SlideShare a Scribd company logo

Metasploit For Beginners

Download as PPTX, PDF
R
Ramnath Shenoy

This document provides an overview of Metasploit for beginners. It discusses why Metasploit is useful, how to set up a demo environment, and how to use auxiliary and exploit modules. It then demonstrates auxiliary modules for scanning and information gathering. It also demonstrates two exploit modules against ElasticSearch and Jenkins, using reverse shell payloads. The document provides a cheat sheet for navigating msfconsole and describes common commands used prior to demonstrations.

Technology
Related topics:
Information Security
1 of 18
Downloaded 37 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Metasploit for Beginners Ramnath
Whoami Ramnath Shenoy • Engineering @ FireEye • https://www.linkedin.com/in/ramnathshenoyk • @Ramnathsk
Metasploit for Beginners ●Why Metasploit? ●Demo Setup ●Auxiliary Module ●Exploit Module ●Payloads ●Demo 1 - Elastic Search exploit ●Demo 2 - Jenkins exploit
Why Metasploit? ● Published independently ● Different programming languages ● Targeted limited to a specific platform ● No evasion techniques ● No clear documentation ● No coding style and difficult to embed /modify
Metasploit Framework Current stable version is v4.13.X • Written in ruby, https://github.com/rapid7/metasploit-framework.git, • [ 1610 exploits, 914 auxiliary, 279 post ,471 payloads , 39 encoders , 9 nops ] Ready in kali - used in this demo. Available as windows installer. (Never really tried!..)
Metasploit Architecture Libraries Interfaces Modules nops payloads exploits Auxiliary Encoder Post msfconsole Rex MSF::Core MSF::Base Tools Plugins
Visualising an attack Target Vulnerable software PayloadExploitAuxiliary Windows/Shell Windows/add user Remote exploit Local exploit Scan and enumerate Rogue Servers Post Enum credentials Exploit suggest Exploit Payload Post msfconsole
Demo Setup! Target Windows 2008 R2 – Metasploitable3 Designed vulnerable to test payload Setup instructions https://github.com/rapid7/metasploitable3 172.28.128.4 Metasploit/kali Attacker 172.28.128.3 Victim Windows 2k8 Virtual Box
Msfconsole Navigation cheat sheet! Msfupdate - update Msfconsole – initialize metasploit >help - example: help search >search – example: search name:pcman type:exploit >show - example show info, show options and show advanced >use - example use exploit/.., use aux/.., use payload/.. >set, unset, setg & unsetg - set payload/.. set exitfunc >back,previous Exploit ,POST and Payload specifics >set RHOST : Victim IP >set RPORT: Victim port >set LHOST: Attacker IP >set LPORT: Attacker Port on Reverse Connect or Victim Port on Bind >set SESSION: The Session id of an earlier attack to attempt Local priv esc
Commands Prior Demo! • Start the PostgreSQL, initialize database for metasploit and then proceed with starting msfconsole • Setup a workspace within metasploit to store enumeration result • Initialise a scan with nmap to store its results. Results in db will be accessible via “services”
Auxiliary Module - Demo • Brute Force access tests on different protocols. • Enumerate and gather more information with limited access. • Check for misconfigured or default Web Portals. • Set up a rogue- ftp,http,smb,imap servers
Auxiliary Module - “use auxiliary/scanner/snmp/snmp_enum”
Exploit Module Searching remote exploits are typically -> exploit/Platform/protocol/Application_or_service Searching local exploits are typically -> exploit/Platform/local/Application_or_service
Payload Module Bind Shell TCP • Successful exploitation leads to a new port on Victim with shell access. Reverse Shell TCP • Successful exploitation makes to client connect to Attack and provide its shell. BindShell-Listener Reverse Shell-Listener Exploit Exploit
Exploit Module -Demo exploit/multi/elasticsearch/script_mvel_rce ElasticSearch ->1.1.1 Payload -> java/shell/reverse_tcp
Exploit Module 2 In these cases we will need to use the attacker machine as a server, servicing the delivery of the exploit. We will need 2 more options, SRVHOST and SRVPORT Meterpreter Payload ,provides an interactive environment with functionalities likes • Getsystem, clearnenv, migrate, hashdump, post, up/download,edit • Run portrecorder , load mimikatz..
Exploit Module -Demo 2 • exploit/multi/http/jenkins_script_console • windows/meterpreter/reverse_tcp
Thanks.

More Related Content

PPTX
Metasploit
henelpj
 
PPTX
Introduction to Metasploit
GTU
 
PDF
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
PDF
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman
 
PDF
A Threat Hunter Himself
Sergey Soldatov
 
PDF
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
PPTX
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
PPTX
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
Metasploit
henelpj
 
Introduction to Metasploit
GTU
 
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman
 
A Threat Hunter Himself
Sergey Soldatov
 
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 

What's hot (20)

PPTX
Reverse shell
Ilan Mindel
 
PDF
Metasploit et Metasploitable2 : exploiter VSFTPD v2.3.4
Khalid EDAIG
 
PPTX
Keyloger & spyware
KashifKhan417
 
PDF
Hunting malware with volatility v2.0
Frank Boldewin
 
PPTX
Intrusion Detection Systems (IDS)
Hachmdhmdzad
 
PPT
Port scanning
Hemanth Pasumarthi
 
PPTX
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
PDF
Privilege escalation from 1 to 0 Workshop
Hossam .M Hamed
 
PDF
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP
 
PDF
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
PPTX
Client side attacks using PowerShell
Nikhil Mittal
 
PPTX
Derbycon - Passing the Torch
Will Schroeder
 
PDF
(Mis)trusting and (ab)using ssh
morisson
 
PDF
Site JEE de ECommerce Basé sur Spring IOC MVC Security JPA Hibernate
ENSET, Université Hassan II Casablanca
 
PDF
Penetration testing web application web application (in) security
Nahidul Kibria
 
PDF
Microservices avec Spring Cloud
Florian Beaufumé
 
PPTX
Metasploit framwork
Deepanshu Gajbhiye
 
PPTX
Malware Classification and Analysis
Prashant Chopra
 
PPTX
Exploitation techniques and fuzzing
Prachi Gulihar
 
PPT
IDS and IPS
Santosh Khadsare
 
Reverse shell
Ilan Mindel
 
Metasploit et Metasploitable2 : exploiter VSFTPD v2.3.4
Khalid EDAIG
 
Keyloger & spyware
KashifKhan417
 
Hunting malware with volatility v2.0
Frank Boldewin
 
Intrusion Detection Systems (IDS)
Hachmdhmdzad
 
Port scanning
Hemanth Pasumarthi
 
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Privilege escalation from 1 to 0 Workshop
Hossam .M Hamed
 
Pentest with Metasploit
M.Syarifudin, ST, OSCP, OSWP
 
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
Client side attacks using PowerShell
Nikhil Mittal
 
Derbycon - Passing the Torch
Will Schroeder
 
(Mis)trusting and (ab)using ssh
morisson
 
Site JEE de ECommerce Basé sur Spring IOC MVC Security JPA Hibernate
ENSET, Université Hassan II Casablanca
 
Penetration testing web application web application (in) security
Nahidul Kibria
 
Microservices avec Spring Cloud
Florian Beaufumé
 
Metasploit framwork
Deepanshu Gajbhiye
 
Malware Classification and Analysis
Prashant Chopra
 
Exploitation techniques and fuzzing
Prachi Gulihar
 
IDS and IPS
Santosh Khadsare
 
Ad

Viewers also liked (20)

PDF
Owasp top 10
veerababu penugonda(Mr-IoT)
 
PPTX
An Introduction to Sysinternals
Riyaz Walikar
 
PPTX
Netcat - A Swiss Army Tool
Chandrapal Badshah
 
PPTX
DataSploit - Tool Demo at Null Bangalore - March Meet.
Shubham Mittal
 
PPTX
Poodle
Samit Anwer
 
PPTX
Malvertising
Ankit Kushwaha
 
PDF
Radare2 - An Introduction by Anto Joseph
Anthony Jose
 
PPTX
Threat intelligence - nullmeetblr 21st June 2015
n|u - The Open Security Community
 
PPTX
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
n|u - The Open Security Community
 
PDF
Grinder talk
n|u - The Open Security Community
 
ODP
pwnd.sh
Chandrapal Badshah
 
PPTX
Csp july2015
n|u - The Open Security Community
 
PPTX
IOS Security Basics - NULL/ OWASP/G4H Meet
Anthony Jose
 
PPTX
Penetration testing using metasploit
Aashish R
 
PPTX
Inteligencia artificial
Pachaqueen2015
 
PPTX
Ethical Hacking Services
Virtue Security
 
DOCX
Ceh certified ethical hacker
Growmind Solutions
 
PPTX
3Es of Ransomware
Sunil Kumar
 
PDF
Buffer overflow null
nullowaspmumbai
 
PPTX
Http2 Security Perspective
Sunil Kumar
 
Owasp top 10
veerababu penugonda(Mr-IoT)
 
An Introduction to Sysinternals
Riyaz Walikar
 
Netcat - A Swiss Army Tool
Chandrapal Badshah
 
DataSploit - Tool Demo at Null Bangalore - March Meet.
Shubham Mittal
 
Poodle
Samit Anwer
 
Malvertising
Ankit Kushwaha
 
Radare2 - An Introduction by Anto Joseph
Anthony Jose
 
Threat intelligence - nullmeetblr 21st June 2015
n|u - The Open Security Community
 
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
n|u - The Open Security Community
 
Grinder talk
n|u - The Open Security Community
 
pwnd.sh
Chandrapal Badshah
 
Csp july2015
n|u - The Open Security Community
 
IOS Security Basics - NULL/ OWASP/G4H Meet
Anthony Jose
 
Penetration testing using metasploit
Aashish R
 
Inteligencia artificial
Pachaqueen2015
 
Ethical Hacking Services
Virtue Security
 
Ceh certified ethical hacker
Growmind Solutions
 
3Es of Ransomware
Sunil Kumar
 
Buffer overflow null
nullowaspmumbai
 
Http2 Security Perspective
Sunil Kumar
 
Ad

Similar to Metasploit For Beginners (20)

PDF
Metasploit: Pwnage and Ponies
Trowalts
 
PDF
Metasploit Computer security testing tool
medoelkang600
 
PPTX
Client side exploits
nickyt8
 
DOCX
Backtrack Manual Part6
Nutan Kumar Panda
 
DOCX
Backtrack Manual Part7
Nutan Kumar Panda
 
KEY
Metasploit @ 2010 Utah Open Source Conference
Jason Wood
 
PDF
Metasploit Humla for Beginner
n|u - The Open Security Community
 
PDF
Metasploitation part-1 (murtuja)
ClubHack
 
PPTX
Metasploit - Basic and Android Demo
Arpit Agarwal
 
DOCX
Google Hacking Lab ClassNameDate This is an introducti.docx
whittemorelucilla
 
PPTX
Metasploit
Institute of Information Security (IIS)
 
PPTX
Metasploit
Lalith Sai
 
PDF
iCrOSS 2013_Pentest
M.Syarifudin, ST, OSCP, OSWP
 
PDF
Cheatsheet: Metasploit
Kasper de Waard
 
PPTX
Intro to exploits in metasploitand payloads in msfvenom
Siddharth Krishna Kumar
 
PPTX
Metasploit
Raghunath G
 
PPTX
Intimacy with MSF - Metasploit Framework
Animesh Roy
 
PPTX
BSides Algiers - Metasploit framework - Oussama Elhamer
Shellmates
 
PPTX
Metasploit for Web Workshop
Dennis Maldonado
 
PDF
24 33 -_metasploit
wozgeass
 
Metasploit: Pwnage and Ponies
Trowalts
 
Metasploit Computer security testing tool
medoelkang600
 
Client side exploits
nickyt8
 
Backtrack Manual Part6
Nutan Kumar Panda
 
Backtrack Manual Part7
Nutan Kumar Panda
 
Metasploit @ 2010 Utah Open Source Conference
Jason Wood
 
Metasploit Humla for Beginner
n|u - The Open Security Community
 
Metasploitation part-1 (murtuja)
ClubHack
 
Metasploit - Basic and Android Demo
Arpit Agarwal
 
Google Hacking Lab ClassNameDate This is an introducti.docx
whittemorelucilla
 
Metasploit
Institute of Information Security (IIS)
 
Metasploit
Lalith Sai
 
iCrOSS 2013_Pentest
M.Syarifudin, ST, OSCP, OSWP
 
Cheatsheet: Metasploit
Kasper de Waard
 
Intro to exploits in metasploitand payloads in msfvenom
Siddharth Krishna Kumar
 
Metasploit
Raghunath G
 
Intimacy with MSF - Metasploit Framework
Animesh Roy
 
BSides Algiers - Metasploit framework - Oussama Elhamer
Shellmates
 
Metasploit for Web Workshop
Dennis Maldonado
 
24 33 -_metasploit
wozgeass
 

Recently uploaded (20)

PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
KodekX | Application Modernization Development
KodekX
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Cloud computing and distributed systems.
kkkkkhan
 

Metasploit For Beginners

  • 2. Whoami Ramnath Shenoy • Engineering @ FireEye • https://www.linkedin.com/in/ramnathshenoyk • @Ramnathsk
  • 3. Metasploit for Beginners ●Why Metasploit? ●Demo Setup ●Auxiliary Module ●Exploit Module ●Payloads ●Demo 1 - Elastic Search exploit ●Demo 2 - Jenkins exploit
  • 4. Why Metasploit? ● Published independently ● Different programming languages ● Targeted limited to a specific platform ● No evasion techniques ● No clear documentation ● No coding style and difficult to embed /modify
  • 5. Metasploit Framework Current stable version is v4.13.X • Written in ruby, https://github.com/rapid7/metasploit-framework.git, • [ 1610 exploits, 914 auxiliary, 279 post ,471 payloads , 39 encoders , 9 nops ] Ready in kali - used in this demo. Available as windows installer. (Never really tried!..)
  • 6. Metasploit Architecture Libraries Interfaces Modules nops payloads exploits Auxiliary Encoder Post msfconsole Rex MSF::Core MSF::Base Tools Plugins
  • 7. Visualising an attack Target Vulnerable software PayloadExploitAuxiliary Windows/Shell Windows/add user Remote exploit Local exploit Scan and enumerate Rogue Servers Post Enum credentials Exploit suggest Exploit Payload Post msfconsole
  • 8. Demo Setup! Target Windows 2008 R2 – Metasploitable3 Designed vulnerable to test payload Setup instructions https://github.com/rapid7/metasploitable3 172.28.128.4 Metasploit/kali Attacker 172.28.128.3 Victim Windows 2k8 Virtual Box
  • 9. Msfconsole Navigation cheat sheet! Msfupdate - update Msfconsole – initialize metasploit >help - example: help search >search – example: search name:pcman type:exploit >show - example show info, show options and show advanced >use - example use exploit/.., use aux/.., use payload/.. >set, unset, setg & unsetg - set payload/.. set exitfunc >back,previous Exploit ,POST and Payload specifics >set RHOST : Victim IP >set RPORT: Victim port >set LHOST: Attacker IP >set LPORT: Attacker Port on Reverse Connect or Victim Port on Bind >set SESSION: The Session id of an earlier attack to attempt Local priv esc
  • 10. Commands Prior Demo! • Start the PostgreSQL, initialize database for metasploit and then proceed with starting msfconsole • Setup a workspace within metasploit to store enumeration result • Initialise a scan with nmap to store its results. Results in db will be accessible via “services”
  • 11. Auxiliary Module - Demo • Brute Force access tests on different protocols. • Enumerate and gather more information with limited access. • Check for misconfigured or default Web Portals. • Set up a rogue- ftp,http,smb,imap servers
  • 12. Auxiliary Module - “use auxiliary/scanner/snmp/snmp_enum”
  • 13. Exploit Module Searching remote exploits are typically -> exploit/Platform/protocol/Application_or_service Searching local exploits are typically -> exploit/Platform/local/Application_or_service
  • 14. Payload Module Bind Shell TCP • Successful exploitation leads to a new port on Victim with shell access. Reverse Shell TCP • Successful exploitation makes to client connect to Attack and provide its shell. BindShell-Listener Reverse Shell-Listener Exploit Exploit
  • 16. Exploit Module 2 In these cases we will need to use the attacker machine as a server, servicing the delivery of the exploit. We will need 2 more options, SRVHOST and SRVPORT Meterpreter Payload ,provides an interactive environment with functionalities likes • Getsystem, clearnenv, migrate, hashdump, post, up/download,edit • Run portrecorder , load mimikatz..
  • 17. Exploit Module -Demo 2 • exploit/multi/http/jenkins_script_console • windows/meterpreter/reverse_tcp

Editor's Notes

  • #6: Why ruby? https://dev.metasploit.com/pipermail/framework/2006-October/001325.html On ubuntu? http://www.darkoperator.com/installing-metasploit-in-ubunt/