
Service is hung The universe is taunting you Non-reliable exploit Bad day Mis-configured exploit Could not establish session

38 Exploit-free Attack Choose a payload Generate executable
Set up a multi/handler

39 Payloads Name Note windows/meterpreter/reverse_tcp
Connects to one port windows/meterpreter/reverse_tcp_allports Tries every ports in sequence windows/meterpreter/reverse_https Speaks HTTPS (!!!!) java/meterpreter/reverse_tcp Any platform with Java linux/x86//shell_reverse_tcp osx/x86/shell_reverse_tcp

40 Client-side Attack Fingerprint sample of victims Choose an Exploit
Launch Expoit Spam victims (or wait for them)!

41 Which exploit do I use? Answer: These.
Name Where java_signed_applet Social engineering; any where Java applets run ms11_003_ie_css_import Internet Explorer 7/8 (requires .NET) ie_createobject Internet Explorer 6

42 Which module listens for a connection from a payload?
Learning Check Which module listens for a connection from a payload? Which exploit works against Windows XP SP2, port 445?

43 Armitage and Metasploit Penetration Testing Lab
Post-Exploitation

44 Overview Command Shell Privilege Escalation Spying on the User
File Management Process Management Post Modules and Loot

45 Network Attack Process

46 Demo Demo Demo

47 Learning Check Which Meterpreter command takes a screenshot?
Which Meterpreter command is most useful to you?

48 Armitage and Metasploit Penetration Testing Lab
Maneuver

49 Overview Pivoting Scanning Attacking

50 Network Attack Process

51 Demo Demo Demo

52 Learning Check Which module gives a session on a Windows host using credentials or hashes? Which scan should you do before setting up a pivot?

53 Network Attack Process

54 Armitage and Metasploit Penetration Testing Lab
Resources

55 Free Metasploit Course

56 Metasploit Homepage

57 Armitage Homepage

58 BackTrack Linux

59 Pen Test & Vuln Analysis Course @ NYU

60 Armitage and Metasploit Penetration Testing Lab
Raphael Mudge

Download ppt "Armitage and Metasploit Penetration Testing Lab"

Similar presentations

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.

By Bruce Ellis Western Governors University. Demonstrate the need for updating information systems Build security awareness Inform management of the risk.
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
A C ONCEPT OF O PERATIONS. Raphael Mudge, Strategic Cyber LLC – I develop Cobalt Strike – Would.

A C ONCEPT OF O PERATIONS. Raphael Mudge, Strategic Cyber LLC – I develop Cobalt Strike – Would.
Client and Server-Side Vulnerabilities Stephen Reese.

Client and Server-Side Vulnerabilities Stephen Reese.
Offense in Depth A Developer’s Perspective on Hacker Tradecraft.

Offense in Depth A Developer’s Perspective on Hacker Tradecraft.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
Abusing Windows Remote Management with Metasploit David Maloney Metasploit Software Engineer Rapid7.

Abusing Windows Remote Management with Metasploit David Maloney Metasploit Software Engineer Rapid7.
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.

© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas.

Metasploit – Embedded PDF Exploit Presented by: Jesse Lucas.
Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008.

Vulnerability Testing Approach Prepared By: Phil Cheese Nov 2008.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
MIS 5212.001 Week 3 Site:

MIS Week 3 Site:
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.

BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Similar presentations

Ads by Google