Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration.

Published byBerniece Boone Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration."— Presentation transcript:

1 Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration testers guide”

2 What is metasploit It’s a framework that hackers can write their code to…It’s a framework that hackers can write their code to… It allows different hackers to have their code (exploit or payload) incorporated into a single toolIt allows different hackers to have their code (exploit or payload) incorporated into a single tool It’s installed by default in Kali ;-)It’s installed by default in Kali ;-)

3 Main parts Like a lunch menu Choose an ExploitChoose an Exploit Choose a PayloadChoose a Payload

4 Terminology ExploitExploit The means by which an attacker takes advantage of a flaw (vulnerability)The means by which an attacker takes advantage of a flaw (vulnerability) Examples:Examples: Buffer overflowsBuffer overflows SQL injectionsSQL injections

5 Terminology PayloadPayload Code to be executed once an exploit is runCode to be executed once an exploit is run ExamplesExamples A reverse shell (one that phones home)A reverse shell (one that phones home) A meterpreter (metasploit agent)A meterpreter (metasploit agent) Create an administrator accountCreate an administrator account

6 Terminology ModuleModule Piece of software that can be used by metasploitPiece of software that can be used by metasploit Can be used as stand alone snippets of codeCan be used as stand alone snippets of code Stand aloneStand alone ie. each exploit is its own moduleie. each exploit is its own module

7 ListenerListener A component within metasploit that waits for an incoming connectionA component within metasploit that waits for an incoming connection A port that is open and waiting for something like a reverse shell to phone home.A port that is open and waiting for something like a reverse shell to phone home.

8 Interface Ways to use metasploitWays to use metasploit Command LineCommand Line Msfconsole Msfconsole GUI (Graphic User Interface)GUI (Graphic User Interface) Armitage Armitage

9 Metasploit Utilities MSFpayloadMSFpayload Allows you to generate executables, such as files with embedded coded back-doorsAllows you to generate executables, such as files with embedded coded back-doors MSFencodeMSFencode Encodes (hides) exploits to bypass anti-virusEncodes (hides) exploits to bypass anti-virus

Download ppt "Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration."

Similar presentations

What is Computer Software?. Hardware vs Software Got to have both to get the job done!

What is Computer Software?. Hardware vs Software Got to have both to get the job done!
Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
.  User groups o Cisco, SQL, Virtualization  Conferences o GrrCON, SQL Saturday  Hands-On o Capture the Flag o Forensics  RSS  Exploit-DB updates.

.  User groups o Cisco, SQL, Virtualization  Conferences o GrrCON, SQL Saturday  Hands-On o Capture the Flag o Forensics  RSS  Exploit-DB updates.
Armitage and Metasploit Penetration Testing Lab

Armitage and Metasploit Penetration Testing Lab
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
MIS 5212.001 Week 3 Site:

MIS Week 3 Site:
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Project Implementation for COSC 5050 Distributed Database Applications Lab1.

Project Implementation for COSC 5050 Distributed Database Applications Lab1.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Pen testing to ensure your security

Pen testing to ensure your security
MIS 5212.001 Week 2 Site:

MIS Week 2 Site:
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.

EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
Security of Web Technologies: WebObjects Keshava P Subramanya

Security of Web Technologies: WebObjects Keshava P Subramanya
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
Attacking Applications: SQL Injection & Buffer Overflows.

Attacking Applications: SQL Injection & Buffer Overflows.

Similar presentations

Ads by Google