Metasploit Primer.pdf - ISACA


Metasploit Primer What you wanted to know but never asked.

By: Jeff Toth & Jonathan Singer

Legal and Ethics Everything in this presentation is for educational purposes only. Do not use the Metasploit Framework against systems you do not have permission to test.

Metasploit Framework (MSF) Created in 2003 by HD Moore, currently employed by Rapid7, MSF is “a tool for developing and executing exploit code against a remote target machine.” (Wikipedia) Originally written in Perl, it was later converted to Ruby in ‘07 ●

Terminology Module - Components in Metasploit

RHOST - Remote Host = Target

Target - Who to attack

LHOST - Local Host = You

Scanner - Collect information from target

Meterpreter - Powerful payload commonly used with Windows

Payload - What code is used to established connection from target

Post-Exploitation - Tasks after target compromise

Methodology Identify Target

Discovery Scan Module

Exploit Module

Exploit & Post-Exploit

Configure Payload

Configure Module

Getting Started ● Ensure Kali is up to date: ○ ○

apt-get update apt-get dist-upgrade

● Start essential services: ○ ○

service postgresql start service metasploit start

● Ensure Metasploit is up to date: ○


Demo Time Linux Target

Identify Target ● Many great enumeration and scanning tools are build into Metasploit. ● nmap - Network Mapper ○

db_nmap -A $TARGET

● Places findings in Metasploit Database for organizational use. ○ ○

hosts services

Search Tools ● There are many, many, modules in Metasploit ● Using search to locate based off of identification ○

search smb

Discovery Scan Module ● Now that we know basic information about our target, we look for vulnerabilities. ○

use auxiliary/scanner/smb/smb_version

● Point the scanning module at the target ○


● Fire away to get version ○


Exploit Module ● Load up an exploit that can be used after information gathering. ○ ○

search ircd use exploit/unix/irc/unreal_ircd_3281_backdoor

● Loads the exploit code used to break into the target ● Where the magic happens

Configure Module ● Allows us set our target and other useful parameters ○

show options

● Set our target RHOST ○


● Each exploit has its own set of configurable parameters ● Denotes which ones are required

Configure Payload ● Most popular Windows payload is Meterpreter ● Rich in features for remote control ○ ○

set PAYLOAD cmd/unix/reverse Reverse calls home while Bind opens a port on the target to connect to

● Payload have their own options too ○

show options

● Configure how to call home as a listener ○


Exploitation & Post-Exploitation ● When we are ready, launch the exploit ○


● We have now established connection with our target ● A session is created that we may use to communicate with our remote shell ● During port-exploitation, we may pilfer the system for useful files and data, or hop to additional systems within the network

Demo Time Windows Target

Apply Methodology ● ● ● ●

Target is a Windows User Internet Explorer is a great tool for attackers Plan attack with hosted exploit Coax victim to visit malicious website ○

Social Engineering

● Take control of the victim’s computer

Post-Exploitation with Meterpreter ● Escalate to NT AUTHORITY\SYSTEM ○

get system

● Load additional tools such as Mimikatz ○

load mimikatz

● Pull passwords ○ ○

hashdump wdigest

Basic Defenses ● Metasploit allows for encryption and evasion techniques ○

Makes these attacks difficult to detect sometimes

● Always keep systems up to date ● Restrict processes ○ ○

applocker (Microsoft) EMET (Microsoft)

● Training to prevent Social Engineering ● Consult an Expert

Tools ● Kali Linux ○

● Metasploitable ● Metasploit Unleashed ○

● Google & YouTube

Bio ● ● ● ● ● ●

Senior Security Engineer with GuidePoint Security Master’s Student, USF Cybersecurity OWASP Tampa Chapter Leader Founder of [email protected], Award winning team Drone flier, car hacker, mentor, presentation giver Twitter: @JonathanSinger

GuidePoint Security ● ● ● ●

Overall security consulting and engineering firm Over 100 of the best talented individuals in the industry Please speak with Dick P. and myself!



Metasploit Primer.pdf - ISACA

Metasploit Primer What you wanted to know but never asked. By: Jeff Toth & Jonathan Singer Legal and Ethics Everything in this presentation is for ...

230KB Sizes 8 Downloads 29 Views

Recommend Documents

This chapter will show you how to use Metasploit, an exploit launching and develop- ment platform. • Metasploit: the b

2015 annual report - isaca
Apr 22, 2016 - ISACA enhanced its Cybersecurity Nexus .... By year's end, there were. Silvia Chinchilla Sáenz, CISA, CG

State of Cybersecurity - ISACA
to go unchecked and the sophistication of attack methodologies is evolving. .... How concerned is your organization's bo

perfect storm - ISACA
PERFECT STORM: THE BRAVE NEW WORLD OF SAP SECURITY. ABSTRACT ... targeted at corporate applications and data, such a rar

Project Management - ISACA
Jun 11, 2016 - Analysis, May 2013, p. 13, cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW

CSX-Exam-Guide - ISACA
Section 1: About the Cybersecurity Fundamentals Exam a. About the Cybersecurity Fundamentals Certificate. The Cybersecur

Template Business Blueprint - ISACA
Dec 21, 2010 - 17. 7.7 ReO: Response Owner. 17. 7.8 AA: Auditor and Analyzer. 17. 7.9 Authorization Matrix. 17. 8 Author

Acerca de ISACA
COBIT 5 Español. ISACA® ( ayuda a los profesionales globales a liderar, adaptar y asegurar la confianza en u

Data Privacy - ISACA
Jun 14, 2014 - outsourced SAP system copy process created problems that led IT ... processes and continuous improvement.

Cybersecurity Fundamentals Glossary - isaca
3. is determined to maintain the level of interaction needed to execute its objectives. Cybersecurity .... Scope Note: T