Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS 5212.001 Week 3 Site:

Published byAllyson Stewart Modified over 9 years ago

Similar presentations

Presentation on theme: "MIS 5212.001 Week 3 Site:"— Presentation transcript:

1 MIS 5212.001 Week 3 Site: http://community.mis.temple.edu/mis5212sec001s15/ http://community.mis.temple.edu/mis5212sec001s15/

2  Introduction  In the news  Metasploit Database Issues Solved  Live Demonstrations  Social Engineering Toolkit  SQL Injection  Karmetasploit  Building Modules in Metasploit  Creating Exploits  Next Week 2MIS 5212.001

3  Submitted  http://www.csoonline.com/article/2874230/cyberc rime-hacking/thousands-of-us-gas-stations- exposed-to-internet-attacks.html http://www.csoonline.com/article/2874230/cyberc rime-hacking/thousands-of-us-gas-stations- exposed-to-internet-attacks.html  http://thehackernews.com/2015/01/adobe-flash- player-update.html http://thehackernews.com/2015/01/adobe-flash- player-update.html  http://www.darkreading.com/nfl-mobile-sports- app-contains-super-bowl-sized-vulns/d/d- id/1318802 http://www.darkreading.com/nfl-mobile-sports- app-contains-super-bowl-sized-vulns/d/d- id/1318802  http://www.darkreading.com/risk/presidents- plan-to-crack-down-on-hacking-could-hurt-good- hackers/d/d-id/1318721?_mc=RSS_DR_EDT http://www.darkreading.com/risk/presidents- plan-to-crack-down-on-hacking-could-hurt-good- hackers/d/d-id/1318721?_mc=RSS_DR_EDT MIS 5212.0013

4  Submitted  http://thehackernews.com/2015/01/progressive- snapshot-device-hacking-car.html http://thehackernews.com/2015/01/progressive- snapshot-device-hacking-car.html  https://community.rapid7.com/community/infose c/blog/2015/01/22/the-internet-of-gas-station- tank-gauges https://community.rapid7.com/community/infose c/blog/2015/01/22/the-internet-of-gas-station- tank-gauges  http://www.darkreading.com/perimeter/half-of- enterprises-worldwide-hit-by-ddos-attacks-report- says/d/d-id/1318824 http://www.darkreading.com/perimeter/half-of- enterprises-worldwide-hit-by-ddos-attacks-report- says/d/d-id/1318824  http://www.houstonchronicle.com/business/articl e/Cyberinsurance-a-hot-topic-after-data-breaches- 6033135.php#/0 http://www.houstonchronicle.com/business/articl e/Cyberinsurance-a-hot-topic-after-data-breaches- 6033135.php#/0 MIS 5212.0014

5  Recall Symptoms  And MIS 5212.0015

6  What is actually happening  The msfconsole command is only starting the console.  The command is not starting the underlying services required by the Metasploit Framework  Also, the install of Metasploit did not place the required services in the ”rc.d” file which is the configuration file that tells Linux what services to launch at startup. MIS 5212.0016

7  1st method  Manually launch the services  Result MIS 5212.0017

8  Add the services to the Kali configuration file to auto start services on startup  Reboot and launch msfconsole MIS 5212.0018

9  With either solution, the database service is available and works reliably MIS 5212.0019

10  A couple of issues were brought up in after class discussions. Some may have already figured these out, but just in case.  IceWeasel not connecting.  Recall last semester we did some work with the intercepting proxy. You will need to change network settings to “No Proxy” when not running a proxy  Screen size  Kali defaults to 600x480 or 800x600 which gives a very small screen  Go to System Tools -> Preferences -> System Settings and then select “Displays” and select a larger screen size. I was able to use 1680x1050 on my system. MIS 5212.00110

11  Feedback from students last week indicated a preference to go through last weeks exploits live in class  We will run through nmap of Metasploitable, the to exploits from last week and XXX additional exploits on my laptop MIS 5212.00111

12  The tools covered (Kali, nmap, and Metasploit) along with what will be covered (WebGoat with Interception proxy) allow each student to work through all examples and many more in a safe environment within VMWare  This gives you the best chance of getting comfortable with these tools  To get the best value out of the material you need to “play” with them, try things, see what works and what doesn’t. MIS 5212.00112

13  Social Engineering Toolkit or SET was developed by the same group that built Metasploit  SET provides a suite of tools specifically for performing social engineering attacks including:  Spear Phishing  Infectious Media  And More  It is pre-installed on Kali MIS 5212.00113

14  To get the latest update of set, enter the following from a terminal in Kali:  This removes all files and folder associated with SET and replaces them with a fresh copy. Executed correctly should give the following: MIS 5212.00114

15  You can also get “bleeding Edge” updates with the following  Note: This may cause some instabilities and may force you to “Troubleshoot” some of the software. Hint: Take a snapshot first. MIS 5212.00115

16  Many feature of SET are turned off by default  To activate desired feature you will need to manually edit the set_config file found under /usr/share/set/config  To Launch: Kali Linux -> Exploitation Tools -> Social Engineering Toolkit -> setoolkit  The first time you launch SET you will see this: MIS 5212.00116

17  If you have not edited the set_config file you will see the following options: MIS 5212.00117

18  Under “Social-Engineering Attacks” MIS 5212.00118

19  Under “Fast-Track Penetration Testing “ MIS 5212.00119

20  Under “Third Party Modules MIS 5212.00120

21  We will step through example on my laptop99 MIS 5212.00121

22  You could clone a web site and set up your own copy hosting malicious attacks  You could clone a web site and just harvest credentials from unsuspecting visitors  You could use the mass e-mailer to “invite” victims to visit your freshly cloned site  You could build a link that shows a legitimate url when the mouse hovers over the link, but replaces the page with yours once clicked MIS 5212.00122

23  If you have the Metasploit book, you may see reference to a separate tool called Fast-Track  Fast-Track was rolled in to SET under “Fast- Track Penetration Testing “ MIS 5212.00123

24  Be careful. You could easily escape the boundary of your test systems  I covered this area so you would see what was available and how it interfaces to Metasploit MIS 5212.00124

25  The Basics  Metasploit’s implementation of basic wireless attacks  Require installation of a DHCP server  Require update of Metasploit to include the Karma exploits – They are not installed in the default  Once set up you can launch your own fake AP serving up a wireless connection that responds to any request to connect  We will cover this in more detail in the last section of the course when we talk about wireless in detail MIS 5212.00125

26  Building Modules in Metasploit  Creating Exploits  Porting Exploits  Scripting  Simulating Penetration Testing MIS 5212.00126

27 ? MIS 5212.00127

Download ppt "MIS 5212.001 Week 3 Site:"

Similar presentations

Web Hosting. The purpose of this Startup Guide is to familiarize you with Own Web Now's Web Hosting. Own Web Now offers two web hosting platforms, one.

Web Hosting. The purpose of this Startup Guide is to familiarize you with Own Web Now's Web Hosting. Own Web Now offers two web hosting platforms, one.
WebDT Content Manager 6.0 Pro

WebDT Content Manager 6.0 Pro
©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
For Removal Info: visit

For Removal Info: visit
15.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
MCT260-Operating Systems I Operating Systems I Managing Your System.

MCT260-Operating Systems I Operating Systems I Managing Your System.
A+ Guide to Software, 4e Chapter 11 Supporting Printers and Scanners.

A+ Guide to Software, 4e Chapter 11 Supporting Printers and Scanners.
Web FOCUS Integration with Microsoft Office SharePoint By: Kelvin Ruiz NASA – Kennedy Space Center.

Web FOCUS Integration with Microsoft Office SharePoint By: Kelvin Ruiz NASA – Kennedy Space Center.
Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Linux Operations and Administration

Linux Operations and Administration
April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.

April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.

By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
CONNECTION SETTINGS FOR USE WITH THE MOTION COMPUTING MODEL-F5 TABLET COMPUTER AKA: SIMON October 8, 2011 (And other useful information.)

CONNECTION SETTINGS FOR USE WITH THE MOTION COMPUTING MODEL-F5 TABLET COMPUTER AKA: SIMON October 8, 2011 (And other useful information.)
Hosted Exchange 2007. The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
MIS 5212.001 Week 5 Site:

MIS Week 5 Site:
MIS 5212.001 Week 2 Site:

MIS Week 2 Site:
XP New Perspectives on Browser and E-mail Basics Tutorial 1 1 Browser and E-mail Basics Tutorial 1.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.

Similar presentations

Ads by Google